What changed in Capital One's 2025 10-K compared to 2024?

Across the narrative sections we track, Capital One (COF) added 897 paragraphs, removed 794, and edited 644 between the 2024 and 2025 10-K filings. The biggest movers are Item 7. Management's Discussion & Analysis (+397/−390), Item 1A. Risk Factors (+311/−228), Item 1. Business (+155/−146).

Did Capital One add new Risk Factors in the 2025 10-K?

Yes — Item 1A Risk Factors shows 311 new/edited paragraphs and 228 removed paragraphs versus the 2024 10-K.

What changed in Capital One's MD&A (Item 7) in 2025?

Item 7 Management's Discussion & Analysis shows 397 new/edited paragraphs and 390 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did Capital One update its Cybersecurity disclosure (Item 1C) in 2025?

Item 1C Cybersecurity has 19 paragraph-level changes between the 2024 and 2025 filings.

Where does this COF 10-K diff come from?

The source filings are Capital One's official 2024 and 2025 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in Capital One's 10-K — 2024 vs 2025

Paragraph-level year-over-year comparison of Capital One's 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.

+897 added−794 removedSource: 10-K (2026-02-19) vs 10-K (2025-02-20)

Top changes in Capital One's 2025 10-K

897 paragraphs added · 794 removed · 644 edited across 7 sections

Item 7. Management's Discussion & Analysis+397 / −390 · 329 edited
Item 1A. Risk Factors+311 / −228 · 180 edited
Item 1. Business+155 / −146 · 106 edited
Item 1C. Cybersecurity+19 / −16 · 15 edited
Item 5. Market for Registrant's Common Equity+7 / −6 · 6 edited

Item 1. Business

Business — how the company describes what it does

106 edited+49 added−40 removed86 unchanged

2024 filing

2025 filing

Biggest changeNumerous factors could cause our actual results to differ materially from those described in such forward-looking statements, including, among other things: • risks relating to the pending Transaction, including the risk that the cost savings and any revenue synergies and other anticipated benefits from the Transaction may not be fully realized or may take longer than anticipated to be realized; disruption to our business and to Discover’s business as a result of the announcement and pendency of the Transaction; the risk that the integration of Discover’s business and operations into ours, including into our compliance management program, will be materially delayed or will be more costly or difficult than expected, or that we are otherwise unable to successfully integrate Discover’s business into ours, including as a result of unexpected factors or events; the possibility that the requisite regulatory approvals are not received or other conditions to the closing are not satisfied on a timely basis or at all, or are obtained subject to conditions that are not anticipated (and the risk that requisite regulatory approvals may result in the imposition of conditions that could adversely affect us or the expected benefits of the Transaction following the closing of the Transaction); reputational risk and the reaction of customers, suppliers, employees or other business partners of ours or of Discover to the Transaction; the failure of the closing conditions in the Merger Agreement to be satisfied, or any unexpected delay in completing the Transaction or the occurrence of any event, change or other circumstances that could give rise to the termination of the Merger Agreement; the dilution caused by our issuance of additional shares of our common stock in connection with the Transaction; the possibility that the Transaction may be more expensive to complete than anticipated, including as a result of unexpected factors or events; risks related to management and oversight of our expanded business and operations following the Transaction due to the increased size and complexity of our business; the possibility of increased scrutiny by, and/or additional regulatory requirements of, governmental authorities as a result of the Transaction or the size, scope and complexity of our business operations following the Transaction; the outcome of any legal or regulatory proceedings that may be currently pending or later instituted against us (before or after the Transaction) or against Discover; the risk that expectations regarding the timing, completion and accounting and tax treatments of the Transaction are not met; the risk that any announcements relating to the Transaction could have adverse effects on the market price of our common stock; certain restrictions during the pendency of the Transaction; the diversion of management’s attention from ongoing business operations and opportunities; the risk that revenues following the Transaction may be lower than expected and/or the risk that certain expenses, such as the provision for credit losses, of Discover or the surviving entity may be greater than expected; our and Discover’s success in executing their respective business plans and strategies and managing the risks involved in the foregoing; effects of the announcement, pendency or completion of the Transaction on our or Discover’s ability to retain customers and retain and hire key personnel and maintain relationships with our and Discover’s suppliers and other business partners, and on our and Discover’s operating results and businesses generally; and other factors that may affect our future results or the future results of Discover; 20 Capital One Financial Corporation (COF) Table of Contents • changes and instability in the macroeconomic environment, resulting from factors that include, but are not limited to monetary and fiscal policy actions, geopolitical conflicts or instability, such as the war between Ukraine and Russia and the conflict in the Middle East, labor shortages, government shutdowns, inflation and deflation, potential recessions, technology-driven disruption of certain industries, lower demand for credit, changes in deposit practices and payment patterns; • increases in credit losses and delinquencies and the impact of incorrectly estimated expected losses, which could result in inadequate reserves; • compliance with new and existing domestic and foreign laws, regulations and regulatory expectations, which may change over time including as a result of the political and policy goals of elected officials; • limitations on our ability to receive dividends from our subsidiaries; • our ability to maintain adequate capital or liquidity levels or to comply with revised capital or liquidity requirements, which could have a negative impact on our financial results and our ability to return capital to our stockholders; • the use, reliability, and accuracy of the models, artificial intelligence, and data on which we rely; • our ability to manage fraudulent activity risks; • increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions that can result from a cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information, or the disabling of systems and access to information critical to business operations; • developments, changes or actions relating to any litigation, governmental investigation or regulatory enforcement action or matter involving us; • the amount and rate of deposit growth and changes in deposit costs; • our ability to execute on our strategic initiatives and operational plans; • our response to competitive pressures; • legislation, regulation and merchants’ efforts to reduce the interchange fees charged by credit and debit card networks to facilitate card transactions, and by legislation and regulation impacting such fees; • our success in integrating acquired businesses and loan portfolios, and our ability to realize anticipated benefits from announced transactions and strategic partnerships; • our ability to develop, operate, and adapt our operational, technology and organizational infrastructure suitable for the nature of our business; • the success of our marketing efforts in attracting and retaining customers; • our risk management strategies; • changes in the reputation of, or expectations regarding, us or the financial services industry with respect to practices, products, services or financial condition; • fluctuations in interest rates; • our ability to maintain adequate sources of funding and liquidity to operate our business; • our ability to attract, develop, retain and motivate key senior leaders and skilled employees; • climate change manifesting as physical or transition risks; • our assumptions or estimates in our financial statements; 21 Capital One Financial Corporation (COF) Table of Contents • the soundness of other financial institutions and other third parties, actual or perceived; • our ability to invest successfully in and introduce digital and other technological developments across all our businesses; • a downgrade in our credit ratings; • our ability to manage risks from catastrophic events; • compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties; • our ability to protect our intellectual property rights; and • other risk factors identified from time to time in our public disclosures, including in the reports that we file with the SEC.

Biggest changeNumerous factors could cause our actual results to differ materially from those described in such forward-looking statements, including, among other things: 20 Capital One Financial Corporation (COF) Table of Contents • risks related to the integration of the Transaction, including our ability to successfully integrate our businesses, incur substantial expenses related to the Transaction and to the integration of Discover, and the expenses may be greater than anticipated due to factors, some or all of which may be outside our control; our ability to realize all of the anticipated benefits of the Transaction, or those benefits may take longer to realize than expected due to factors that may be outside our control; the integration of Discover may have an adverse effect on our business and results of operations due to the diversion of a substantial portion of the time and attention of our management team; potential employee attrition; and other factors that may affect our future results; • changes and instability in the macroeconomic environment, resulting from factors that include, but are not limited to monetary, fiscal and trade policy actions such as tariffs, geopolitical conflicts or instability, such as the war in Ukraine, the ongoing conflict in the Middle East and the political instability in Venezuela, labor shortages, government shutdowns, inflation and deflation, potential recessions, technology-driven disruption of certain industries, adverse developments impacting the U.S. or global banking industry, immigration policies, lower demand for credit, changes in deposit practices and payment patterns; • fluctuations in interest rates; • our ability to maintain adequate sources of funding and liquidity to operate our business; • increases in credit losses and delinquencies and the impact of incorrectly estimated expected losses, which could result in inadequate reserves; • our ability to maintain adequate capital or liquidity levels or to comply with revised capital or liquidity requirements, which could have a negative impact on our financial results and our ability to return capital to our stockholders; • limitations on our ability to receive dividends from our subsidiaries; • a downgrade in our credit ratings; • our ability to develop, operate and adapt our operational, technology and organizational infrastructure suitable for the nature of our business; • increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions that can result from a cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information, or the disabling of systems and access to information critical to business operations; • the use, reliability and accuracy of the models, AI, and data on which we rely; • our ability to manage risks of internal and external fraud; • compliance with new and existing domestic and foreign laws, regulations and regulatory expectations, which may change over time including as a result of the political and policy goals of elected and appointed officials; • compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties; • developments, changes or actions relating to any litigation, governmental investigation or regulatory enforcement action or matter involving us; • our response to competitive pressures; • the amount and rate of deposit growth and changes in deposit costs; • our ability to execute on our strategic initiatives and operational plans; • change in market preference towards other operators of payment networks and alternative payment providers; • our ability to create and maintain a strong base of network licensees and achieving meaningful global card acceptance; 21 Capital One Financial Corporation (COF) Table of Contents • legislation, regulation and merchants’ efforts to reduce the fees (including the interchange component) charged by credit and debit card networks and acquirers to facilitate card transactions; • the number of large merchants that accept cards on our recently acquired Discover Network or PULSE Network; • defaults or risks from bankruptcies, liquidations, restructurings, consolidations and outages by our network participants; • our ability to invest successfully in and introduce digital and other technological developments across all our businesses; • our success in integrating acquired businesses and loan portfolios, and our ability to realize anticipated benefits from announced transactions and strategic partnerships; • changes in the reputation of, or expectations regarding, us or the financial services industry with respect to practices, products, services or financial condition; • our ability to protect our intellectual property rights; • the success of our marketing efforts in attracting and retaining customers; • our risk management strategies; • our ability to attract, develop, retain and motivate key senior leaders and skilled employees; • our ability to manage risks from catastrophic events; • climate change manifesting as physical or transition risks; • our assumptions or estimates in our financial statements; • the soundness of other financial institutions and other third parties, actual or perceived; and • other risk factors identified from time to time in our public disclosures, including in the reports that we file with the SEC.

Privacy, Data Protection and Data Security We are, or may become, subject to a variety of continuously evolving and developing laws and regulations in the United States at the federal, state and local level regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information.

