ITEM 1A. RISK FACTORS
An investment in our securities is subject to certain risks. In addition to the other information in this report, investors should carefully consider the following discussion of significant risks and uncertainties before making investment decisions about our securities. The events and consequences discussed in these risk factors could, in circumstances we may or may not be able to accurately predict, recognize, or control, have a material adverse effect on our business, growth, reputation, prospects, financial condition, operating results (including components of our financial results) liquidity, and stock price. Any of these risk factors could cause our actual results to differ materially from our historical results or the results contemplated by the forward-looking statements contained in this report. These risk factors do not identify all risks that we face; our operations could also be affected by factors, events, or uncertainties that are not presently known to us or that we currently do not consider to present significant risks to our operations.
Risks Related to the Nature and Geographic Area of Our Business
The majority of our assets are loans, which are subject to credit risks.
As a lender, we face a significant risk that we will sustain losses because borrowers, guarantors or related parties may fail to perform in accordance with the terms of the loans we make or acquire. Our earnings are significantly affected by our ability to properly originate, underwrite and service loans. Certain of our credit exposures are concentrated in industries that may be more susceptible to the long-term risks of climate change, natural disasters or global pandemics. To the extent that these risks may have a negative impact on the financial condition of borrowers, it could also have a material adverse effect on our business, financial condition and results of operations. We have underwriting and credit monitoring procedures and credit policies, including the establishment and review of the allowance for credit losses, that we believe appropriately address this risk by assessing the likelihood of nonperformance, tracking loan performance and diversifying our respective loan portfolios. Such policies and procedures, however, may not prevent unexpected losses that could adversely affect our results of operations. We could sustain losses if we incorrectly assess the creditworthiness of our borrowers or fail to detect or respond to deterioration in asset quality in a timely manner or as a result of deteriorating economic conditions, for example.
Our allowance for credit losses may not be adequate to cover actual losses.
Like other financial institutions, we maintain an allowance for credit losses to provide for loan defaults and non-performance. Our allowance for credit losses may not be adequate to cover actual loan losses, and future provisions for loan losses would reduce our earnings and could materially and adversely affect our business, financial condition and results of operations. Our allowance for credit losses is based on prior experience, as well as an evaluation of the known risks in the current portfolio, composition and growth of the loan portfolio and actual and forecast economic factors. Determining an appropriate level of allowance is an inherently difficult process and is based on numerous
11 TriCo Bancshares 2025 10-K
Table of Contents
assumptions. The actual amount of future losses is susceptible to changes in economic, operating and other conditions, including changes in interest rates, unemployment and a number of other economic conditions that may be beyond our control and these losses may exceed current estimates. Effective January 1, 2020, we implemented a new accounting standard, “Measurement of Credit Losses on Financial Instruments,” commonly referred to as the “Current Expected Credit Losses” standard, or “CECL.” CECL changed the allowance for credit losses methodology from an incurred loss concept to an expected loss concept, which is more dependent on future economic forecasts, assumptions and models than previous methodology, which could result in increases and add volatility to our allowance for credit losses and future provisions for loan losses. These forecasts, assumptions and models are inherently uncertain and are based upon our management’s reasonable judgment in light of information currently available.
In addition to periodic reviews completed by management and independent third parties retained by us, Federal and state bank regulatory agencies, as an integral part of their examination process, review our loans and allowance for credit losses. While we believe that our allowance for credit losses is adequate to cover estimated future losses, we cannot assure you that we will not increase the allowance for credit losses further or that the allowance will be adequate to absorb credit losses we actually incur. Credit losses in excess of our allowance or addition provisions to our allowance would reduce our net income and capital, potentially materially.
Our business may be adversely affected by business conditions in California.
We conduct most of our business in California. As a result of this geographic concentration, our financial results may be impacted by economic conditions in California. Deterioration in the economic conditions in California could result in the following consequences, any of which could have a material adverse effect on our business, financial condition, results of operations and cash flows:
• problem assets and foreclosures may increase,
• demand for our products and services may decline,
• low cost or non-interest-bearing deposits may continue to decrease, and
• collateral for loans made by us, especially real estate, may experience a decline in value and/or cash flows, in turn reducing customers’ borrowing or repayment ability, and reducing the value of assets and collateral associated with our existing loans.
In view of the concentration of our operations and the collateral securing our loan portfolio in California, we may be particularly susceptible to the adverse effects of any of these consequences, any of which could have a material adverse effect on our business, financial condition, results of operations and cash flows.
Severe weather, natural disasters and other external events could adversely affect our business.
Our operations and our customer base are primarily located in California where natural and other disasters may occur. California is vulnerable to natural disasters and other risks, such as earthquakes, fires, droughts and floods, the nature and severity of which may be impacted by climate change. These types of natural catastrophic events have at times disrupted the local economies, our business and customers in these regions. Such events could also affect the stability of our deposit base, impact real estate values, impair the ability of borrowers to obtain adequate insurance or repay outstanding loans, impair the value of collateral securing loans and cause significant property damage, result in losses of revenue and/or cause us to incur additional expenses. In addition, catastrophic events occurring in other regions of the world may have an impact on our customers and in turn, on us. Our business continuity and recovery plans may not be upon the occurrence of one of these scenarios, and a significant event anywhere in the world could materially affect our operating results.
A significant majority of the loans in our portfolio are secured by California real estate and a decline in real estate values could hurt our business.
A downturn in real estate values in the markets which we conduct our business in California could hurt our business because most of our loans are secured by real estate. Real estate values and real estate markets are generally affected by changes in national, regional or local economic conditions, fluctuations in interest rates and the availability of loans to potential purchasers, changes in tax laws and other governmental statutes, regulations and policies. As real estate prices decline, the value of real estate collateral securing our loans is reduced. As a result, our ability to recover on defaulted loans by foreclosing and selling the real estate collateral could then be diminished and we would be more likely to suffer losses on defaulted loans. As of December 31, 2025, approximately 92.8% of the book value of our loan portfolio consisted of loans collateralized by various types of real estate. Substantially all of our real estate collateral is located in California; therefore, if there is a significant adverse in real estate values in California, the collateral for our loans will provide less security. Any such could have a material effect on our business, financial condition and results of operations.
We have significant exposure to risks associated with commercial real estate lending.
A substantial portion of our loan portfolio consists of commercial real estate loans. As of December 31, 2025, we had approximately $4.6 billion of commercial real estate loans outstanding, which represented approximately 67.6% of our total loan portfolio. Consequently, commercial real estate-related credit risks are a significant concern for us. Commercial real estate loans are generally viewed as having more risk of default than some other types of loans because repayment of the loans often depends on the successful operation of the property and the income stream of the borrowers. In addition, these loans often involve larger loan balances to single borrowers or groups of related borrowers compared with other types of loans. In recent years, commercial real estate markets have been particularly impacted by the economic disruption resulting from the COVID-19 pandemic, which has been a catalyst for the evolution of various remote work options which could impact the vacancy rates and the long-term vacancy performance of some types of office properties within our commercial real estate portfolio. Accordingly, the federal banking regulatory agencies have expressed concerns about weaknesses in the current commercial
12 TriCo Bancshares 2025 10-K
Table of Contents
real estate market. The adverse consequences from real estate-related credit risks tend to be cyclical and are often driven by national economic developments that are not controllable or entirely foreseeable by us or our borrowers.
We are exposed to the risk of environmental liabilities with respect to properties to which we take title.
In the course of our business, we foreclose and take title to real estate. As a result, we could be subject to environmental liabilities with respect to these properties. We may be held liable to a governmental entity or to third parties for property damage, personal injury, investigation and clean-up costs incurred by these parties in connection with environmental contamination, or may be required to investigate or clean-up hazardous or toxic substances, or chemical releases at a property. The costs associated with investigation or remediation activities could be substantial. In addition, if we are the owner or former owner of a contaminated site, we may be subject to common law or contractual claims by third parties (including purchasers of a property) based on damages and costs resulting from environmental contamination emanating from the property. When applicable, we establish contingent liability reserves for this purpose based on future reasonable and estimable costs developed by qualified soil and chemical engineering consultants. If we become subject to significant environmental liabilities or if our contingency reserve estimates are , our business, financial condition and results of operations could be materially affected.
We face strong competition from financial services companies and other companies that offer similar services, which could materially and adversely affect our business.
Competition in the banking and financial services industry is intense. Our profitability depends upon our continued ability to successfully compete. We primarily compete in California for loans, deposits and customers with commercial banks, savings and loan associations, credit unions, finance companies, mutual funds, insurance companies, brokerage firms and Internet-based marketplace lending platforms. Our competitors include major financial companies whose greater resources may afford them a marketplace advantage by enabling them to maintain numerous locations and mount extensive promotional and advertising campaigns. Additionally, banks and other financial institutions with larger capitalization and financial intermediaries that are not subject to bank regulatory restrictions may have larger lending limits which would allow them to serve the credit needs of larger customers. Areas of competition include interest rates for loans and deposits, efforts to obtain loan and deposit customers and a range in quality of products and services provided, including new technology-driven products and services. Technological innovation continues to contribute to greater competition in domestic and international financial services markets as technological advances more companies, such as Internet-based marketplace lenders, financial technology (or “fintech”) companies that rely on technology to provide financial services, often without many of the regulatory and capital restrictions that we face. We also face competition from out-of-state financial intermediaries that have opened loan production offices or that solicit deposits in our market areas. If we are to attract and retain banking customers, we may be to continue our loan growth and level of deposits and our business, financial condition and results of operations be affected.
Additionally, consumers can maintain funds that would have historically been held as bank deposits in brokerage accounts or mutual funds. Consumers can also complete transactions such as paying bills and/or transferring funds directly without the assistance of banks. The growing experimentation with and adoption of advanced technologies—such as AI, quantum computing, distributed ledgers, tokenized deposits, blockchain, stablecoins, and other digital currencies, including the potential issuance, acceptance, and integration of central bank digital currencies—has the potential to fundamentally reshape the financial services landscape. Regulatory developments related to these emerging technologies, including the recent enactment of the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025 (“GENIUS Act”) and the potential passage of the Digital Asset Market Clarity Act of 2025 (“CLARITY Act”), further underscore this shift. This the emergence, adoption and evolution of new technologies that do not require intermediation, as well as advances in robotic process automation, could significantly affect the competition for financial services. The process of eliminating banks as intermediaries, known as “disintermediation,” could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. Failure to keep pace with technological could affect our competitive position, customer , and reduce the accessibility and relevance of our products and services.
Our ability to compete successfully depends on a number of factors, including, among other things, (i) the ability to develop, maintain and build long-term customer relationships based on top quality service, high ethical standards and safe, sound assets; (ii) the ability to expand within our marketplace and with our market position; (iii) the scope, relevance and pricing of products and services offered to meet customer needs and demands; (iv) the rate at which we introduce new products and services relative to our competitors; (v) customer satisfaction with our level of service; and (vi) industry and general economic trends. Failure to perform in any of these areas could significantly weaken our competitive position, which could adversely affect our growth and profitability, which, in turn, could have a material adverse effect on our business, financial condition and results of operations.
Challenges experienced by other financial institutions could negatively impact the broader financial markets and, in turn, indirectly have an adverse effect on our operations.
The soundness and stability of many financial institutions are often closely interconnected through various credit, trading, clearing, or other operational relationships. As a result, concerns regarding—or an actual or threatened default by—any single institution could lead to widespread liquidity and credit problems, losses, or defaults across the broader financial system. This phenomenon, commonly referred to as “systemic risk,” may adversely affect financial intermediaries such as clearing agencies, clearing houses, banks, securities firms, and exchanges with which we regularly engage, and may therefore negatively impact our operations.
Events in the financial services industry during 2023 illustrated this dynamic. A number of regional and community banks experienced deposit outflows and heightened liquidity pressures, which in turn contributed to broad market concerns about the financial condition and creditworthiness of other institutions. Although we were not directly affected by these bank failures, the resulting speed and ease in which
13 TriCo Bancshares 2025 10-K
Table of Contents
news or rumors, including social media commentary, led depositors to withdraw or attempt to withdraw their funds from these and other financial institutions caused the stock prices of many financial institutions to become volatile, in particular regional, as well as community banks like us. Notably, the Company’s share price decreased by 17% during the month of March 2023, consistent with other community banking organizations. These developments resulted in—and similar occurrences may again result in—significant and cascading disruptions across financial markets and the deposit environment, increased operating costs, reduced fee income, and increased volatility and downward pressure on the market value of our common stock.
We may need to raise additional capital, but it may not be available on acceptable terms or at all.
We are required by federal and state regulators to maintain adequate levels of capital. We may need to raise additional capital in the future to meet regulatory or other internal requirements. Our ability to raise additional capital, if needed, will depend on, among other things, conditions in the capital markets at that time, which are outside of our control, and our financial performance.
We cannot provide any assurance that access to such capital will be available to us on acceptable terms or at all. An event that may limit our access to the capital markets, such as a decline in the confidence of investors or counter-parties participating in the capital markets, may materially and adversely affect our capital costs and our ability to raise capital and, in turn, our liquidity. Further, if we need to raise capital in the future, we may have to do so when many other financial institutions are also seeking to raise capital and we would then have to compete with those institutions for investors. The inability to raise additional capital on acceptable terms when needed could have a materially adverse effect on our business, financial condition, or results of operations.
Adverse changes in economic or market conditions, including health-related events, may hurt our businesses.
Our success depends, to a certain extent, upon local, national and global economic and political conditions, as well as governmental monetary policies. Conditions such as an economic recession, pandemics, rising unemployment, adverse immigration policies impacting the labor market (notably agriculture), inflation, changes in interest rates, declines in asset values and other factors beyond our control may adversely affect our asset quality, deposit levels and our net income. Adverse changes in the economy may also have a negative effect on the demand for new loans and the ability of our existing borrowers to make timely repayments of their loans, which could adversely impact our growth and earnings. Economic and market conditions may also be affected by political developments in the U.S. and other countries and global conflicts, such the conflicts in Ukraine and the Middle East. Uncertainty about the federal fiscal policymaking process, the fiscal outlook of the federal government, government , and future tax rates is a for businesses, consumers and investors in the United States. If these conditions continue for a period or result in sustained economic or , many of the risk factors identified in our Form 10-K could be and such effects could have a material impact on us in a number of ways related to credit, collateral, customer demand, funding, operations, interest rate risk, and human capital, as described in this document.
If the United States economy weakens or does not improve, our growth and profitability from our lending, deposit and investment operations could be constrained. Any of these potential outcomes could cause us to suffer losses in our investment securities portfolio, reduce our liquidity and capital levels, hamper our ability to deliver products and services to our clients and customers, and weaken our results of operations and financial condition.
Risks Related to Interest Rates
Our business is subject to interest rate risk and variations in interest rates may negatively affect our financial performance.
Our profitability is dependent to a large extent on our net interest income, which is the difference between interest income we earn as a result of interest paid to us on loans and investments and interest we pay to third-parties such as our depositors and those from which we borrow funds. Like most financial institutions, we are highly sensitive to many factors that are beyond our control, including general economic conditions and policies of various governmental and regulatory agencies and, in particular, the Federal Reserve Board. Changes in monetary policy, including changes in interest rates, could influence not only the interest we receive on loans and securities and the amount of interest we pay on deposits and borrowings, but such changes could also affect (i) our ability to originate loans and obtain deposits, (ii) the fair value of our financial assets and liabilities, (iii) the average duration of our securities portfolio, (iv) the value of our loan servicing rights, and (v) the slope of the overall yield curve and its impact on the value of the investment portfolio and reinvestment income. If the interest rates paid on deposits and other borrowings increase at a faster rate than the interest rates received on loans and investments, our net interest income, and earnings, could be adversely affected. Earnings could also be adversely affected if the interest rates received on loans and investments fall more quickly than the interest rates paid on deposits and other borrowings.
After an extended period at a target rate of 0-0.25%, the FRB began aggressively increasing interest rates in March 2022 and continuing into 2023. In late 2024, the FRB began lowering rates as inflationary pressure started to ease, and in late 2025, the FRB again lowered rates. However, the economic and inflationary outlook continues to remain uncertain. If the FRB were to reverse course and rapidly increase rates, the increase could result in further declines in the fair market values of long duration fixed rate investment securities, constrain our interest rate spread and may adversely affect our business forecasts. Increases in interest rates can have negative impacts on our business, including reducing our customers’ desire to borrow money from us or adversely affecting their ability to repay their outstanding loans by increasing their debt obligations through the periodic reset of adjustable interest rate loans. If our borrowers’ ability to pay their loans is impaired by increasing interest payment obligations, our level of non-performing assets would increase, producing an adverse effect on operating results. Asset values, especially commercial real estate as collateral, securities or other fixed rate earning assets, can significantly with relatively minor changes in interest rates. Conversely, decreases in interest rates can affect the amount of interest we earn on our loans and investment securities, which could have a material effect on our financial condition and results of operations.