We also are subject to the U.K. General Data Protection Regulation (“U.K. GDPR”). In addition, subject to limited exceptions, the European Union (“EU”) General Data Protection Regulation (“EU GDPR”) applies EU data protection laws to certain companies processing personal data of individuals in the European Economic Area, regardless of the company’s location.

In addition, subject to limited exceptions, the European Union (“EU”) General Data Protection Regulation (“EU GDPR”) applies EU data protection laws to certain companies processing personal data of individuals in the European Economic Area, regardless of the company’s location. We also are subject to the U.K. General Data Protection Regulation (“U.K.

Our Executive Committee, a committee of senior management which includes our Chief Human Resources Officer, advises, assists and makes recommendations to our Chief Executive Officer and Board of Directors on human capital matters such as human resource practices and programs, including general employee benefits and compensation programs.

Our Executive Committee, a committee of senior management which includes our Chief Human Resources Officer, advises, assists and makes recommendations to our Chief Executive Officer (“CEO”) and Board of Directors on human capital matters such as human resource practices and programs, including general employee benefits and compensation programs.

Risk Factors” under the headings “ A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions” and “ We face risks related to our operational, technological and organizational infrastructure” and “Item 1C.

Risk Factors” under the headings “ A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions ” and “ We face risks related to our operational, technological and organizational infrastructure” and “Item 1C.

We also earn non-interest income which primarily consists of interchange income, net of reward expenses, and service charges and other customer-related fees. Our expenses primarily consist of the provision for credit losses, operating expenses, marketing expenses and income taxes.

We also earn non-interest income which primarily consists of discount and interchange income, net of reward expenses, and service charges and other customer-related fees. Our expenses primarily consist of the provision for credit losses, operating expenses, marketing expenses and income taxes.

In addition, under the final rule, the Bank’s resolution plan submissions are subject to more detailed content requirements and a new credibility standard for the FDIC’s evaluation of resolution plans, which is enforceable against the Bank.

In addition, under the final rule, the Bank’s resolution plan submissions are subject to more detailed content requirements and a credibility standard for the FDIC’s evaluation of resolution plans, which is enforceable against the Bank.

Our Credit Card business competes with international, national, regional and local issuers of Visa and MasterCard credit cards, as well as with American Express ® , Discover Card ® , private-label card brands, and, to a certain extent, issuers of debit cards.

Our Credit Card business competes with international, national, regional and local issuers of Visa ® and Mastercard ® credit cards, as well as with American Express ® , private-label card brands and, to a certain extent, issuers of debit cards.

Under the Federal Reserve Act and Federal Reserve regulations, the Bank and its subsidiaries are subject to quantitative and qualitative limits on extensions of credit, purchases of assets and certain other transactions involving non-bank affiliates.

Under the Federal Reserve Act and Federal Reserve and OCC regulations, the Bank and its subsidiaries are subject to quantitative and qualitative limits on extensions of credit, purchases of assets and certain other transactions involving non-bank affiliates.

The content of any of our websites referred to in this Report is not incorporated by reference into this Report or any other filings with the SEC. 5 Capital One Financial Corporation (COF) Table of Contents OPERATIONS AND BUSINESS SEGMENTS Our consolidated total net revenues are derived primarily from lending to consumer and commercial customers net of funding costs associated with our deposits, long-term debt and other borrowings.

The content of any of our websites referred to in this Report is not incorporated by reference into this Report or any other filings with the SEC. 6 Capital One Financial Corporation (COF) Table of Contents OPERATIONS AND BUSINESS SEGMENTS Our consolidated total net revenues are derived primarily from lending to consumer and commercial customers net of funding costs associated with our deposits, long-term debt and other borrowings.

FDIC Orderly Liquidation Authority The Dodd-Frank Act provides the FDIC with liquidation authority that may be used to liquidate non-bank financial companies and BHCs if the Treasury Secretary, in consultation with the President of the United States and based on the recommendation of the Federal Reserve and other appropriate Federal Banking Agencies, determines that doing so is necessary, among other criteria, to mitigate serious adverse effects on U.S. financial stability.

FDIC Orderly Liquidation Authority The Dodd-Frank Act provides the FDIC with liquidation authority that may be used to liquidate non-bank financial companies and BHCs if the Treasury Secretary, in consultation with the President and based on the recommendation of the Federal Reserve and other appropriate Federal Banking Agencies, determines that doing so is necessary, among other criteria, to mitigate serious adverse effects on U.S. financial stability.

In addition to formal programming provided by learning professionals, including regulatory compliance, role-specific topics and others, our peer-to-peer learning strategy allows associates to be both learners and teachers, further enhancing a culture of learning. We also focus on cultivating talent with leadership development courses, cohort-based programs, network building and coaching.

Prudential Regulation of Banking Capital One Financial Corporation is a bank holding company (“BHC”) and a financial holding company (“FHC”) under the Bank Holding Company Act of 1956, as amended (“BHC Act”), and is subject to the requirements of the BHC Act, including approval requirements for investments in or acquisitions of banking organizations, capital adequacy standards and limitations 7 Capital One Financial Corporation (COF) Table of Contents on non-banking activities.

Prudential Regulation of Banking Capital One Financial Corporation is a bank holding company (“BHC”) and a financial holding company (“FHC”) under the Bank Holding Company Act of 1956, as amended (“BHC Act”), and is subject to the requirements of the BHC Act, including approval requirements for investments in or acquisitions of banking organizations, capital adequacy standards and limitations 8 Capital One Financial Corporation (COF) Table of Contents on non-banking activities.

We also offer products and services outside of the U.S. principally through Capital One (Europe) plc (“COEP”), an indirect subsidiary of CONA organized and located in the United Kingdom (“U.K.”), and through a branch of CONA in Canada. Both COEP and our Canadian branch of CONA have the authority to provide credit card loans.

We also offer credit card products and certain other services outside of the U.S. principally through Capital One (Europe) plc (“COEP”), an indirect subsidiary of CONA organized and located in the United Kingdom (“U.K.”), and through a branch of CONA in Canada. Both COEP and our Canadian branch of CONA have the authority to provide credit card loans.

Financial Statements and Supplementary Data—Note 18—Business Segments and Revenue from Contracts with Customers” of this Report. 6 Capital One Financial Corporation (COF) Table of Contents COMPETITION Each of our business segments operates in a highly competitive environment, and we face competition in all aspects of our business from numerous bank and non-bank providers of financial services.

Financial Statements and Supplementary Data—Note 18—Business Segments and Revenue from Contracts with Customers” of this Report. 7 Capital One Financial Corporation (COF) Table of Contents COMPETITION Each of our business segments operates in a highly competitive environment, and we face competition in all aspects of our business from numerous bank and non-bank providers of financial services.

The Market Risk Rule generally applies to institutions with aggregate trading assets and liabilities equal to 10% or more of total assets or $1 billion or more. As of December 31, 2024, the Company and the Bank are subject to the Market Risk Rule. See “Part II一Item 7. MD&A一Market Risk Profile” for additional information.

The Market Risk Rule generally applies to institutions with aggregate trading assets and liabilities equal to 10% or more of total assets or $1 billion or more. As of December 31, 2025, the Company and the Bank are subject to the Market Risk Rule. See “Part II—Item 7. MD&A—Market Risk Profile” for additional information.

The Federal Reserve has proposed, but not yet finalized, amendments to Regulation II that would lower the cap on debit interchange fees and institute a process for automatically recalculating the debit interchange fee cap every two years based upon a biennial survey of large debit card issuers.

In 2023, the Federal Reserve proposed, but has not yet finalized, amendments to Regulation II that would lower the cap on debit interchange fees and institute a process for automatically recalculating the debit interchange fee cap every two years based upon a biennial survey of large debit card issuers.

Under the Federal Reserve’s final rule to implement the stress capital buffer requirement (“Stress Capital Buffer Rule”), the Company’s “standardized approach capital conservation buffer” includes its stress capital buffer requirement (as described below), any G-SIB Surcharge (which is not applicable to us) and the countercyclical capital buffer requirement (which is currently set at 0%).

Under the Federal Reserve’s stress capital buffer rule (“Stress Capital Buffer Rule”), the Company’s “standardized approach capital conservation buffer” includes its stress capital buffer requirement (as described below), any G-SIB Surcharge (which is not applicable to us) and the countercyclical capital buffer requirement (which is currently set at 0%).

For additional information on factors that could materially influence forward-looking statements included in this Report, see the risk factors set forth under “Item 1A. Risk Factors.” You should carefully consider the factors discussed below, and in our Risk Factors or other disclosures, in evaluating these forward-looking statements.

For additional information on factors that could materially influence forward-looking statements included in this Report, see the risk factors set forth under “ Item 1A. Risk Factors .” You should carefully consider the factors discussed below, and in our Risk Factors or other disclosures, in evaluating these forward-looking statements.

All references to 2024, 2023 and 2022, refer to our fiscal years ended, or the dates, as the context requires, December 31, 2024, December 31, 2023 and December 31, 2022, respectively. Certain business terms used in this document are defined in “Part II—Item 7.

All references to 2025, 2024 and 2023, refer to our fiscal years ended, or the dates, as the context requires, December 31, 2025, December 31, 2024 and December 31, 2023, respectively. Certain business terms used in this document are defined in “Part II—Item 7.

As one of the nation’s largest banks based on deposits as of December 31, 2024, we service banking customer accounts through digital channels and our network of branch locations, cafés, call centers and automated teller machines (“ATMs”).

As one of the nation’s largest banks based on deposits as of December 31, 2025, we service banking customer accounts through digital channels and our network of branch locations, cafés, call centers and automated teller machines (“ATMs”).

In addition, the OCC has issued enforceable guidelines requiring banks with assets of $100 billion or more, including the Bank, to develop recovery plans detailing the actions they would take to remain a going concern when they experience considerable financial or non-financial risks but have not deteriorated to the point that resolution is imminent.

In addition, the OCC has enforceable guidelines that require banks with assets of $100 billion or more, including the Bank, to develop recovery plans detailing the actions they would take to remain a going concern when they experience considerable financial or non-financial risks but have not deteriorated to the point that resolution is imminent.

Long-Term Debt and Clean Holding Company Proposal In September 2023, the Federal Banking Agencies proposed a rule that would require banking organizations with $100 billion or more in total assets, including the Company, to comply with certain long-term debt requirements and so called “clean holding company” requirements that are designed to improve the resolvability of covered organizations (“LTD Proposal”).

Long-Term Debt and Clean Holding Company Proposal The Federal Banking Agencies have proposed a rule that would require banking organizations with $100 billion or more in total assets, including the Company, to comply with certain long-term debt requirements and so called “clean holding company” requirements that are designed to improve the resolvability of covered organizations (“LTD Proposal”).

In addition to laws and regulations, state and federal bank regulatory agencies may issue policy statements, interpretive letters and similar written guidance applicable to us and our subsidiaries. Any change in the statutes, regulations or regulatory policies applicable to us, including changes in their interpretation or implementation, could have a material effect on our business or organization.

In addition to laws and regulations, regulatory agencies may issue policy statements, interpretive letters and similar written guidance applicable to us and our subsidiaries. Any change in the statutes, regulations or regulatory policies applicable to us, including changes in their interpretation or implementation, could have a material effect on our business or organization.

The LCR Rule requires each of the Company and the Bank to hold an amount of eligible HQLA that equals or exceeds 100% of its respective projected adjusted net cash outflows over a 30-day period, each as calculated in accordance with the LCR Rule.

The LCR Rule requires both the Company and the Bank to hold an amount of eligible HQLA that equals or exceeds 100% of its respective projected adjusted net cash outflows over a 30-day period, each as calculated in accordance with the LCR Rule. The LCR Rule requires both the Company and the Bank to calculate its respective LCR daily.

Broker-Dealer Activities Certain of our non-bank subsidiaries are subject to regulation and supervision by various federal and state authorities. Capital One Securities, Inc., KippsDeSanto & Company and TripleTree, LLC are registered broker-dealers regulated by the SEC and the Financial Industry Regulatory Authority (“FINRA”).

Broker-Dealer Activities C ertain of our non-bank subsidiaries are subject to regulation and supervision by various federal and state authorities. Capital One Securities, Inc., KippsDeSanto & Company and TripleTree, LLC are registered broker-dealers regulated by the SEC and the Financial Industry Regulatory Authority (“FINRA”).

Risk Factors” under the heading “ If we are not able to protect our intellectual property rights, or we violate third-party intellectual property rights, our revenue and profitability could be negatively affected.” 19 Capital One Financial Corporation (COF) Table of Contents FORWARD-LOOKING STATEMENTS From time to time, we have made and will make forward-looking statements, including those that discuss, among other things: strategies, goals, outlook or other non-historical matters; projections, revenues, income, returns, expenses, assets, liabilities, capital and liquidity measures, capital allocation plans, accruals for claims in litigation and for other claims against us; earnings per share, efficiency ratio, operating efficiency ratio or other financial measures for us; future financial and operating results; our plans, objectives, expectations and intentions; and the assumptions that underlie these matters.

Risk Factors” under the heading “ If we are not able to protect our intellectual property rights, or we violate third-party intellectual property rights, our revenue and profitability could be negatively affected. ” FORWARD-LOOKING STATEMENTS From time to time, we have made and will make forward-looking statements, including those that discuss, among other things: strategies, goals, outlook or other non-historical matters; projections, revenues, income, returns, expenses, assets, liabilities, capital and liquidity measures, capital allocation plans, accruals for claims in litigation and for other claims against us; earnings per share, efficiency ratio, operating efficiency ratio or other financial measures for us; future financial and operating results; our plans, objectives, expectations and intentions; and the assumptions that underlie these matters.

In November 2023, the FDIC finalized a rule to implement a special assessment to recover the loss to the DIF arising from the protection of uninsured depositors in connection with the systemic risk determination announced in March 2023, following the closures of Silicon Valley Bank and Signature Bank.

On November 16, 2023, the FDIC finalized a rule to implement a special assessment to recover the loss to the DIF arising from the protection of uninsured depositors in connection with the systemic risk determination announced on March 12, 2023, following the closures of Silicon Valley Bank and Signature Bank.

Risk Factors.” Depending on the underlying issue and applicable law, regulators may be authorized to impose penalties for violations of these statutes and, in certain cases, to order banks to compensate customers. Borrowers may also have a private right of action for certain violations.

Depending on the underlying issue and applicable law, regulators may be authorized to impose penalties for violations of these statutes and, in certain cases, to order banks to compensate customers. Borrowers may also have a private right of action for certain violations.

Hiring, Developing, and Retaining We employ a comprehensive people strategy that includes significant investments in recruiting and associate development in order to attract and retain top talent from all backgrounds. We recruit through a variety of channels, including professional partnerships, job fairs, online platforms, on-campus recruiting and diversity-related recruiting events and initiatives, among others.

Hiring, Developing and Retaining We employ a comprehensive people strategy that includes significant investments in recruiting and associate development in order to attract and retain top talent from all backgrounds. We recruit through a variety of channels, including professional partnerships, job fairs, online platforms and on-campus recruiting, among others.

Risk Factors” under the headings “ We face risks related to our operational, technological and organizational infrastructure ,” “ A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in 15 Capital One Financial Corporation (COF) Table of Contents revenue, reputational damage, legal exposure and business disruptions, ” and “ Our required compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties, may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities. ” For further discussion of our cybersecurity risk management, see “Item 1C.

Risk Factors” under the headings “We face risks related to our operational, technological and organizational infrastructure,” “ A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions ” and “ Our required compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties, may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities. ” For further discussion of our cybersecurity risk management, see “Item 1C.

In particular, the Federal Reserve is required to conduct annual stress tests on certain covered companies, such as the Company, to ensure that the covered companies have sufficient capital to absorb losses and continue operations during adverse economic conditions, as well as to determine the Company’s stress capital buffer requirement as described above.

In particular, the Federal Reserve is required to conduct annual stress tests on certain covered companies, including us, to ensure that the covered companies have sufficient capital to absorb losses and continue operations during adverse economic conditions, as well as to determine the Company’s stress capital buffer requirement as described above.

Moreover, legislative updates have been proposed in the U.S. Congress for more comprehensive privacy, data protection and data security legislation, to which we may be subject if passed.

Moreover, legislative updates have been proposed, and will likely in the future be proposed, in the U.S. Congress for more comprehensive privacy, data protection and data security legislation, to which we may be subject if passed.

The Company is hereafter collectively referred to as “we,” “us” or “our.” CONA is referred to as the “Bank.” References to “this Report” or our “2024 Form 10-K” or “2024 Annual Report” are to our Annual Report on Form 10-K for the fiscal year ended December 31, 2024.

The Company is hereafter collectively referred to as “we,” “us” or “our.” CONA is referred to as the “Bank.” References to “this Report” or our “2025 Form 10-K” or “2025 Annual Report” are to our Annual Report on Form 10-K for the fiscal year ended December 31, 2025.

At the state level, California has enacted the California Consumer Privacy Act (as amended by the California Privacy Rights Act, collectively, the “CCPA”) and continues to issue regulations thereunder, and various other states also have enacted or are in the process of enacting state-level privacy, data protection and/or data security laws and regulations, with which we may be required to comply.

At the state level, California has enacted the California Consumer Privacy Act (“CCPA”) and continues to issue regulations thereunder, and various other states also have enacted or are in the process of enacting state-level privacy, data protection and/or data security laws and regulations, with which we may be required to comply.

Based on the Company’s 2024 supervisory stress test results, the Company’s stress capital buffer requirement for the period beginning on October 1, 2024 through September 30, 2025 is 5.5%.

Based on the Company’s 2025 supervisory stress test results, the Company’s stress capital buffer requirement for the period beginning on October 1, 2025 through September 30, 2026 is 4.5%.

It is uncertain when or if a final rule will be adopted, and if so, whether and to what extent it will differ from the Basel III Finalization Proposal. As a result, the timing and content of any final rule, and the potential effects of any final rule on the Company and the Bank, remain uncertain.

It is uncertain if and when a reproposal will be issued, and if so, whether and to what extent it will differ from the original Basel III Finalization Proposal. As a result, the timing and content of any final rule, and the potential effects of any final rule on the Company and the Bank, remain uncertain.

We prioritize employee recruitment, development, recognition and retention. As of December 31, 2024, Capital One had approximately 52,600 employees worldwide, whom we refer to as “associates.” The following disclosures provide information on our human capital resources, including certain human capital objectives and measures that we focus on in managing our business.

We prioritize employee recruitment, development, recognition and retention. As of December 31, 2025, Capital One had approximately 76,300 employees worldwide, whom we refer to as “associates.” The following disclosures provide information on our human capital resources, including certain human capital objectives and measures that we focus on in managing our business.

As a banking organization, we are subject to extensive regulation and supervision. In addition to banking laws and regulations, we are subject to various other laws and regulations, all of which directly or indirectly affect our operations, management and ability to make distributions to stockholders. We and our subsidiaries are also subject to supervision and examination by multiple regulators.

In addition to banking laws and regulations, we are subject to various other laws and regulations, all of which directly or indirectly affect our operations, management and ability to make distributions to stockholders. We and our subsidiaries are also subject to supervision and examination by multiple regulators.

The Other category also includes unallocated corporate expenses that do not directly support the operations of the business segments or for which the business segments are not considered financially accountable in evaluating their performance, such as certain restructuring charges and integration expenses related to the Transaction. • Credit Card: Consists of our domestic consumer and small business card lending, and international card businesses in the U.K. and Canada. • Consumer Banking: Consists of our deposit gathering and lending activities for consumers and small businesses, and national auto lending. • Commercial Banking: Consists of our lending, deposit gathering, capital markets and treasury management services to commercial real estate and commercial and industrial customers.

The Other category also includes unallocated corporate expenses that do not directly support the operations of the business segments or for which the business segments are not considered financially accountable in evaluating their performance, such as certain restructuring charges, integration expenses and certain liabilities incurred by Discover ahead of the Transaction. • Credit Card: Consists of our domestic consumer card lending, personal loans, domestic small business card lending and international card businesses in the U.K. and Canada. • Consumer Banking: Consists of our deposit gathering and lending activities for consumers and small businesses, national auto lending and services offered by the Global Payment Network. • Commercial Banking: Consists of our lending, deposit gathering, capital markets and treasury management services to commercial real estate and commercial and industrial customers.

Basel III Finalization Proposal In July 2023, the Federal Banking Agencies released a notice of proposed rulemaking (“Basel III Finalization Proposal”) to revise the Basel III Capital Rules applicable to banking organizations with total assets of $100 billion or more and their subsidiary depository institutions, including the Company and the Bank.

Basel III Finalization Proposal In July 2023, the Federal Reserve, OCC and the FDIC (collectively, the “Federal Banking Agencies”) released a notice of proposed rulemaking (“Basel III Finalization Proposal”) to revise the Basel III Capital Rules applicable to banking organizations with total assets of $100 billion or more and their subsidiary depository institutions, including the Company and the Bank.

Governance of Human Capital Our Board of Directors oversees our human capital management, including strategies, policies and practices, and diversity, inclusion and belonging (“DIB”), and is assisted by our Board’s Compensation Committee and Governance and Nominating Committee.