14 TriCo Bancshares 2025 10-K
Table of Contents
Elevated inflation and expectations for elevated future inflation can adversely impact economic growth, consumer and business confidence, and our financial condition and results. In addition, elevated inflation may cause unexpected changes in monetary policies and actions which may adversely affect confidence and the economy. Although we have implemented strategies that we believe reduce the potential effects of adverse changes in interest rates on our results of operations, these strategies may not always be successful. Any of these events could adversely affect our results of operations, financial condition and liquidity.
Reduction in the value, or impairment of our investment securities, can impact our earnings and common shareholders’ equity.
We maintained a balance of $2.0 billion, or approximately 21.1% of our assets, in investment securities at December 31, 2025. Changes in market interest rates can affect the fair value of these investment securities, with increasing interest rates generally resulting in a reduction of value. Although the reduction in value from temporary increases in market rates does not affect our income unless the security is sold, it does result in an unrealized loss recorded in accumulated other comprehensive income that can reduce our common stockholders’ equity. Further, we must periodically test our investment securities for other-than-temporary impairment in value. In assessing whether the impairment of investment securities is other-than-temporary, we consider the length of time and extent to which the fair value has been less than cost, the financial condition and near-term prospects of the issuer, and the intent and ability to retain our investment in the security for a period of time sufficient to allow for any anticipated recovery in fair value in the near term.
If we are required to sell securities to meet liquidity needs, we could realize significant losses.
As a result of increases in interest rates in 2023 and most of 2024, the market values of previously issued government and other debt securities declined in value, resulting in unrealized losses in our securities portfolio. While we anticipate that the scheduled cash flows generated from our investment portfolio will be adequate to support the liquidity needs of the Company, if we were required to sell these securities to expedite the generation of cash flows to meet liquidity needs, we may be required to realize significant losses, which could impair our capital and financial condition and adversely affect our results of operations. Further, while we have taken actions to maximize our sources of liquidity, there is no guarantee that such sources will be available or sufficient in the event of sudden liquidity needs.
Risks Related to Regulatory and Legal Matters
We operate in a highly regulated environment and we may be adversely affected by new laws and regulations or changes in existing laws and regulations. Any additional regulations are expected to increase our cost of operations. Furthermore, regulations may prevent or impair our ability to pay dividends, engage in acquisitions or operate in other ways.
We are subject to extensive regulation, supervision and examination by the DFPI, FDIC, and the FRB as well as regulations and policies of the CFPB. See "Item 1. Business - Regulation and Supervision" of this report for information on the regulation and supervision which governs our activities. Regulatory authorities have extensive discretion in their supervisory and enforcement activities, including the imposition of restrictions on our operations, the classification of our assets and determination of the level of our allowance for credit losses. Banking regulations or the actions of our banking regulators may limit our growth, earnings and the return to our shareholders by restricting certain of our activities, such as the payment of dividends to our shareholders, possible mergers with or acquisitions of or by other institutions, desired investments, loans and interest rates on loans, interest rates paid on deposits, service charges on deposit account transactions, the possible expansion or reduction of branch offices, and the ability to provide new products or services.
We also are subject to regulatory capital requirements. We could be subject to regulatory enforcement actions if any of our regulators determines for example, that we have violated a law or regulation, engaged in unsafe or unsound banking practice or lack adequate capital. Federal and state governments and regulators could pass legislation and adopt policies responsive to current credit conditions that would have an adverse effect on us and our financial performance. We cannot predict what changes, if any, will be made to existing federal and state legislation and regulations or the effect that such changes may have on our future business and earnings prospects. Any change in such regulation and oversight, whether in the form of regulatory policy, regulations, legislation or supervisory action, may have a material adverse impact on our operations, including the cost to conduct business.
Furthermore, the evolving landscape of legislative and regulatory actions, influenced by election cycles, introduces an additional layer of uncertainty for our operations. Elections can precipitate changes in government policies and regulations across various industries, potentially impacting our business. Uncertainty regarding potential changes in regulations or policies related to our industry may lead to increased costs of doing business and operational challenges. Economic conditions, including interest rates, inflation, and consumer spending, may be influenced by shifts in government leadership and policies, affecting our ability to maintain historical growth rates. Furthermore, the election process often introduces market volatility, impacting financial markets, currency exchange rates, and commodity prices. This volatility may pose risks to our financial performance, cost of capital, and access to funding.
While there have been significant revisions to the laws and regulations applicable to us that have been finalized in recent years, there are other rules to implement changes that have yet to be proposed or enacted by our regulators. The final timing, scope and impact of these changes to the regulatory framework applicable to financial institutions remains uncertain. Uncertainty exists with respect to new laws or regulations or changes in the interpretation or enforcement of existing laws or regulations, including potential deregulation in some areas. In addition, litigation challenging actions or regulations by federal or state authorities could, depending on the outcome, significantly affect the regulatory and supervisory framework affecting our operations. For more information on regulations to which we are subject and recent initiatives to reform financial institution regulation, see the “Regulation and Supervision” section in Item 1.
15 TriCo Bancshares 2025 10-K
Table of Contents
Risks Related to Our Growth and Expansion
Goodwill resulting from acquisitions may adversely affect our results of operations.
Our balance sheet contains a substantial level of goodwill and other intangible assets as a result of our acquisitions. Potential impairment of goodwill and amortization of other intangible assets could adversely affect our financial condition and results of operations. We assess our goodwill and other intangible assets and long-lived assets for impairment annually and more frequently when required by U.S. GAAP. We are required to record an impairment charge if circumstances indicate that the asset carrying values exceed their fair values. Our assessment of goodwill, other intangible assets, or long-lived assets could indicate that an impairment of the carrying value of such assets may have occurred that could result in a material, non-cash write-down of such assets, which could have a material adverse effect on our results of operations and future earnings.
Potential acquisitions may disrupt our business and dilute shareholder value, we may not be able to successfully consummate or integrate such acquisitions, and we may not realize the anticipated benefits contemplated when pursuing a potential acquisition.
The Company has in the past and may in the future pursue mergers and acquisition opportunities. Mergers and acquisitions involve a number of risks and uncertainties to us in addition to those presented by the nature of the business acquired, which may materially and adversely affect our results of operations. Our ability to analyze the risks presented by prospective acquisitions, as well as our ability to prepare in advance of closing for integration, may be limited to the extent that we cannot gather necessary or desirable information with respect to the business we are acquiring. We may also make certain assumptions related to an acquisition that may prove to be inaccurate that limit the anticipated benefits (such as cost savings from synergies or strategic gains or be able to offer enhanced product sets) or make the acquisition more expensive or take longer to complete and integrate than anticipated. Prior to closing an acquisition, prospective acquisition targets are also subject to their own risks that we cannot manage or control. Any acquisition could be dilutive to our earnings and shareholders' equity per share of our common stock.
Our ability to complete an acquisition may be dependent on regulatory agencies with responsibilities for reviewing or approving the transaction, which could delay, restrictively condition or result in denial of an acquisition, or otherwise limit the benefits of the acquisition. Changes in regulatory rules or standards or the application of those rules or standards, or future regulatory initiatives designed to mitigate risk or promote competition may also limit our ability to complete an acquisition. Further, once an acquisition is completed, it may be difficult for us to integrate the acquired business with our operations, and we may not see the anticipated benefits of any such acquisition.
If we cannot attract deposits, our growth may be inhibited.
We plan to increase the level of our assets, including our loan portfolio. Our ability to increase our assets depends in large part on our ability to attract additional deposits at favorable rates. We intend to seek additional deposits by offering deposit products that are competitive with those offered by other financial institutions in our markets and by establishing personal relationships with our customers. We cannot assure that these efforts will be successful. Our inability to attract additional deposits at competitive rates could have a material adverse effect on our business, financial condition and results of operations.
Our growth and expansion may strain our ability to manage our operations and our financial resources.
Our financial performance and profitability depend on our ability to execute our corporate growth strategy. In addition to seeking deposit and loan and lease growth in our existing markets, we may pursue expansion opportunities in new markets, enter into new lines of business or market areas or offer new products or services. Continued growth, however, may present operating and other problems that could adversely affect our business, financial condition and results of operations. Furthermore, any new line of business or market areas and/or new products or services could have a significant impact on the effectiveness of our system of internal controls. Accordingly, there can be no assurance that we will be able to execute our growth strategy or maintain the level of profitability that we have recently experienced.
Our growth may place a strain on our administrative, operational and financial resources and increase demands on our systems and controls. This business growth may require continued enhancements to and expansion of our operating and financial systems and controls and may strain or significantly challenge them. In addition, our existing operating and financial control systems and infrastructure may not be adequate to maintain and effectively monitor future growth. Our continued growth may also increase our need for qualified personnel. We cannot assure you that we will be successful in attracting, integrating and retaining such personnel.
We will become subject to increased regulation when we have more than $10 billion in total consolidated assets.