Governance of Human Capital Our Board of Directors oversees our human capital management, including strategies, policies and practices, and is assisted by our Board’s Compensation Committee and Governance and Nominating Committee.

Therefore, the Company’s minimum capital requirements plus the standardized approach capital conservation buffer for CET1 capital, Tier 1 capital and total capital ratios under the stress capital buffer framework are 10.0%, 11.5% and 13.5%, respectively, for the period from October 1, 2024 through September 30, 2025. The Stress Capital Buffer Rule does not apply to the Bank.

Accordingly, the Company’s minimum capital requirements plus the standardized approach capital conservation buffer for CET1 capital, Tier 1 capital and total capital ratios under the stress capital buffer framework are 9.0%, 10.5% and 12.5%, respectively, for the period from October 1, 2025 through September 30, 2027. The Stress Capital Buffer Rule does not apply to the Bank.

Capital and Stress Testing Regulation The Company and the Bank are subject to capital adequacy guidelines adopted by the Federal Reserve and OCC, respectively. For a further discussion of the capital adequacy guidelines, see “Part II—Item 7. MD&A—Capital Management” and “Part II—Item 8. Financial Statements and Supplementary Data—Note 12—Regulatory and Capital Adequacy.” Basel III and U.S.

For a further discussion of the capital adequacy guidelines, see “Part II—Item 7. MD&A—Capital Management” and “Part II—Item 8. Financial Statements and Supplementary Data—Note 12—Regulatory and Capital Adequacy.” Basel III and U.S. Capital Rules The Company and the Bank are subject to the regulatory capital requirements established by the Federal Reserve and the OCC, respectively (“Basel III Capital Rules”).

Other Business Developments We regularly explore and evaluate opportunities to acquire financial products and services as well as financial assets, including credit card and other loan portfolios, and enter into strategic partnerships as part of our growth strategy.

In addition, we offer Global Payment Network services globally. Business Developments We regularly explore and evaluate opportunities to acquire financial products and services as well as financial assets, including credit card and other loan portfolios, and enter into strategic partnerships as part of our growth strategy.

The special assessment base is equal to an insured depository institution’s estimated uninsured deposits reported on its Consolidated Reports of Condition and Income as of December 31, 2022 (“2022 Call Report”), adjusted to exclude the first $5 billion of uninsured deposits. For additional information, see “Part II—Item 8.

For example, the AML Act requires FinCEN to issue National Anti-Money Laundering and Countering the Financing of Terrorism Priorities (the “National Priorities”), which the agency did in June 2021, and to conduct studies and issue regulations that may alter some of the due diligence, record-keeping and reporting requirements that the BSA and Patriot Act impose on banks.

For example, the AML Act requires FinCEN to issue National Anti-Money Laundering and Countering the Financing of Terrorism Priorities, which the agency did in June 2021, and to conduct studies and issue regulations that may alter some of the due diligence, record-keeping and reporting requirements that the BSA and 17 Capital One Financial Corporation (COF) Table of Contents Patriot Act impose on banks.

The Bank is subject to the Federal Reserve’s Regulation II, which limits the amount of interchange fees that can be charged per debit card transaction for debit card issuers with over $10 billion in assets and places certain prohibitions on payment routing restrictions and network exclusivity.

The Bank is subject to the Federal Reserve’s Regulation II (Debit Card Interchange Fees and Routing) for those debit cards issued on networks not owned by the Company, which limits the amount of interchange fees that can be received per debit card transaction by debit card issuers with over $10 billion in assets and places certain prohibitions on payment routing restrictions and network exclusivity.

The LCR Rule requires each of the Company and the Bank to calculate its respective LCR daily. In addition, the Company is required to make quarterly public disclosures of its LCR and certain related quantitative liquidity metrics, along with a qualitative discussion of its LCR.

In addition, the Company is required to make quarterly public disclosures of its LCR and certain related quantitative liquidity metrics, along with a qualitative discussion of its LCR.

Following review of a plan, the Federal Reserve and 12 Capital One Financial Corporation (COF) Table of Contents FDIC may jointly determine that a resolution plan is not credible or would not facilitate an orderly resolution under the U.S. Bankruptcy Code.

Following review of a plan, the Federal Reserve and FDIC may jointly determine that a resolution plan is not credible or would not facilitate an orderly resolution under the U.S. Bankruptcy Code.

These laws and regulations, and similar laws and regulations in other jurisdictions, impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information, which may have adverse consequences, including significant compliance costs and severe monetary penalties for non-compliance.

GDPR”), a version of the EU GDPR as implemented into U.K law. These laws and regulations, and similar laws and regulations in other jurisdictions, impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information, which may have adverse consequences, including significant compliance costs and severe monetary penalties for non-compliance.

On a quarterly basis, we review our ability to attract and retain talent. Each line of business and staff group reviews hiring, tenure and attrition metrics as part of this assessment, and they implement risk mitigation plans when needed. Compensation and Wellness We appreciate the importance of a competitive total compensation package to attract and retain great talent.

We also are registered as a financial institution holding company under the laws of the Commonwealth of Virginia and, as such, we are subject to periodic examination by the Virginia Bureau of Financial Institutions. We also face regulation in the international jurisdictions in which we conduct business. See “Regulation by Authorities Outside the United States” below for additional details.

We intend to disclose any future amendments to, or waivers from, our Code of Conduct on the website following the date of any such amendment or waiver. In addition, we make available free of charge through our website all of our U.S.

These documents also are available in print to any stockholder who requests a copy. We intend to disclose any future amendments to, or waivers from, our Code of Conduct on the website following the date of any such amendment or waiver. In addition, we make available free of charge through our website all of our U.S.

The Bank must also disclose the results of its stress test on a biennial basis. Funding and Dividends from Subsidiaries Dividends from the Company’s direct and indirect subsidiaries represent a major source of the funds we use to pay dividends on our capital stock, make payments on our corporate debt securities and meet our other obligations.

Funding and Dividends from Subsidiaries Dividends from the Company’s direct and indirect subsidiaries represent a major source of the funds we use to pay dividends on our capital stock, make payments on our corporate debt securities and meet our other obligations.

Regulatory enforcement and fines have also increased across the banking and financial services sector. The descriptions below summarize certain significant federal and state laws, as well as international laws, to which we are subject. The descriptions are qualified in their entirety by reference to the particular statutory or regulatory provisions summarized.

The descriptions below summarize certain significant federal and state laws, as well as international laws, to which we are subject. The descriptions are qualified in their entirety by reference to the particular statutory or regulatory provisions summarized.

The Company’s final stress capital buffer requirement will be effective from October 1 of the year in which the capital plan is submitted through September 30 of the following year.

The Company’s final stress capital buffer requirement will be effective from October 1 of the year in which the capital plan is submitted through September 30 of the following year. In April 2025, the Federal Reserve issued the SCB Averaging Proposal.

Competition varies based on the types of clients, customers, industries and geographies served. Our ability to compete depends, in part, on our ability to attract and retain our associates and on our reputation as well as our ability to keep pace with innovation, in particular in the development of new technology platforms.

Our ability to compete depends, in part, on our ability to attract and retain our associates and on our reputation as well as our ability to keep pace with innovation, in particular in the development of new technology platforms.

As a general matter, the Company may make capital distributions in excess of those included in its capital plan without the prior approval of the Federal Reserve so long as the Company is otherwise in compliance with the capital rule’s automatic limitations on capital distributions.

For more information on the SCB Averaging Proposal, please see “Capital Buffer Requirements.” As a general matter, the Company may make capital distributions in excess of those included in its capital plan without the prior approval of the Federal Reserve so long as the Company is otherwise in compliance with the capital rule’s automatic limitations on capital distributions.

At the effective time of the Second Step Merger, each share of Fixed-to-Floating Rate Non-Cumulative Perpetual Preferred Stock, Series C, of Discover, and each share of 6.125% Fixed-Rate Reset Non-Cumulative Perpetual Preferred Stock, Series D, of Discover, in each case outstanding immediately prior to the effective time of the Second Step Merger, will be converted into the right to receive a share of newly created series of preferred stock of Capital One having terms that are not materially less favorable than the applicable series of Discover preferred stock.

At the effective time of the Second Step Merger, each share of Fixed-to-Floating Rate Non-Cumulative Perpetual Preferred Stock, Series C, of Discover, and each share of 6.125% Fixed-Rate Reset Non-Cumulative Perpetual Preferred Stock, Series D, of Discover, in each case outstanding immediately prior to the effective time of the Second Step Merger, was converted into the right to receive a share of newly created Fixed-to-Floating Rate Non-Cumulative Perpetual Preferred Stock, Series O or 6.125% Fixed-Rate Reset Non-Cumulative Perpetual Preferred Stock, Series P of Capital One.

These relationships include, but are not limited to: Amazon Web Services, Inc. (“AWS”) for our cloud infrastructure, Total System Services LLC (“TSYS”) for consumer and commercial credit card processing services for our North American and U.K. portfolios and Fidelity Information Services (“FIS”) for certain of our banking systems.

(“AWS”) for our cloud infrastructure, Total System Services LLC (“TSYS”) for consumer and commercial credit card processing services for our North American and U.K. portfolios and Fidelity Information Services (“FIS”) for certain of our banking systems.

In general, federal and applicable state banking laws prohibit insured depository institutions, such as the Bank, from making dividend distributions without first obtaining regulatory approval if such distributions are not paid out of available earnings or would cause the institution to fail to meet applicable capital adequacy standards. 12 Capital One Financial Corporation (COF) Table of Contents Liquidity Regulation The Company and the Bank are subject to minimum liquidity standards as adopted by the Federal Reserve and OCC, respectively.

In the U.K., the Bank operates through COEP, an authorized payment institution regulated by the Financial Conduct Authority (“FCA”). COEP’s parent, Capital One Global Corporation, is wholly owned by the Bank and is subject to regulation by the Federal Reserve as an “agreement corporation” under the Federal Reserve’s Regulation K. COEP does not take deposits.

COEP’s parent, Capital One Global Corporation, is wholly owned by the Bank and is subject to regulation by the Federal Reserve as an “agreement corporation” under the Federal Reserve’s Regulation K. COEP does not take deposits.

At the effective time of the Merger, each share of common stock of Discover outstanding immediately prior to the effective time of the Merger, other than certain shares held by Discover or Capital One, will be converted into the right to receive 1.0192 shares of common stock of Capital One.

Upon closing, each share of common stock of Discover outstanding immediately prior to the effective time of the Merger, other than certain shares held by Discover or Capital One, was converted into the right to receive 1.0192 shares of common stock of Capital One. Holders of Discover common stock received cash in lieu of fractional shares.