An insured depository institution with $10 billion or more in total assets is subject to supervision, examination, and enforcement with respect to consumer protection laws by the CFPB rather than its primary federal banking regulator. Under its current policies, the CFPB will assert jurisdiction in the first quarter after an insured depository institution’s call reports show total consolidated assets of $10 billion or more for four consecutive quarters. The Bank had slightly less than $10 billion in total assets at December 31, 2025, so it is possible that with only modest growth, the CFPB, instead of the FDIC, may soon have primary examination and enforcement authority over the Bank. As an independent bureau focused solely on consumer financial protection, the CFPB may interpret or enforce consumer protection laws more strictly or severely than the FDIC.
Additionally, other regulatory requirements apply to depository institutions and holding companies with $10 billion or more in total consolidated assets, including a cap on interchange transaction fees for debit cards, as required by Federal Reserve Board regulations, which would significantly reduce our interchange revenue, and restrictions on proprietary trading and investment and sponsorship in hedge
16 TriCo Bancshares 2025 10-K
Table of Contents
funds and private equity funds known as the Volcker Rule. See also "Item 1 - Business - Regulation and Supervision - Interchange Fees" in this report. Further, deposit insurance assessment rates are calculated differently, and may be higher, for insured depository institutions with $10 billion or more in total consolidated assets.
Risks Relating to Ownership of Our Common Stock
Our ability to pay dividends is subject to legal and regulatory restrictions.
Our ability to pay dividends to our shareholders is limited by California law and the policies and regulations of the FRB. The FRB has issued a policy statement on the payment of cash dividends by bank holding companies, which expresses the FRB’s view that a bank holding company should pay cash dividends only to the extent that its net income for the past year is sufficient to cover both the cash dividends and a rate of earnings retention that is consistent with the holding company’s capital needs, asset quality and overall financial condition. See “Item 1. Business - Regulation and Supervision – Restrictions on Dividends and Distributions.”
As a holding company with no significant assets other than the Bank, our ability to continue to pay dividends depends in large part upon the Bank’s ability to pay dividends to us. The Bank’s ability to pay dividends or make other capital distributions to us is subject to the restrictions in the California Financial Code.
Our ability to pay dividends to our shareholders and the ability of the Bank to pay in dividends to us are subject to the requirements that we and the Bank maintain a sufficient level of capital to be considered a “well capitalized” institution as well as a separate capital conservation buffer, as further described under “Item 1. Business - Supervision and Regulation — Regulatory Capital Requirements” in this report.
From time to time, we may become a party to financing agreements or other contractual arrangements that have the effect of limiting or prohibiting us or the Bank from declaring or paying dividends. Our holding company expenses and obligations with respect to our trust preferred securities and corresponding junior subordinated deferrable interest debentures issued by us may limit or impair our ability to declare or pay dividends.
Provisions of our governing documents and federal law may limit the ability of another party to acquire us, which could cause our stock price to decline.
Various provisions of our articles of incorporation and bylaws could delay or prevent a third party from acquiring us, even if doing so might be beneficial to our shareholders. These provisions provide for, among other things, specified factors that the Board of Directors shall or may consider when evaluating an offer to merge, an offer to acquire all assets or a tender offer is received; advance notice provisions for director nominations and shareholder proposals; and the authority to issue preferred stock by action of the board of directors acting alone, without obtaining shareholder approval.
The BHC Act and the Change in Bank Control Act of 1978, as amended, together with federal regulations, require that, depending on the particular circumstances, either FRB approval must be obtained or notice must be furnished to the Federal Reserve Board and not disapproved prior to any person or entity acquiring “control” of a bank holding company such as TriCo. These provisions may prevent a merger or acquisition that would be attractive to shareholders and could limit the price investors would be willing to pay in the future for our common stock
Holders of our junior subordinated debentures have rights that are senior to those of our shareholders.
We have supported our growth through the prior issuance of trust preferred securities from special purpose trusts and accompanying junior subordinated debentures. At December 31, 2025, we had outstanding trust preferred securities and accompanying junior subordinated debentures with principal amount of $41.2 million. Payments of the principal and interest on the trust preferred securities are conditionally guaranteed by us. Further, the accompanying junior subordinated debentures we issued to the trusts are senior to our shares of common stock. As a result, we must make payments on the junior subordinated debentures before we can pay any dividends on our common stock and, in the event of our bankruptcy, dissolution or liquidation, the holders of the junior subordinated debentures must be satisfied before any distributions can be made on our common stock.
Risks Relating to Operations, Technology Systems, Accounting and Internal Controls
If we fail to maintain an effective system of internal and disclosure controls, we may not be able to accurately report our financial results or prevent fraud. As a result, current and potential shareholders could lose confidence in our financial reporting, which would harm our business and the trading price of our securities.
Effective internal control over financial reporting and disclosure controls and procedures are necessary for us to provide reliable financial reports and effectively prevent fraud and to operate successfully as a public company. If we cannot provide reliable financial reports or prevent fraud, our reputation and operating results would be harmed. We continually review and analyze our internal control over financial reporting for Sarbanes-Oxley Section 404 compliance. As part of that process we may discover material weaknesses or significant deficiencies in our internal controls. Any failure to maintain effective controls or timely effect any necessary improvement of our internal and disclosure controls could harm operating results or cause us to fail to meet our reporting obligations, which could affect our ability to remain listed with Nasdaq. Ineffective internal and disclosure controls could also cause investors to confidence in our reported financial information, which would likely have a effect on the trading price of our securities.
17 TriCo Bancshares 2025 10-K
Table of Contents
We experienced a criminal cyberattack in February 2023, which resulted in the temporary interruption of our systems, disclosure of certain confidential information, litigation and governmental inquiries, all of which could damage our reputation or create additional financial and legal exposure.
As previously disclosed in the Current Report on Form 8-K we filed on February 14, 2023, the Bank experienced a cybersecurity incident in February 2023. After detecting unusual network activity, we shut down networked systems by taking them offline, which prevented access to internal systems, data and telephones for a limited period of time. We immediately launched an investigation and notified law enforcement and banking regulators. A digital forensics firm was engaged to help determine the scope of the incident and identify potentially impacted data. We received a demand for ransom from a party claiming responsibility for the incident. The Bank’s core banking systems, including those that facilitate loan and deposit related transactions, were not affected and the Bank’s resumed customer facing operations within two days. However, the Bank’s internal system/server access as well as communication capabilities, including e-mail correspondence and telephones, required approximately one week of time for the restoration process to be completed in a safe and secure environment. The Company restored its systems without paying ransom.
The Bank worked with third-party forensic investigators to understand the nature and scope of the incident and to determine what and how much information was impacted. The Bank determined that its internal computer network had been infected with malware which prevented access to certain files on the network. Through its investigation, the Bank determined that an unauthorized actor illegally accessed and acquired data from certain systems, including the personal information of approximately 75,000 individuals, including certain current and former customers, individuals related to current and former customers, current and former employees and their dependents, and others. While the information impacted varied by individual, the types of information that were impacted included name, social security number, driver’s license number, state identification number, financial account information, medical information, health insurance information, date of birth, passport number, digital/electronic signature, tax information, tax identification number, access credentials, and mother’s maiden name. The Bank notified and will continue to notify impacted individuals consistent with state and federal requirements and the Bank is offered impacted individuals credit restoration services and 24 months of credit monitoring services at no cost. The Bank issued a press release regarding this event and posted notice of this event on its website.
As a result of the 2023 cyberattack, we have incurred and may continue to incur significant costs or experience other material financial impacts, which may not be covered by, or may exceed the coverage limits of, our cyber liability insurance, and such costs and impacts may have a material adverse effect on our business, reputation, financial condition and operating results. These risks may stem from litigation or governmental inquiries litigation to which we currently are or may become subject in connection with this incident, and the extent of remediation and other additional costs that may be incurred by us.
We face three purported class action lawsuits numerous lawsuits related to the 2023 cyberattack that have been filed in California Superior Court for the Counties of Contra Costa and Butte, seeking unspecified monetary damages, equitable relief, costs and attorneys’ fees. The lawsuits were consolidated ( Donna Dryden v. Tri Counties Bank et. al. , Superior Court of State of California - Butte County, 23-CV-03115) and allege breach of contract, negligence, violations of various privacy laws and a variety of other legal causes of action. Following mediation, the parties entered into a settlement agreement and on January 21, 2026, the court preliminarily approved the agreement. The Class is being notified by mail and we and hope to resolve this litigation quickly. The cost of the settlement is expected to be covered by insurance. However, we are unable to predict whether we may be subject to further private . In addition, the Company received inquiries from various government authorities related to the 2023 , which could result in sanctions, or . We responded to these inquiries and cooperated fully. However, we cannot predict the timing or outcome of any of these inquiries, or whether we may be subject to further governmental inquiries.
Given the uncertainties about any further impacts of the incident, including the inherent uncertainties involved in litigation, contractual obligations, government investigations and regulatory enforcement decisions, we face the risk that outcomes from these risks could have a material adverse effect on our reputation, business and/or financial condition. In addition, litigation, government interventions, and negative media reports and any resulting damage to our reputation or loss of confidence in the security of our systems could adversely affect our business. It is possible that we could incur losses associated with these proceedings and inquiries, and the Company will continue to evaluate information as it becomes known and will record an estimate for losses at the time or times when it is both probable that a loss has been incurred and the amount of the is reasonably estimable. While we believe we have adequate insurance to cover most of the costs of the , ongoing legal and other costs related to these proceedings and inquiries, as well as any potential future proceedings and inquiries, may be substantial, and associated with any judgments, settlements, or other resolutions of such proceedings and inquiries could be material to our business, reputation, financial condition and operating results.
We face the risk that failures or breaches, including cyberattacks, of our operational or security systems or of those of our customers or vendors, could disrupt our business, result in the disclosure of confidential information, damage our reputation, and create significant financial and legal exposure.
The Company, our customers, our vendors, and other third parties have experienced security breaches and cyber attacks in the past, and it is inevitable that additional breaches and attacks will occur in the future. While such breaches and attacks have not materially impacted the Company to date, future security breaches and cyber attacks could result in serious and harmful consequences for us or our clients and customers. A principal reason that we cannot provide absolute security against cyber attacks is that we may not always be possible to anticipate, detect or recognize threats to the Company’s systems, or to implement effective preventive measures against all breaches because: the techniques used in cyber attacks evolve frequently and are increasingly sophisticated, and therefore may not be recognized until launched; cyber attacks can originate from a wide variety of sources, including our own employees, cyber-, hacktivists, groups
18 TriCo Bancshares 2025 10-K
Table of Contents
linked to terrorist organizations or hostile countries, or third parties whose objective is to disrupt the operations of financial institutions more generally; we do not have control over the cybersecurity of the systems of the large number of clients, customers, counterparties and third-party service providers with which we do business; and it is possible that a third party, after establishing a foothold on an internal network without being detected, might obtain access to other networks and systems. The risk of a security breach due to a cyber attack could increase in the future due to factors such as: our ongoing expansion of mobile and digital banking and other internet-based products and applications, and the increased use of remote access to facilitate remote arrangements for employees, vendors and other third parties. In addition, a third party could misappropriate confidential information obtained by intercepting signals or communications from mobile devices used by our employees. The techniques used in cyber attacks and breaches change rapidly and are increasingly sophisticated, including through the use of generative AI and deepfakes, and we expect additional risks in the future through the use of quantum computing, and we may not be able to anticipate cyber attacks or other data security . Additionally, cyber attacks and in some cases appear to be supported by foreign governments or other well-financed entities and often originate from less regulated and remote areas of the world. We have seen a higher volume and complexity of attacks during times of increased geopolitical tensions. A penetration or of the security of our systems or the systems of a vendor, governmental body or another market participant could cause consequences, including: significant of our operations and those of our clients, customers and counterparties, including: access to operational systems; of our confidential information or that of our clients, customers, counterparties, employees, regulators, or other individuals; of or to our systems and those of our clients, customers and counterparties; the , or extended in the ability, to fully recover and restore data that has been , or or the to prevent systems from processing transactions; or by the Company of applicable privacy and other laws; financial to us or to our clients, customers, counterparties, employees, or others; of confidence in our cybersecurity and business resiliency measures; among our clients, customers or counterparties; significant exposure to and regulatory , or other sanctions; and to our reputation, all of which could have a material effect on us. If personal, confidential or proprietary information of customers or others in the Bank’s or such vendors’ or other third-parties’ possession were to be or , we could significant regulatory consequences, reputational and financial , as discussed earlier regarding the Bank's 2023 . The extent of a particular cyber attack and the steps that we may need to take to the attack may not be immediately clear, and it may take a significant amount of time before such an or determination, judicial or otherwise, can be completed. While such an is ongoing, we may not necessarily know the full extent of the caused by the cyber attack, and that may continue to spread. These factors may inhibit our ability to provide rapid, full and reliable information about the cyber attack to its clients, customers, counterparties and regulators, and the public. Furthermore, it may not be clear how to contain and remediate the caused by the cyber attack, and certain or actions could be repeated or compounded before they are discovered and remediated. Any or all of these factors could further increase the costs and consequences of a cyber attack.
In addition to threats from external sources, insider threats represent a significant risk to us. Insiders, including those having legitimate access to our information, communications systems and other technology and the information contained therein, have the easiest opportunity to make inappropriate use of their access. Addressing that risk requires understanding not only how to protect us from unauthorized use and disclosure of data, but also how to engage behavioral analytics and other tools to identify potential internal threats before any damage is done. As more work is conducted outside of our facilities, the risk of improper access to our network or confidential information has increased, including for reasons such as a failure by an employee or contractor to secure a device with Company access.
Although we devote significant resources to maintain and regularly upgrade our systems and processes that are designed to protect the security of our computer systems, software, networks, and other technology assets and the confidentiality, integrity, and availability of information belonging to us and our customers, there is no assurance that our security measures will be sufficient. We have implemented employee and customer awareness training regarding phishing, malware, and other cyber risks, however there can be no assurances that this training will be effective or sufficient. Furthermore, these risks are expected to increase in the future as we continue to increase our electronic payments and other internet-based product offerings and expand our internal usage of web-based products and applications.
Our procedures and safeguards to prevent unauthorized access to confidential information and to defend against cyberattacks seeking to disrupt our operations must be continually evaluated and enhanced to address the ever-evolving threat landscape and changing cybersecurity regulations. These preventative actions require the investment of significant resources and management time and attention. Nevertheless, we may not be able to anticipate, prevent, timely detect and/or effectively remediate all security breaches.
Any inability to prevent or adequately respond to the issues described above could disrupt the Company’s business, inhibit its ability to retain existing customers or attract new customers, otherwise harm its reputation and/or result in financial losses, litigation, increased costs or other adverse consequences that could be material to the Company.
Our reliance on third-party vendors exposes us to risks, including additional cybersecurity risks.
Third-party vendors provide key components of our business infrastructure, including certain data processing and information services. On our behalf, third parties may transmit confidential, propriety information. Some of these third parties may engage vendors of their own, which introduces the risk that these "fourth parties" could be the source of operational and/or security failures. Although we require third-party providers and these fourth-party vendors to maintain certain levels of information security, such providers may remain vulnerable to breaches, unauthorized access, misuse, computer viruses, or other malicious attacks that could ultimately compromise sensitive information. Additionally, we do not have control of the cybersecurity systems, breach prevention, and response protocols of our third- or fourth-party vendors, including through our cybersecurity programs or policies. While the Company may have contractual rights to assess the effectiveness of many of our providers’ systems and protocols, we do not have the means to know or assess the effectiveness of all of our providers’ systems and controls at all times. We cannot provide any assurances that actions taken by us, or our third- or fourth-party vendors, including through our cybersecurity programs or policies, will prevent or substantially mitigate the impacts of cybersecurity or of confidential information, access to our networks or systems or third-or
19 TriCo Bancshares 2025 10-K
Table of Contents
fourth-party environments, or that we, or our third- or fourth-party vendors, will be able to effectively identify, investigate, and remediate such incidents in a timely manner or at all. While we may contractually limit our liability in connection with attacks against third-party providers, we remain exposed to the risk of loss associated with such vendors.
Furthermore, a number of our vendors are large national entities with dominant market presence in their respective fields. Their services could prove difficult to replace in a timely manner if a failure or other service interruption were to occur. Failures of certain vendors to provide contracted services could adversely affect our ability to deliver products and services to our customers and cause us to incur significant expense.
These types of third-party relationships are subject to evolving and increasingly demanding regulatory requirements and attention by our bank regulators. Regulatory guidance requires us to enhance our due diligence, ongoing monitoring and control over our third-party vendors and subcontractors and other ongoing third-party business relationships. In certain cases, we may be required to renegotiate our agreements with these vendors and/or their subcontractors to meet these enhanced requirements, which could increase our costs. If our regulators conclude that we have not exercised adequate oversight and control over our third-party vendors and subcontractors or other ongoing third-party business relationships, or that such third parties have not performed appropriately, we could be subject to enforcement actions, including the imposition of civil money penalties or other administrative or judicial penalties or fines as well as requirements for customer remediation.
We are subject to certain industry standards regarding our credit/debit card-related services. Failure to meet those standards may significantly impact our ability to offer these services.