Regulation of Business Activities The business activities of the Company and the Bank, as well as certain of the Company’s non-bank subsidiaries, are subject to regulation and supervision under various other laws and regulations. 14 Capital One Financial Corporation (COF) Table of Contents Regulation of Consumer Lending Activities The activities of the Bank as a consumer lender are subject to regulation under various federal laws, including, for example, the Truth in Lending Act (“TILA”), the Equal Credit Opportunity Act, the Fair Credit Reporting Act (“FCRA”), the CRA, the Servicemembers Civil Relief Act and the Military Lending Act, as well as under various state laws.

Regulation of Consumer Lending Activities The activities of the Bank as a consumer lender are subject to regulation under various federal laws, including, for example, the Truth in Lending Act (“TILA”), the Equal Credit Opportunity Act, the Fair Credit Reporting Act (“FCRA”), the CRA, the Servicemembers Civil Relief Act and the Military Lending Act, as well as under various state laws.

We also routinely post financial and other information, which could be deemed to be material to investors, on our investor relations website. Information regarding our corporate social responsibility and environmental sustainability initiatives is also available on our website.

We also routinely post financial and other information, which could be deemed to be material to investors, on our investor relations website.

MD&A一Liquidity Risk Profile.” The Basel Committee has published a liquidity framework that includes two standards for liquidity risk supervision. One standard, the liquidity coverage ratio (“LCR”), seeks to promote short-term resilience by requiring organizations to hold sufficient high-quality liquid assets (“HQLAs”) to survive a stress scenario lasting for 30 days.

One standard, the liquidity coverage ratio (“LCR”), seeks to promote short-term resilience by requiring organizations to hold sufficient high-quality liquid assets (“HQLAs”) to survive a stress scenario lasting for 30 days.

The FDIC has issued rules implementing certain provisions of its liquidation authority. FDIC Deposit Insurance Assessments The Bank, as an insured depository institution, is a member of the Deposit Insurance Fund (“DIF”) maintained by the FDIC. Through the DIF, the FDIC insures the deposits of insured depository institutions up to prescribed limits for each depositor.

FDIC Deposit Insurance Assessments The Bank, as an insured depository institution, is a member of the Deposit Insurance Fund (“DIF”) maintained by the FDIC. Through the DIF, the FDIC insures the deposits of insured depository institutions up to prescribed limits for each depositor. The FDIC sets a Designated Reserve Ratio (“DRR”) for the DIF.

Documents available under “Governance & Leadership” in the Investor Relations section of our website include: • our Certificate of Incorporation, Bylaws, Corporate Governance Guidelines, and Code of Conduct; and • charters for the Audit, Compensation, Governance and Nominating, and Risk Committees of the Board of Directors. These documents also are available in print to any stockholder who requests a copy.

We maintain a website at www.capitalone.com. Documents available under “Governance & Leadership” in the Investor Relations section of our website include: • our Certificate of Incorporation, Bylaws, Corporate Governance Guidelines and Code of Conduct; and • charters for the Audit, Compensation, Governance and Nominating and Risk Committees of the Board of Directors.

Volcker Rule We and each of our subsidiaries, including the Bank, are subject to the “Volcker Rule,” a provision of the Dodd-Frank Act that contains prohibitions on proprietary trading and certain investments in, and relationships with, covered funds (hedge funds, private equity funds and similar funds), subject to certain exemptions, in each case as the applicable terms are defined in the Volcker Rule and the implementing regulations.

In addition, transactions between the Bank and its non-bank affiliates are required to be on arm’s length terms and must be consistent with standards of safety and soundness. 15 Capital One Financial Corporation (COF) Table of Contents Volcker Rule We and each of our subsidiaries, including the Bank, are subject to the “Volcker Rule,” a provision of the Dodd-Frank Act that contains prohibitions on proprietary trading and certain investments in, and relationships with, covered funds (hedge funds, private equity funds and similar funds), subject to certain exemptions, in each case as the applicable terms are defined in the Volcker Rule and the implementing regulations.

Under these rules, broker- 16 Capital One Financial Corporation (COF) Table of Contents dealers are required to maintain the minimum net capital deemed necessary to meet their continuing commitments to customers and others, and to keep a substantial portion of their assets in relatively liquid form.

These broker-dealer subsidiaries are subject to, among other things, net capital rules designed to measure the general financial condition and liquidity of a broker-dealer. Under these rules, broker-dealers are required to maintain the minimum net capital deemed necessary to meet their continuing commitments to customers and others, and to keep a substantial portion of their assets in relatively liquid form.

For example, at the federal level, we are currently subject to the Gramm-Leach-Bliley Act (“GLBA”) and the FCRA, among other laws and regulations, and may become subject to additional privacy, data protection and data security requirements as a result of future laws, rules or regulations.

For example, at the federal level, we 16 Capital One Financial Corporation (COF) Table of Contents are currently subject to the Gramm-Leach-Bliley Act (“GLBA”) and the FCRA, among other laws and regulations, and expect additional privacy, data protection and data security requirements, including cyber incident reporting requirements, to apply to us as a result of future laws or regulations.

The Basel III Finalization Proposal includes a proposed effective date of July 1, 2025, subject to a three-year transition period ending July 1, 2028, over which risk-weighted assets calculated under the Expanded Risk-Based Approach and the recognition of AOCI in CET1 capital would be phased in.

The Basel III Finalization Proposal includes a three-year transition period over which risk-weighted assets calculated under the Expanded Risk-Based Approach and the recognition of AOCI in CET1 capital would be phased in. The Federal Banking Agencies have indicated an intent to repropose the Basel III Finalization Proposal.

DFAST is a forward-looking exercise conducted by the Federal Reserve and each covered company to help assess whether a company has sufficient capital to absorb losses and continue operations during adverse economic conditions.

We are also subject to supervisory and company-run stress testing requirements (also known as the Dodd-Frank Act stress tests (“DFAST”)). DFAST is a forward-looking exercise conducted by the Federal Reserve and each covered company to help assess whether a company has sufficient capital to absorb losses and continue operations during adverse economic conditions.

We also explore opportunities to acquire technology companies and related assets to improve our information technology infrastructure and to deliver on our digital strategy. We may issue equity or debt to fund our acquisitions. In addition, we regularly consider the potential disposition of certain of our assets, branches, partnership agreements or lines of business.

Federal bankruptcy and state debtor relief and collection laws may also affect the ability of a bank, including the Bank, to collect outstanding balances owed by borrowers. Debit Card Interchange Fees and Transaction Processing As an issuer of credit and debit cards, the Bank earns interchange fees, which are paid by merchants, when customers use its cards.

Federal bankruptcy and state debtor relief and collection laws may also affect the ability of a bank, including the Bank, to collect outstanding balances owed by borrowers. Debit Card Interchange Fees For debit cards issued on networks not owned by the Company, the Bank earns interchange fees when customers use its debit cards to make transactions at merchants.

Capital One Financial Corporation and its subsidiaries (the “Company” or “Capital One”) offer a broad array of financial products and services to consumers, small businesses and commercial clients through digital channels, branch locations, cafés and other distribution channels. As of December 31, 2024, Capital One Financial Corporation’s principal operating subsidiary was Capital One, National Association (“CONA”).

Capital One Financial Corporation and its subsidiaries (the “Company” or “Capital One”) operate as a global payments provider and diversified financial institution, delivering a broad array of financial products and services to consumers, small businesses and commercial clients through digital channels, branch locations, cafés and other distribution channels.

We believe that the continued development and integration of these systems is an important part of our efforts to reduce costs, improve quality and security and provide faster, more flexible technology services. Consequently, we frequently consider our capabilities and develop or acquire systems, processes and competencies to meet our unique business requirements.

We believe that the continued adoption, development and integration of these technologies is an important part of our efforts to reduce costs, improve quality and security and provide faster, more flexible technology services.

Our customers typically include companies with annual revenues between $20 million and $2 billion. Customer usage and payment patterns, estimates of future expected credit losses, levels of marketing expense and operating efficiency all affect our profitability.

Customer usage and payment patterns, estimates of future expected credit losses, levels of marketing expense and operating efficiency all affect our profitability.

We are committed to implementing safeguards designed to protect our customers’ information, as well as our own information and technology. For additional information on our risks associated with cybersecurity and our use of technology systems and our management of these risks, please see “Item 1A.

For additional information on our risks associated with cybersecurity and our use of technology systems and our management of these risks, please see “Item 1A.

… 115 more changes not shown on this page.

Item 1A. Risk Factors

Risk Factors — what could go wrong, per management

180 edited+131 added−48 removed165 unchanged

2024 filing

2025 filing

Biggest changeWe may also encounter significant difficulties in integrating Discover. • Our future results may suffer if we do not effectively manage our expanded operations following the Transaction. • While the Transaction is pending, we will be subject to business uncertainties and contractual restrictions that could adversely affect our business and operations. • Changes and instability in the macroeconomic environment could disrupt capital markets, reduce consumer and business activity, and weaken the labor market, all of which could impact borrowers’ ability to service their debt obligations and adversely impact our financial results. • Fluctuations in interest rates could adversely affect our business, results of operations and financial condition. • We may not be able to maintain adequate sources of funding and liquidity to operate our business. 22 Capital One Financial Corporation (COF) Table of Contents • We may experience increases in delinquencies and credit losses, or we may incorrectly estimate expected losses, which could result in inadequate reserves. • We may not be able to maintain adequate capital or liquidity levels or may become subject to revised capital or liquidity requirements, which could have a negative impact on our financial results and our ability to return capital to our stockholders. • Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase our common stock. • A downgrade in our credit ratings could significantly impact our liquidity, funding costs and access to the capital markets. • We face risks related to our operational, technological and organizational infrastructure . • A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions . • We face risks resulting from the extensive use of models and data, as well as from our evolving use of AI . • Fraudulent activity associated with our products could cause our fraud losses to increase, the use of our products to decrease and our brands to suffer reputational damage, all of which could have a material adverse effect on our business. • Compliance with new and existing domestic and foreign laws, regulations and regulatory expectations is costly and complex, and any significant changes may adversely affect our business. • Our required compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties, may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities. • Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. • We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operations. • Our business, financial condition and results of operations may be adversely affected by legislation, regulation and merchants’ efforts to reduce the interchange fees charged by credit and debit card networks to facilitate card transactions. • If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. • We may fail to realize the anticipated benefits of our mergers, acquisitions and strategic partnerships. • Reputational risk and social factors may impact our results and damage our brand. • If we are not able to protect our intellectual property rights, or we violate third-party intellectual property rights, our revenue and profitability could be negatively affected. • Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. • Our business could be negatively affected if we are unable to attract, develop, retain and motivate key senior leaders and skilled employees. • We face risks from catastrophic events. • Climate change manifesting as physical or transition risks could adversely affect our businesses, operations and customers and result in increased costs. 23 Capital One Financial Corporation (COF) Table of Contents • We face risks from the use of or changes to assumptions or estimates in our financial statements. • The soundness of other financial institutions and other third parties, actual or perceived, could adversely affect us.