We are subject to the PCI-DSS, issued by the Payment Card Industry Security Standards Council. PCI-DSS contains compliance guidelines with regard to our security surrounding the physical and electronic storage, processing and transmission of cardholder data. Compliance with PCI-DSS and implementing related procedures, technology and information security measures requires significant resources and ongoing attention. Costs and potential problems and interruptions associated with the implementation of new or upgraded systems and technology, such as those necessary to achieve compliance with PCI-DSS or with maintenance or adequate support of existing systems could also disrupt or reduce the efficiency of our operations. Any material interruptions or failures in our payment-related systems or third parties that we rely upon could have a material adverse effect on our business, results of operations and financial condition. If there are amendments to PCI-DSS, the cost of compliance could increase, and we may suffer loss of data and or in our operations as a result. If we or our service providers are to comply with the standards imposed by PCI-DSS, we may be subject to and restrictions on our ability to offer certain services, which could materially and affect our business.
Our business is highly reliant on technology and our ability and our third-party service providers to manage the operational risks associated with technology.
Our business involves storing and processing sensitive consumer and business customer data. We depend on internal systems, third-party service providers, cloud services and outsourced technology to support these data storage and processing operations. In addition, cloud technologies are also critical to the operation of our systems, and our reliance on cloud technologies is growing. Despite our efforts to ensure the security and integrity of our systems, we may not be able to anticipate, detect or recognize threats to our systems or those of third-party service providers or to implement effective preventive measures against all cybersecurity breaches. Cyberattack techniques change regularly and can originate from a wide variety of sources, including third parties who are or may be involved in organized crime or linked to terrorist organizations or hostile foreign governments, and such third parties may seek to access to systems directly or using equipment or security passwords belonging to employees, customers, third-party service providers or other users of our systems. These risks may increase in the future as we continue to increase our mobile, digital and other internet-based product offerings and expand our internal usage of web-based products and applications. A cybersecurity or could for a long time before being detected and could result in theft of sensitive data or of our transaction processing systems.
Our inability to use or access these information systems at critical points in time could unfavorably impact the timeliness and efficiency of our business operations. A breach of customer data security such as the breach of customer data in connection with the February 2023 cyberattack discussed above, may negatively impact our business reputation and cause a loss of customers. This event has resulted in increased expenses to contain the event, to notify impacted individuals and provide them with credit monitoring services, and to defend / respond to litigation. Cybersecurity risk management programs are expensive to maintain and will not protect us from all risks associated with maintaining the security of customer data and our proprietary data from external and internal intrusions, disaster recovery and failures in the controls used by our vendors.
Cybersecurity and data privacy are areas of heightened legislative and regulatory focus.
As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. The federal bank regulatory agencies have proposed enhanced cyber risk management standards, which would apply to a wide range of large financial institutions and their third-party service providers, including us, and would focus on cyber risk governance and management, management of internal and external dependencies, incident response, cyber resilience and situational awareness. Several states have also proposed or adopted cybersecurity legislation and regulations, which require, among other things, notification to affected individuals when there has been a security breach of their personal data. For more information regarding cybersecurity regulation, refer to "Item 1. Business - Supervision and Regulation.”
20 TriCo Bancshares 2025 10-K
Table of Contents
We receive, maintain and store non-public personal information of our customers and counterparties, including, but not limited to, personally identifiable information and personal financial information. The sharing, use, disclosure, and protection of this information are governed by federal and state law. Both personally identifiable information and personal financial information is increasingly subject to legislation and regulation, the intent of which is to protect the privacy of personal information that is collected and handled. For more information regarding data privacy regulation, refer to “Item 1. Business - Supervision and Regulation.”
We may become subject to new legislation or regulation concerning cybersecurity or the privacy of personally identifiable information and personal financial information or of any other information we may store or maintain. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to alter our systems or require changes to our business practices or privacy policies. If new or existing cybersecurity, data privacy, data protection, data transfer or data retention laws are implemented, interpreted or applied in a manner inconsistent with our current practices, including as a result of the network security incident discussed above, we may be subject to fines, litigation or regulatory enforcement actions or ordered to change our business practices, policies or systems in a manner that adversely impacts our operating results. In addition, any additional laws and regulatory enforcement measures will result in increased compliance costs.
A failure to implement technological advances could negatively impact our business.
The banking industry is undergoing technological changes with frequent introductions of new technology-driven products and services. In addition to improving customer services, the effective use of technology increases efficiency and enables financial institutions to reduce costs. Our future success will depend, in part, on our ability to address the needs of our customers by using technology to provide products and services that will satisfy customer demands for convenience as well as to create additional efficiencies in our operations. Many of our competitors have substantially greater resources than we do to invest in technological improvements. We may not be able to effectively implement new technology-driven products and services or successfully market such products and services to our customers. In addition, advances in technology such as digital, mobile, telephone, text, and online banking; e-commerce; and self-service automatic teller machines and other equipment, as well as changing customer preferences to access our products and services through digital channels, could decrease the value of our branch network and other assets. We may close or sell certain branches and or reduce our remaining branches and work . These actions could lead to on assets, expense to reconfigure branches and of customers in certain markets. As a result, our business, financial condition or results of operations may be affected.
Our business is susceptible to fraud and conduct risk.
Our business exposes us to fraud risk from loan and deposit customers, the parties we do business with, as well as from employees, contractors and vendors. We rely on financial and other data from new and existing customers which could turn out to be fraudulent when accepting such customers, executing their financial transactions and making and purchasing loans and other financial assets. In times of increased economic stress we are at increased risk of fraud losses. We believe we have underwriting and operational controls in place to prevent or detect such fraud, but cannot provide assurance that these controls will be effective in detecting fraud or that we will not experience fraud losses or incur costs or other damage related to such fraud, at levels that affect financial results or reputation. Our lending customers may also experience in their businesses which could affect their ability to repay their loans or make use of services. The Company’s and its customers’ exposure to may increase our financial risk and reputation risk as it may result in loan that exceed those that have been provided for in the allowance for credit . In addition, we are subject to risk from the conduct of its employees, including the impact that can result from employee or by employees to conduct themselves in accordance with our policies, all of which could our reputation and result in of customers or other financial or us to increased regulatory or other risk.
New lines of business, products or services and technological advancements, like artificial intelligence, may subject us to additional risks.
From time to time, we implement new lines of business or offer new products and services within existing lines of business. There are substantial risks and uncertainties associated with these efforts, particularly in instances where the markets are not fully developed. In developing and marketing new lines of business and/or new products and services we invest significant time and resources. Initial timetables for the introduction and development of new lines of business and/or new products or services may not be achieved, and price and profitability targets may not prove feasible. External factors, such as compliance with regulations, competitive alternatives, and shifting market preferences, may also impact the successful implementation of a new line of business or a new product or service.
The financial services industry is continually undergoing rapid technological change with frequent introductions of new technology-driven products and services. Our future success depends, in part, upon our ability to address the needs of our customers by using technology to provide products and services that will satisfy customer demands, as well as to create additional efficiencies in our operations. Many of our competitors have substantially greater resources to invest in technological improvements. We may not be able to effectively implement new technology-driven products and services or be successful in marketing these products and services to our customers. In addition, our implementation of certain new technologies, such as those related to artificial intelligence ("AI"), automation and algorithms, in our business processes may have unintended consequences due to their limitations or our failure to use them effectively. In addition, the growing reliance on AI technologies by vendors, business partners, and technology solutions or applications introduces additional risks, including but not limited to: Algorithmic Bias that may result in discriminatory outcomes and our reputation, of proprietary and confidential information through use of AI technologies, access or of data could compromise the of our systems with AI dependency, evolving regulations and legal frameworks surrounding AI may pose to legal and financial consequences for non-compliance, and protecting the intellectual property associated with AI technologies may be , and use or by third parties could bring to our competitive position or reputation. Furthermore, cloud technologies are also to the operation of our systems, and our reliance on cloud technologies is growing. to keep pace with
21 TriCo Bancshares 2025 10-K
Table of Contents
technological change affecting the financial services industry could have a material adverse effect on our business, financial condition and results of operations.
Furthermore, any new line of business, new product or service and/or new technology could have a significant impact on the effectiveness of our system of internal controls. Failure to successfully manage these risks in the development and implementation of new lines of business, new products or services and/or new technologies could have a material adverse effect on our business, financial condition and results of operations.
The increased use and capacity of AI, Generative AI, large language models (LLMs), and AI agents by customers, vendors and competitors increases risks to our business.
The use and capacity of AI, Generative AI, LLMs and AI agents has increased in the past year and is being employed by customers, competitors, and vendors at increased rates. Many of these tools can increase cybersecurity risks, require specific technical expertise to operate, or expose information through open source code. These tools are being used by parties in various capacities, and employing these tools without sufficient knowledge or expertise of the power and risks associated with the tools can increase risks for the users. These tools are relatively new and there is potential of continued and/or increased adoption of legal and regulatory frameworks governing the use of these tools, by law, our primary banking regulators, other federal or state regulatory bodies, or other self-regulatory organizations.
The use of these tools by customers can increase the risk of exposure to their personal information and/or banking credentials which can result in increased opportunities for bad actors to initiate fraudulent activity with respect to a customer’s account(s). While we have implemented commercially reasonable policies and procedures to protect against fraudulent activity on the accounts of our customers, we cannot assure that such policies and procedures will prevent all fraudulent activity or capture activity that has been inadvertently been authorized by the customer. Such activity can result in financial liability and litigation risk to us and/or our customers, as well as harm to our reputation and negative impacts on our financial condition, results of our operations, business and prospects.
The use of these tools by vendors engaged by us can increase the risk of unauthorized use or disclosure of sensitive or confidential client or customer information and cyberattacks. In conducting due diligence of our vendors, we request information regarding how the vendor uses these tools and attempt to mitigate risks related to exposure by agreement with vendors. While these processes seek to mitigate risks associated with vendor use of these tools, we cannot eliminate this risk. Vendors may employ tools without realizing the risks associated with the tools, may have employees that use unauthorized technology tools that were not disclosed to us during our diligence process, or the tools that were disclosed may implement new services, features, or technologies that increase the exposure to cybersecurity risks. If a vendor engaged by us experienced a cyberattack related to use of these tools, or deliberately or inadvertently exposed sensitive or confidential client or customer information, we may experience financial liability and litigation risk to us and/or our customers, as well as to our reputation and impact on our financial condition, results of operations and business. Additionally, if any vendors incur additional costs related to any legal or regulatory framework adopted governing the use of such tools, we may face increased costs to engage such vendor, which could impact or financial condition and results of operations if we continue to use such vendor or as a result of costs incurred to find an alternative vendor.
The use of these tools by competitors may impair our ability to attract or retain business if our competitors are successful in their implementation. Failure to keep pace with these evolving technologies can have a negative impact on our financial condition, results of operations, business and prospects. In addition, if our competitors suffer any reputational harm as a result of the implementation of these evolving technologies, it could have a negative effect on the financial services industry as a whole and have a negative impact on our financial condition, results of operations, business and prospects. The increased use of these tools by competitors may also increase pressure to impose legal or regulatory frameworks regarding these tools, which could impact the financial services industry as a whole and cause us to incur increased costs to comply with such legal or regulatory frameworks, which may result in a negative impact on our financial condition, results of operations and business.
We are subject to claims and litigation pertaining to intellectual property.
We rely on technology companies to provide information technology products and services necessary to support our day-to-day operations. Technology companies frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they have purchased or otherwise obtained. Competitors of our vendors, or other individuals or companies, have from time to time claimed to hold intellectual property sold to us by its vendors. Such claims may increase in the future as the financial services sector becomes more reliant on information technology vendors. The plaintiffs in these actions frequently seek injunctions and substantial damages.
Regardless of the scope or validity of such patents or other intellectual property rights, or the merits of any claims by potential or actual litigants, we may have to engage in litigation that could be expensive, time-consuming, disruptive to our operations, and distracting to management. If we are found to infringe on one or more patents or other intellectual property rights, we may be required to pay substantial damages or royalties to a third-party. In certain cases, we may consider entering into licensing agreements for disputed intellectual property, although no assurance can be given that such licenses can be obtained on acceptable terms or that litigation will not occur. These licenses may also significantly increase our operating expenses. If legal matters related to intellectual property claims were resolved against us or settled, we could be required to make payments in amounts that could have a material effect on our business, financial condition and results of operations.
22 TriCo Bancshares 2025 10-K
Table of Contents
Our failure to comply with anti-money laundering and anti-terrorism financing laws could have significant adverse consequences for us.
The Bank Secrecy Act of 1970, the Patriot Act and other laws and regulations require financial institutions to institute and maintain an effective BSA/AML program, file suspicious activity reports and currency transaction reports and comply with other BSA/AML requirements. Our federal and state banking regulators regularly review our BSA/AML program. If FinCEN BSA/AML our program is deemed deficient, we could be subject to liability, including fines, civil money penalties and other regulatory enforcement actions, which may include restrictions on our business operations and our ability to pay dividends, restrictions on mergers and acquisitions activity, restrictions on expansion, and restrictions on entering new business lines. Our failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have significant reputational consequences for us and, in turn, could have a material adverse effect on our business, financial condition or results of operations.
We can be negatively affected if we fail to identify and address operational risks associated with the introduction of or changes to products, services and delivery platforms.
When we launch a new product or service, introduce a new platform for the delivery or distribution of products or services (including mobile connectivity and cloud computing), or make changes to an existing product, service or delivery platform, we may not fully appreciate or identify new operational risks that may arise from those changes, or may fail to implement adequate controls to mitigate the risks associated with those changes. Any significant failure in this regard could diminish our ability to operate one or more of our businesses or result in:
• potential liability to clients, counterparties and customers;
• increased operating expenses;
• higher litigation costs, including regulatory fines, penalties and other sanctions;
• damage to our reputation;
• impairment of our liquidity;
• regulatory intervention; or
• weaker competitive standing.
Any of the foregoing consequences could materially and adversely affect our businesses and results of operations.
Our business, financial condition and results of operations are subject to risk from changes in customer behavior.
Individual, economic, political, industry-specific conditions and other factors outside of our control, such as fuel prices, energy costs, real estate values, inflation, taxes or other factors that affect customer income levels, could alter anticipated customer behavior, including borrowing, repayment, investment and deposit practices. Such a change in these practices could materially adversely affect our ability to anticipate business needs and meet regulatory requirements. Further, difficult economic conditions may negatively affect consumer confidence levels. A decrease in consumer confidence levels would likely aggravate the adverse effects of these difficult market conditions on us, our customers and others in the financial institutions industry.
Our risk management framework may not be effective in identifying and mitigating every risk to us.
We have implemented a risk management framework to mitigate our risk and loss exposure. This framework is comprised of various processes, systems and strategies, and is designed to identify, measure, assess, monitor, report and manage the types of risk to which we are subject, including, among others, credit, capital, interest rate, liquidity, legal and regulatory, cybersecurity, compliance, strategic, reputational and operational risks related to our employees, systems and vendors, among others. Any system of control and any system to reduce risk exposure, however well designed and operated, is based in part on certain assumptions and can provide only reasonable, not absolute, assurances that the objectives of the system are met and will be effective under all circumstances or that it will adequately identify, manage or mitigate any risk or loss to us. Additionally, instruments, systems, controls and strategies used to hedge or otherwise understand and manage exposure to the risks we are subject to could be less effective than anticipated. As a result, we may not be able to effectively mitigate our risk exposures in particular market environments or against particular types of risk. If our risk management framework is not , we could and become subject to , regulatory consequences, or reputational among other consequences, any of which could result in our business, financial condition, results of operations or prospects being materially affected.
General Risk Factors
We depend on key personnel and the loss of one or more of those key personnel may materially and adversely affect our prospects. Furthermore, our business could suffer if we fail to attract and retain skilled people.
Our future operating results depend substantially upon the continued service of our executive officers and key personnel. Our future operating results also depend in significant part upon our ability to attract and retain qualified management, financial, technical, marketing, sales and support personnel. Competition for qualified personnel is intense, including with respect to compensation and emerging workplace practices, accommodations and remote work options, and we cannot ensure success in attracting or retaining qualified personnel. Our current or future approach to in-office and work-from-home arrangements may not meet the needs or expectations of our current or prospective employees or may not be perceived as favorable as compared to the arrangements offered by competitors, which could adversely affect our ability to attract and retain employees. There may be only a limited number of persons with the requisite skills to serve in these positions, and it may be increasingly difficult for us to hire personnel over time. Our business, financial condition or results of
23 TriCo Bancshares 2025 10-K
Table of Contents
operations could be materially adversely affected by the loss of any of our key employees, or our inability to attract and retain skilled employees.
Litigation, regulatory actions and compliance issues could subject us to significant fines, penalties, judgments, remediation costs and/or requirements resulting in increased expenses.