Biggest changeThis could result in increased fraud loss, operational cost, customer dissatisfaction, reputational damage and/or constrained revenue growth for us. • Compliance with new and existing domestic and foreign laws, regulations and regulatory expectations is costly and complex, and any significant changes may adversely affect our business. • Our required compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties, may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities. • Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. • We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operations. • A change in market preference towards other operators of payment networks and alternative payment providers could result in reduced transaction volume, limited merchant acceptance of our cards and limited issuance of cards on our networks by third parties, and in turn may impact our revenue margins. 23 Capital One Financial Corporation (COF) Table of Contents • If we are unsuccessful in creating and maintaining a strong base of network licensees and achieving meaningful global card acceptance, we may be unable to achieve long-term success in our recently acquired international network business. • Our business, financial condition and results of operations may be adversely affected by legislation, regulation and merchants’ efforts to reduce the fees (including the interchange component) charged by credit and debit card networks and acquirers to facilitate card transactions. • A reduction in the number of large merchants that accept cards on our recently acquired Discover Network or PULSE Network or in the rates they pay could materially adversely affect our business, financial condition, results of operations and cash flows. • Defaults or risks from bankruptcies, liquidations, restructurings, consolidations and outages by our network participants may adversely affect our business, financial condition, cash flows and results of operations. • If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. • We may fail to realize the anticipated benefits of our mergers, acquisitions and strategic partnerships. • Reputational risk and social factors may impact our results and damage our brand. • If we are not able to protect our intellectual property rights, or we violate third-party intellectual property rights, our revenue and profitability could be negatively affected. • Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. • Our business could be negatively affected if we are unable to attract, develop, retain and motivate key senior leaders and skilled employees. • We face risks from catastrophic events. • Climate change manifesting as physical or transition risks could adversely affect our businesses, operations and customers and result in increased costs. • We face risks from the use of or changes to assumptions or estimates in our financial statements. • The soundness of other financial institutions and other third parties, actual or perceived, could adversely affect us.

See “ We face risks resulting from the extensive use of models and data, as well as our evolving use of AI. ” • Inaccurate Underwriting : Our ability to accurately assess the creditworthiness of our customers may diminish, which could result in an increase in our credit losses and a deterioration of our returns.

See “ We face risks resulting from the extensive use of models and data, as well as from our evolving use of AI. ” • Inaccurate Underwriting : Our ability to accurately assess the creditworthiness of our customers may diminish, which could result in an increase in our credit losses and a deterioration of our returns.

An economic downturn or prolonged period of slow economic growth in, or a catastrophic event or natural disaster that disproportionately affects the Northeast region could have a material adverse effect on the performance of our commercial real estate loan portfolio and our results of operations. In addition, our Commercial Banking strategy includes an industry-specific focus.

An economic downturn, prolonged period of slow economic growth, catastrophic event or natural disaster that disproportionately affects the Northeast region could have a material adverse effect on the performance of our commercial real estate loan portfolio and our results of operations. In addition, our Commercial Banking strategy includes an industry-specific focus.

These risks include, but are not limited to, particular or specific regulatory, accounting, operational, reputational and industry risks, any of which could have a material adverse effect on our results of operations or financial condition. For example, we may face challenges associated with integrating other companies due to differences in corporate culture, compliance systems or standards of conduct.

These risks include, but are not limited to, particular or specific litigation, regulatory, accounting, operational, reputational and industry risks, any of which could have a material adverse effect on our results of operations or financial condition. For example, we may face challenges associated with integrating other companies due to differences in corporate culture, compliance systems or standards of conduct.

This competitive environment is primarily a result of changes in technology, product delivery systems and regulation, as well as the emergence of new or significantly larger financial services providers, all of which may affect our customers’ expectations and demands. In addition to offering competitive products and services, we invest in and conduct marketing campaigns to attract and inform customers.

This competitive environment is a result of changes in technology, product delivery systems and regulation, as well as the emergence of new or significantly larger financial services providers, all of which may affect our customers’ expectations and demands. In addition to offering competitive products and services, we invest in and conduct marketing campaigns to attract and inform customers.

If actual results differ from the assumptions, judgments or estimates underlying our financial statements or if financial accounting and reporting standards are changed, we may experience unexpected material losses. For a discussion of our use of estimates in the preparation of our consolidated financial statements, see “Part II—Item 7. MD&A—Critical Accounting Policies and Estimates” and “Part II—Item 8.

Merchants continue to lobby Congress aggressively for legislation that would require additional routing requirements for credit cards that are issued on four-party networks, like Visa or MasterCard, which could create a downward pressure on interchange fees should their efforts be successful.

Merchants also continue to lobby Congress aggressively for legislation that would require additional routing requirements for credit cards that are issued on four-party networks, like Visa or Mastercard, which could create a downward pressure on interchange fees should their efforts be successful.

As our employees are operating under our hybrid work model, our remote interaction with employees, service providers, partners and other third parties on systems, networks and environments over which we have less control (such as through employees’ personal devices) increases our cybersecurity risk exposure.

As our employees and contractors are operating under our hybrid work model, our remote interaction with employees, service providers, partners and other third parties on systems, networks and environments over which we have less control (such as through employees’ personal devices) increases our cybersecurity risk exposure.

Our credit ratings are based on a number of factors, including financial strength, as well as factors not within our control, including conditions affecting the financial services industry generally, the macroeconomic environment and changes made by rating agencies to their methodologies or ratings criteria.

Our credit ratings are based on a number of factors, including financial strength, as well as factors not within our control, such as conditions affecting the financial services industry generally, the macroeconomic environment and changes made by rating agencies to their methodologies or ratings criteria.

For example, when we launch a new product, service or platform for the delivery or distribution of products or services, acquire or invest in a business or make changes to an existing product, service or delivery platform, there is the risk of execution issues related to changes to operations or processes.

The technologies underlying AI and its uses are subject to a variety of laws and regulations, including intellectual property, privacy, data protection and data security, consumer protection, competition, and equal opportunity laws, and are expected to be subject to increased regulation and new laws or new applications of existing laws and regulations.

The technologies underlying AI and its uses are subject to a variety of laws and regulations, including intellectual property, privacy, data protection and data security, consumer protection, competition and equal opportunity laws and regulations. They are expected to be subject to increased regulation and new laws or new applications of existing laws and regulations.

Additional risks could arise in connection with any failure or perceived failure by us, our service providers or other third parties with which we do business to provide adequate disclosure or transparency to individuals, including our customers, about the personal information collected from them and its use, to receive, document or honor the privacy preferences expressed by individuals, to protect personal information from unauthorized disclosure, or to maintain proper training on privacy practices for all employees or third parties who have access to personal information in our possession or control.

Additional risks could arise in connection with any failure or perceived failure by us, our service providers or other third parties with which we do business to provide adequate disclosure or transparency to individuals, including our customers, about the personal information collected from them and its use, to receive, document or honor the privacy preferences expressed by individuals, to protect personal information from unauthorized disclosure, misuse or mishandling or to maintain proper training on privacy practices for all employees or third parties who have access to personal information in our possession or control.

Interchange fees are the amounts established by credit and debit card networks for the purpose of compensating debit and credit card issuers for their role in facilitating card transactions and are a meaningful source of revenue for our credit and debit card businesses.

Interchange fees are the amounts established by credit and debit card networks for the purpose of compensating unaffiliated debit and credit card issuers for their role in facilitating card transactions and are a meaningful source of revenue for our credit and debit card businesses.

The methods and techniques employed by malicious actors continue to develop and evolve rapidly, including from emerging technologies, such as advanced forms of AI and quantum computing, are increasingly sophisticated and often are not fully recognized or understood until after they have occurred, and some techniques could occur and enable persistent access for an extended period of time before being detected and remediated, if at all.

The methods and techniques employed by malicious actors continue to develop and evolve rapidly, including from emerging technologies, such as AI and quantum computing, are increasingly sophisticated and often are not fully recognized or understood until after they have occurred, and some techniques could occur and enable persistent access for an extended period of time before being detected and remediated, if at all.

Furthermore, political and policy goals of elected officials may change over time, which could impact the rulemaking, supervision, examination and enforcement priorities of the Federal Banking Agencies.

Furthermore, political and policy goals of elected and appointed officials may change over time, which could impact the rulemaking, supervision, examination and enforcement priorities of the Federal Banking Agencies.

In our auto business, business and economic conditions that negatively affect household incomes and savings, housing prices and consumer behavior, as well as technological advances that make older cars obsolete faster, could decrease (i) the demand for new and/or used vehicles and (ii) the value of the collateral underlying our portfolio of auto loans, which could cause the number of consumers who become delinquent or default on their loans to increase. • Geographic and Industry Concentration : Although our consumer lending is geographically diversified, approximately 38.1% of our commercial real estate loan portfolio is concentrated in the Northeast region.

In our auto business, business and economic conditions that negatively affect household incomes and savings, housing prices and consumer behavior, as well as technological advances that make older cars obsolete faster, could decrease (i) the demand for new and/or used vehicles and (ii) the value of the collateral underlying our portfolio of auto loans, which could cause the number of consumers who become delinquent or default on their loans to increase. • Geographic and Industry Concentration : Although our consumer lending is geographically diversified, approximately 36% of our commercial real estate loan portfolio is concentrated in the Northeast region.

Such market changes could also have a negative impact on the valuation of assets for which we provide servicing. See “Part II—Item 7. MD&A—Market Risk Profile” and “ We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operation ” for additional information.

Some of our competitors, including new and emerging competitors in the digital and mobile payments space and other financial technology providers, are not subject to the same regulatory requirements or scrutiny to which we are subject, which also could place us at a competitive disadvantage, in particular in the development of new technology platforms or the ability to rapidly innovate.

Some of our competitors, including new and emerging competitors in the digital and mobile payments space and other financial technology providers and payment networks, are not subject to the same regulatory requirements or scrutiny to which we are subject, which also could place us at a competitive disadvantage, in particular in the development of new technology platforms or the ability to rapidly innovate.

In addition, significant increases in fraudulent activity could lead to regulatory intervention or other actions (such as mandatory card reissuance) and reputational and financial damage to our brands, which could negatively impact the use of our deposit accounts and cards and which could have a material adverse effect on our business.