As a financial institution, we are at times subject to actual and threatened claims, litigation, arbitration, reviews, investigations, and other proceedings, including proceedings by governments and regulatory authorities, involving a wide range of issues, including labor and employment, data protection, data security, network security, consumer protection, commercial disputes, goods and services offered by us and by third parties, and other matters. Litigation matters range from individual actions involving a single plaintiff to class action lawsuits and can involve claims for substantial or indeterminate alleged damages or for injunctive or other relief. Any of these types of proceedings can have an adverse effect on us because of legal costs, disruption of our operations, diversion of management resources, publicity, and other factors. The outcomes of these matters are inherently and subject to significant uncertainties. We establish accruals for those matters when a is considered probable and the related amount is reasonably estimable. Additionally, when it is practicable and reasonably possible that it may experience in excess of established accruals, then we estimate possible contingencies. Determining legal reserves for possible from such matters involves judgment and may not reflect the full range of uncertainties and outcomes. Until the final resolution of such matters, we may be to in excess of the amount recorded, and such amounts could be material. Should any of our estimates and assumptions change or prove to have been , it could have a material effect on our business, financial condition and results of operations. In addition, it is possible that a resolution of one or more such proceedings, including as a result of a settlement, could involve licenses, sanctions, consent decrees, or orders requiring us to make substantial future payments, us from offering certain products or services, requiring us to change our business practices in a manner materially to our business, requiring development of non- or otherwise altered products or technologies, our reputation, or otherwise having a material effect on our operations.
We contest liability and/or the amount of damages as appropriate in each pending matter. The outcome of pending and future matters could be material to our results of operations, financial condition and cash flows depending on, among other factors, the level of our earnings for that period, and could adversely affect our business and reputation. For a discussion of certain legal proceedings, see the risk factor titled “ We experienced a criminal cyberattack in February 2023, which resulted in the temporary interruption of our systems, disclosure of certain confidential information, litigation and governmental inquiries, all of which could damage our reputation or create additional financial and legal exposure. ”
In addition to litigation and regulatory matters, from time to time, through our operational and compliance controls, we identify compliance issues that require us to make operational changes and, depending on the nature of the issue, result in financial remediation to impacted customers. These self-identified issues and voluntary remediation payments could be significant depending on the issue and the number of customers impacted. They also could generate litigation or regulatory investigations that subject us to additional adverse effects on our business, results of operations and financial condition.
We are subject to risk from fluctuating conditions in the financial markets and economic and political conditions generally.
Our success depends, to a certain extent, upon local, national and global economic and political conditions, as well as governmental monetary policies. Our financial performance generally, and in particular the ability of borrowers to pay interest on and repay principal of outstanding loans and the value of collateral securing those loans, as well as demand for loans and other products and services we offer, is highly dependent upon the business environment in the markets where we operate, in the State of California and in the United States as a whole. A favorable business environment is generally characterized by, among other factors, economic growth, efficient capital markets, low inflation, low unemployment, high business and investor confidence, and strong business earnings. Unfavorable or uncertain economic and market conditions can be caused by a decline in economic growth both in the U.S. and internationally; declines in business activity or investor or business confidence; limitations on the availability of or increases in the cost of credit and capital; increases in inflation or interest rates; high ; oil price ; natural ; trade policies and tariffs; or a combination of these or other factors. In addition, financial markets and global supply chains may be affected by the current or anticipated impact of global wars/military , terrorism, trade policies, or other geopolitical events. Current economic conditions are being heavily impacted by inflationary conditions and higher interest rates, the effects of which may impact our by impacting our fixed costs and expenses. Economic and inflationary pressure on consumers and uncertainty regarding economic could result in changes in consumer and business spending, borrowing and savings habits. Such conditions could have a material effect on the credit quality of our loans and our business, financial condition and results of operations.
Federal budget deficit concerns and the potential for political conflict over legislation to fund U.S. government operations and raise the U.S. government's debt limit may increase the possibility of a default by the U.S. government on its debt obligations, related credit-rating downgrades, or an economic recession in the United States. Many of our investment securities are issued by the U.S. government and government agencies and sponsored entities. As a result of uncertain domestic political conditions, including potential future federal government shutdowns, the possibility of the federal government defaulting on its obligations for a period of time due to debt ceiling limitations or other unresolved political issues, investments in financial instruments issued or guaranteed by the federal government pose liquidity risks. In connection with prior political disputes over U.S. fiscal and budgetary issues leading to the U.S. government in 2023, both Fitch and S&P lowered their long-term sovereign credit rating on the U.S. from AAA to AA+, and further affirmed the ratings in 2024. A further , or by other rating agencies, as well as sovereign debt issues facing the governments of other countries, could have a material impact on financial markets and economic conditions in the U.S. and worldwide.
24 TriCo Bancshares 2025 10-K
Table of Contents
Furthermore, evolving responses from federal and state governments and other regulators, and our customers or our third-party partners or vendors, to challenges such as climate change have impacted and could continue to impact the economic and political conditions under which we operate which could have a material adverse effect on our business, financial condition and results of operations.
Changes in the Federal, state or local tax laws may negatively impact our financial performance and we are subject to examinations and challenges by tax authorities.
We are subject to federal and applicable state tax laws and regulations. Changes in these tax laws and regulations, some of which may be retroactive to previous periods, could increase our effective tax rates and, as a result, could negatively affect our current and future financial performance. Furthermore, tax laws and regulations are often complex and require interpretation. In the normal course of business, we are routinely subject to examinations and challenges from federal and applicable state tax authorities regarding the amount of taxes due in connection with investments we have made and the businesses in which we have engaged. Federal and state taxing authorities have been aggressive in challenging tax positions taken by financial institutions. These tax positions may relate to tax compliance, sales and use, franchise, gross receipts, payroll, property and income tax issues, including tax base, apportionment and tax credit planning. The challenges made by tax authorities may result in adjustments to the timing or amount of taxable income or deductions or the allocation of income among tax jurisdictions. If any such challenges are made and are not resolved in our favor, they could have a material adverse effect on our business, financial condition and results of operations.
Climate change could have a material negative impact on us and our clients.
Our business, as well as the operations and activities of our customers, could be negatively impacted by climate change. Climate change presents both immediate and long-term risks to us and our customers and these risks are expected to increase over time. Climate change presents multi-faceted risks, including (i) operational risk from the physical effects of climate events on our facilities and other assets as well as those of our customers; (ii) credit risk from borrowers with significant exposure to climate risk; (iii) legal, regulatory and compliance risks arising from the policy, legal and regulatory changes associated with the transition to a less carbon-dependent economy; and (iv) reputational risk from stakeholder concerns about our practices related to climate change, our carbon footprint and our business relationships with customers who operate in carbon-intensive industries, and from negative public opinion related to any of our actions or inaction in response to climate change and our climate change strategy. The risks associated with climate change are rapidly changing and evolving in an escalating fashion, making them difficult to assess due to limited data. Our business, reputation and ability to attract and retain employees may also be if our response to climate change is perceived to be or .
Climate change exposes us and our customers to physical risk as its effects may lead to more frequent and more extreme weather events, such as prolonged droughts or flooding, tornados, hurricanes, wildfires and extreme seasonal weather; and longer-term shifts, such as increasing average temperatures, ozone depletion and rising sea levels. Such events and long-term shifts may damage, destroy or otherwise impact the value or productivity of our properties and other assets; increase the premiums for and reduce the availability of insurance; and/or disrupt our operations and other activities through prolonged outages. Such events and long-term shifts may also have a significant impact on our customers, which could amplify credit risk by diminishing borrowers’ repayment capacity or collateral values, and other businesses and counterparties with whom we transact, which could have a broader impact on the economy, supply chains and distribution networks.
Climate change also exposes us and our customers to transition risks associated with the transition to a less carbon-dependent economy. Transition risks may result from changes in policies; laws and regulations; technologies; and/or market preferences to address climate change. Such changes could materially, negatively impact our business, results of operations, financial condition and/or our reputation, in addition to having a similar impact on our customers. We have customers who operate in carbon-intensive industries like oil and gas that are exposed to climate risks, such as those risks related to the transition to a less carbon-dependent economy, as well as customers who operate in low-carbon industries that may be subject to risks associated with new technologies. Federal and state banking regulators and supervisory authorities, investors and other stakeholders have increasingly viewed financial institutions as important in helping to address the risks related to climate change both directly and with respect to their customers, which may result in financial institutions coming under increased pressure regarding the disclosure and management of their climate risks and related lending and investment activities. Given that climate change could impose systemic risks upon the financial sector, either via disruptions in economic activity resulting from the physical impacts of climate change or changes in policies as the economy transitions to a less carbon-intensive environment, we face regulatory risk of increasing focus on our resilience to climate-related risks, including in the context of testing for various climate scenarios. Ongoing legislative or regulatory uncertainties and changes regarding climate risk management and practices may result in higher regulatory, compliance, credit and reputational risks and costs, and may subject us to different and potentially requirements.