In addition, significant increases in fraudulent activity could lead to regulatory intervention or other actions (such as mandatory card reissuance) and reputational and financial damage to our brands, which could negatively impact the use of our deposit accounts, cards and networks, any of which could have a material adverse effect on our business.

While we have assumed that a certain level of costs will be incurred, there are many factors beyond our control that could affect the total amount or the timing of these expenses. Moreover, many of the expenses that we will incur are, by their nature, difficult to estimate accurately.

While we have assumed that a certain level of costs will be incurred, many of the expenses that we will incur are, by their nature, difficult to estimate accurately. Moreover, there are many factors beyond our control that could affect the total amount or the timing of integration expenses.

See “ We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operation. ” Further, our success depends on our ability to attract and retain strong digital and technology leaders, engineers and other specialized personnel.

See “ We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operations .” Further, our success depends on our ability to attract and retain strong digital and technology leaders, engineers and other specialized personnel.

Further, there is increased scrutiny of climate change-related policies, goals and disclosures, which could result in litigation and regulatory investigations and actions. We may incur additional costs and require additional resources as we evolve our strategy, practices and related disclosures with respect to these matters.

Further, there may be increased scrutiny of climate change-related policies, goals and disclosures, which could result in litigation and regulatory investigations and actions. We may incur additional costs and require additional resources as we evolve our strategy, practices and related disclosures with respect to these matters.

Our efforts to comply with GLBA, FCRA, CCPA, PIPEDA and provincial privacy laws, EU GDPR, U.K.

Our efforts to comply with the GLBA, the FCRA, the CCPA, the PIPEDA and provincial privacy laws, EU GDPR, U.K.

Our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports our business and the communities where we are located, which are concentrated in the Northern Virginia and New York metropolitan areas, Richmond, Virginia and Plano, Texas.

Our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports our business and the communities where we are located, which are concentrated in the Northern Virginia, New York and Chicago metropolitan areas, Richmond, Virginia, Plano, Texas and the Philippines.

While we continuously update our policies, programs, processes and practices, many of our data management, modeling, AI, aggregation and implementation processes are manual and may be subject to human error, data limitations, process delays or system failure.

While we continuously update our policies, programs, processes and risk management practices, many of our data management, modeling, AI, aggregation and implementation processes are manual. They may be subject to human error, data limitations, process delays or system failure.

Our ability to provide our products and services and communicate with our customers, depends upon the management and safeguarding of information systems and infrastructure, networks, software, data, technology, methodologies and business secrets, including those of our service providers.

Our ability to provide our products and services and communicate with our customers and network participants depends upon the management and safeguarding of information systems and infrastructure, networks, software, data, technology, methodologies and business secrets, including those of our service providers.

Retailers may continue to bring legal proceedings against us or other credit card and debit card issuers and networks in the future. Beyond pursuing legislation, regulation and litigation, merchants may also promote forms of payment with lower fees or seek to impose surcharges or discounts at the point of sale for use of credit or debit cards.

Retailers may continue to bring legal proceedings against us or other credit card and debit card issuers and networks in the future. Beyond pursuing legislation, regulation and litigation, merchants may also promote forms of payment with lower fees, as noted above, or seek to impose surcharges or discounts at the point of sale for use of credit or debit cards.

Violations of law by other financial institutions may also result in increased regulatory scrutiny of our business. Applicable rules and regulations may affect us disproportionately compared to our competitors or in an unforeseen manner.

Violations of law by other financial institutions may also result in increased regulatory scrutiny of our business. Applicable laws and regulations may affect us disproportionately compared to our competitors or in an unforeseen manner.

These expenses may result in us recording increased expenses as a result of the Transaction or the integration of Discover, and the amount and timing of such charges are uncertain at the present and could exceed initial estimates.

These expenses may result in us recording increased expenses as a result of the integration of Discover, and the amount and timing of such charges are uncertain at the present and could exceed initial estimates.

We operate in a highly competitive environment across all of our lines of business, whether in making loans, attracting deposits or in the global payments industry, and we expect competitive conditions to continue to intensify with respect to most of our products particularly in our credit card and consumer banking businesses.

We operate in a highly competitive environment across all of our lines of business, whether in making loans, attracting deposits or in the global payments industry, and we expect competitive conditions to continue to intensify with respect to most of our products, particularly in our card, payment network and consumer banking businesses.

Additionally, partners themselves may face changes in their business, including market factors and ownership changes, that could impact the partnership or they may make changes to the products and services they offer, which may lower the value of our products, such as the cobranded cards we issue to our customers.

Additionally, partners themselves may face changes in their business, including market factors and ownership changes, that could impact the partnership, or they may make changes to the products and services they offer, which may lower the value of our products, such as the co-branded cards we issue to our customers.

For example, changes to applicable capital, liquidity, or other regulations, such as the changes proposed in the Basel III Finalization Proposal and the LTD Proposal, could result in increased regulatory capital requirements, operating expenses or cost of funding, which could negatively affect our financial results or our ability to distribute capital.

For example, changes to applicable capital, liquidity or other regulations, such as the Basel III Finalization Proposal, could result in increased regulatory capital requirements, operating expenses or cost of funding, which could negatively affect our financial results or our ability to distribute capital.

This, in turn, could lead to restrictions on our ability to pay dividends and engage in repurchases of our common stock. See “Item 1. Business—Supervision and Regulation” for additional information. We also consider various factors in the management of liquidity, including maintaining sufficient liquid assets to meet the requirements of several internal and regulatory stress tests.

This, in turn, could lead to restrictions on our ability to pay dividends and engage in repurchases of our common stock. See “Part I—Item 1. Business—Supervision and Regulation” for additional information. We also consider various factors in the management of liquidity, including maintaining sufficient liquid assets to meet the requirements of several internal and regulatory stress tests.

We compete with many forms of payments offered by both bank and non-bank providers, including a variety of new and evolving alternative payment mechanisms, systems and products, such as aggregators and web-based and wireless payment platforms or technologies, digital or cryptocurrencies, prepaid systems and payment services targeting users of social networks, communications platforms and online gaming.

We compete with many forms of payments offered by both bank and non-bank providers, including a variety of new and evolving alternative payment mechanisms, systems and products, such as aggregators and web-based and wireless payment platforms or technologies, digital currencies or cryptocurrencies (including stablecoins and tokenized deposits), prepaid systems and payment services targeting users of social networks, communications platforms and online gaming.

Negative public opinion or damage to our brand could also result from actual or alleged conduct in any number of activities or circumstances, including lending practices, regulatory compliance, cyber-attacks or other security incidents, corporate governance and sales and marketing, and from actions taken by regulators or other persons in response to such conduct.

Negative public opinion or damage to our brand could also result from actual or alleged conduct in any number of activities or circumstances, including lending and payment network practices, regulatory compliance, cyber-attacks or other security incidents, accounting issues, corporate governance and sales and marketing, and from actions taken by regulators or other persons in response to such conduct.

Additionally, estimations used in climate risk assessments have an increased level of uncertainty due to limited historical trend information and the absence of standardized, reliable and comprehensive greenhouse gas emissions data across the industry, which could cause these risk assessments to vary significantly over time or actual risks to vary from our assessments.

Additionally, estimations used in climate reporting and climate-related risk assessments have an increased level of uncertainty due to limited historical trend information and the absence of standardized, reliable and comprehensive greenhouse gas emissions data across the economy, which could cause these risk assessments to vary significantly over time or actual risks to vary from our assessments.

The failure of other banks and financial institutions and the measures taken by governments, businesses and other organizations in response to these events could adversely impact our business, financial condition and results of operations. For information on the FDIC’s special assessment following the closures of Silicon Valley Bank and Signature Bank, see “Item 1.

Additionally, increased charge-offs, rising interest rates, increased refinancing activity and other events may cause our securitization transactions to amortize earlier than scheduled or reduce the value of the securities that we hold for liquidity purposes, which could accelerate our need for additional funding from other sources.

Additionally, increased charge-offs, interest rate volatility, increased refinancing activity and other events may cause our securitization transactions to amortize earlier than scheduled or reduce the value of the securities that we hold for liquidity purposes, which could accelerate our need for additional funding from other sources.

Any disruptions, failures or inaccuracies of our operational processes, technology systems, networks and models, including those associated with improvements or modifications to such technology systems, networks and models, or failure to identify or effectively respond to operational risks in a timely manner and continue to deliver our services through an operational disruption, could cause us to be unable to market and manage our products and services, manage our risk, meet our regulatory obligations or report our financial results in a timely and accurate manner, all of which could have a negative impact on our results of operations.

Any disruptions, failures or inaccuracies of our operational processes, technology systems, networks and models, including those associated with improvements or modifications to such technology systems, networks and models, or failure to identify or effectively respond to operational risks in a timely manner and continue to deliver our services through an operational disruption, could cause us to be unable to market, deliver and manage our products and services, manage our risk, meet our regulatory obligations, report our financial results in a timely and accurate manner, or pay our debts in a timely manner (which could limit our access to future funding), all of which could have a negative impact on our results of operations.

Some of our competitors have developed, or may develop, substantially greater financial and other resources than we have, may offer richer value propositions or a wider range of programs and services than we offer, or may use more effective advertising, marketing or cross-selling strategies to acquire and retain more customers, capture a greater share of spending and borrowings, attain and develop more attractive co-brand card programs and maintain greater merchant acceptance than we have.

Some of our competitors have developed, or may develop, substantially greater financial and other resources than we have, may offer richer value propositions or a wider range of programs and services than we offer, or may use more effective advertising, marketing or cross-selling strategies to acquire and retain more customers, capture a greater share of spending and borrowings, attain and develop more attractive co-brand card programs, obtain more favorable terms with merchants and maintain greater merchant acceptance than we have.

For example, generative AI has been known to produce false or “hallucinatory” inferences or output, and certain generative AI uses machine learning and predictive analytics, which can create inaccurate, incomplete or misleading output, unexpected results, errors or inadequacies, any of which may not be easily detectable.

For example, generative AI has been known to produce false or “hallucinatory” inferences or output. Certain generative AI tools use machine learning and predictive analytics, which can create inaccurate, incomplete or misleading outputs; unexpected results; or errors or inadequacies, any of which may not be easily detectable.

The heightened focus by legislative and regulatory bodies on the fees charged by credit and debit card networks, and the ability of certain merchants to successfully pursue litigation, negotiate discounts to interchange fees with payment networks or develop alternative payment systems could result in a loss of income from interchange fees.

The heightened focus by legislative and regulatory bodies on the fees charged by credit and debit card networks, including on prepaid cards, and the ability of certain merchants to successfully pursue litigation, negotiate discounts to interchange fees or discount rates with payment networks or develop alternative payment systems could result in a loss of income from interchange fees.

Any merger, acquisition, disposition or strategic partnership we undertake entails certain risks, which may materially and adversely affect our results of operations.

Any merger, acquisition, disposition or strategic partnership we undertake, including the Transaction, entails certain risks, which may materially and adversely affect our results of operations.

Additionally, interest rate fluctuations and competitor responses to those changes may have a material adverse effect on our financial condition and results of operations, as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, reduce demand for credit or (for existing customers) the level of borrowing or purchase activity.

Additionally, interest rate fluctuations and competitor responses to those changes may have a material adverse effect on our financial condition and results of operations, as customers or commercial clients default on their loans, maintain lower deposit 27 Capital One Financial Corporation (COF) Table of Contents levels or, in the case of credit card accounts, reduce demand for credit or (for existing customers) the level of borrowing or purchase activity.

Furthermore, because AI technology itself is highly complex and rapidly developing, it is not possible to predict all of the legal, operational, competitive or technological risks that may arise relating to the use of AI.

Failure to manage data effectively and to aggregate data in an accurate and timely manner may limit our ability to manage current and emerging risk, to produce accurate financial, regulatory and operational reporting as well as to manage changing business needs.

Failure to manage data effectively and to aggregate data in an accurate and timely manner may limit our ability to manage current and emerging risks; to produce accurate financial, regulatory and operational reporting; and to manage changing business needs.

Some of the decisions that our regulators make could be affected adversely due to the perception that the quality of the data, models and AI used to generate the relevant information is insufficient. In addition, regulation of AI is rapidly evolving worldwide as legislators and regulators are increasingly focused on these powerful emerging technologies.

Some of the decisions that our regulators make could be adversely affected if their perception is that the quality of the data, models and AI used to generate the information is insufficient. The regulation of AI is rapidly evolving worldwide as legislators and regulators are increasingly focused on these powerful, emerging technologies.

We may fail to realize the anticipated benefits of the proposed Transaction, including, among other things, anticipated revenue and cost synergies, due to factors that may be outside either party’s control.

We may fail to realize the anticipated benefits of the Transaction, including, among other things, anticipated revenue and cost synergies, due to factors that may be outside our control.

We engage in merger and acquisition activity and enter into strategic partnerships from time to time. We continue to evaluate and anticipate engaging in, among other merger and acquisition activity, additional strategic partnerships, selected acquisitions of financial institutions, and acquisitions or divestitures of other businesses or assets, including credit card and other loan portfolios.

We continue to evaluate and anticipate engaging in, among other merger and acquisition activity, additional strategic partnerships, selected acquisitions of financial institutions, and acquisitions or divestitures of other businesses or assets, including credit card and other loan portfolios.

We face risks from the use of or changes to assumptions or estimates in our financial statements. Pursuant to generally accepted accounting principles in the U.S. (“U.S.

We face risks from the use of or changes to assumptions or estimates in our financial statements. Pursuant to generally accepted accounting principles in the United States of America (“U.S.

Operational Risk We face risks related to our operational, technological and organizational infrastructure. Our ability to retain and attract customers depends on our ability to develop, operate, and adapt our technology and organizational infrastructure in a rapidly changing environment. In addition, we must accurately process, record and monitor an increasingly large number of complex transactions.

Our ability to retain and attract customers depends on our ability to develop, operate and adapt our technology and organizational infrastructure in a rapidly changing environment. In addition, we must accurately process, record and monitor an increasingly large number of complex transactions.

If our marketing campaigns are unsuccessful, it may adversely impact our ability to attract new customers and grow market share.

If our marketing campaigns are unsuccessful, it may adversely impact our ability to attract new customers and grow our business.

New payment systems, particularly mobile-based payment technologies, could also gain widespread adoption and lead to issuer transaction fees or the displacement of credit or debit cards as a payment method.

New payment systems, particularly mobile-based payment technologies and digital currencies and cryptocurrencies (including stablecoins), could also gain widespread adoption and lead to issuer transaction fees or the displacement of credit or debit cards as a payment method.

Failure to comply with these laws and regulations and effectively navigate this complex regulatory landscape, even if the failure is inadvertent, results from human error or reflects a difference in interpretation or conflicting legal requirements, could subject 35 Capital One Financial Corporation (COF) Table of Contents us to restrictions on our business activities, fines, criminal sanctions and other penalties, and/or damage to our reputation with regulators, our customers or the public.

Failure to comply with these laws and regulations and effectively navigate this complex regulatory landscape, even if the failure is inadvertent, results from human error or reflects a difference in interpretation or conflicting legal requirements, could subject us to restrictions on our business activities, fines, criminal sanctions and other penalties and/or damage to our reputation with regulators, our customers or the public.

In some jurisdictions, such as Canada and certain countries in Europe, including the U.K., interchange fees and related practices are subject to regulatory activity, including in some cases, imposing caps on permissible interchange fees. Our international card businesses have been impacted by these restrictions. For example, in the U.K., interchange fees are capped for both credit and debit card transactions.

Such changes may also decrease the reliability of our internal processes and models, including those we use to estimate our allowance for credit losses, 26 Capital One Financial Corporation (COF) Table of Contents particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment.

Such changes may also decrease the reliability of our internal processes and models, including those we use to estimate our allowance for credit losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment.

We consider various factors in the management of capital, including the impact of both internal and supervisory stress scenarios on our capital levels as determined by our internal modeling and the Federal Reserve’s estimation of losses in supervisory stress 29 Capital One Financial Corporation (COF) Table of Contents scenarios that are used to annually set our stress capital buffer requirement.

We consider various factors in the management of capital, including the impact of both internal and supervisory stress scenarios on our capital levels as determined by our internal modeling and the Federal Reserve’s estimation of losses in supervisory stress scenarios that are used to annually set our stress capital buffer requirement.

Given the complex, rapidly changing and competitive technological and business environments in which we operate, if our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation or demands against us, we could lose significant revenues, incur significant license, royalty, technology development or other expenses, or pay significant damages.

Given the complex, 48 Capital One Financial Corporation (COF) Table of Contents rapidly changing and competitive technological and business environments in which we operate, if our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation or demands against us, we could lose significant revenues, incur significant license, royalty, technology development or other expenses, or pay significant damages.

Technologies, systems, networks and other devices of Capital One, as well as those of our employees, service providers, partners and other third parties with whom we interact, have been and may continue to be the subject of cyber-attacks and other security incidents, including computer viruses, hacking, malware, ransomware, denial of service attacks, supply chain attacks, exploitation of vulnerabilities, credential stuffing, account takeovers, insider threats, business email compromise scams or the use of phishing, vishing (through voice messages), smishing (through SMS text), “deep fakes”, or other forms of social engineering.

Technologies, systems, networks and other devices of Capital One, as well as those of our employees, service providers, insiders, customers, partners, network participants, including merchants, and other third parties with whom we interact, have been and may continue to be the subject of cyber-attacks and other security incidents, including computer viruses, hacking, 33 Capital One Financial Corporation (COF) Table of Contents malware, ransomware, denial of service attacks, supply chain attacks, exploitation of vulnerabilities, credential stuffing, account takeovers, insider threats, business email compromise scams or the use of phishing, vishing (through voice messages), smishing (through SMS text), “deep fakes,” or other forms of social engineering.

Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry.

Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. 39 Capital One Financial Corporation (COF) Table of Contents Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry.

If we experience greater than anticipated costs to integrate acquired businesses into our existing operations, or are not able to achieve the anticipated benefits of any merger, acquisition or strategic partnership, including cost savings and other synergies, our business could be negatively affected.

If we experience greater than anticipated costs to integrate 46 Capital One Financial Corporation (COF) Table of Contents acquired businesses into our existing operations, or are not able to achieve the anticipated benefits of any merger, acquisition or strategic partnership, including cost savings and other synergies, our business could be negatively affected.

If future attacks are successful or if customers are unable to access their accounts online for other 33 Capital One Financial Corporation (COF) Table of Contents reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services.

If future attacks are successful or if customers are unable to access their accounts online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services.

Such events could lead to financial losses or disrupt our operations or those of our customers or third parties on which we rely, including through direct damage to assets and indirect impacts from supply chain disruption and market volatility.

Such events could 50 Capital One Financial Corporation (COF) Table of Contents lead to financial losses or disrupt our operations or those of our customers or third parties on which we rely, including through direct damage to assets and indirect impacts from supply chain disruption and market volatility.

Interchange fees are a revenue source that, for example, covers the issuer’s costs associated with credit and debit card payments, fund rewards programs, help fund anti-fraud measures, management and dispute costs and fund competition and innovation.

Interchange fees are a revenue source that, for example, covers issuers’ costs associated with credit and debit card payments, funds rewards programs, helps fund anti-fraud measures, management and dispute costs and funds competition and innovation.

If our Framework is ineffective, we could suffer unexpected losses which could materially adversely affect our results of operation or financial condition. Also, any information we provide to the public or to our regulators based on incorrectly designed or implemented models or AI could be inaccurate or misleading.

If our Framework is ineffective, we could suffer unexpected losses, which could materially adversely affect our results of operation or financial condition. 36 Capital One Financial Corporation (COF) Table of Contents Any information we provide to the public or to our regulators based on incorrectly designed/implemented models or AI could be inaccurate or misleading.

In addition, due to divergent views of stakeholders, we are at increased 44 Capital One Financial Corporation (COF) Table of Contents risk that any action, or lack thereof, by us concerning our response to climate change could be perceived negatively by some stakeholders, which could adversely impact our reputation and businesses.

In addition, due to divergent views of stakeholders, we are at increased risk that any action, or lack thereof, by us concerning our response to climate change could be perceived negatively by some stakeholders, which could adversely impact our reputation and businesses.

The publication of our 36 Capital One Financial Corporation (COF) Table of Contents privacy policies and other statements that provide promises and assurances about privacy, data protection and data security can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices.

The publication of our privacy policies and other statements that provide promises and assurances about privacy, data protection and data security can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices.

As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions.

As a result, defaults by, or even rumors or questions 51 Capital One Financial Corporation (COF) Table of Contents about, one or more financial services institutions, or the financial services industry generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions.

Our ability to attract, develop and retain qualified employees is also affected by perceptions of our culture and management, including our position on remote and hybrid work arrangements, our profile in the regions where we have offices and the professional opportunities we offer.

Our ability to attract, develop and retain qualified employees or effectively transition key roles in connection with the Transaction is also affected by perceptions of our culture and management, including our position on remote and hybrid work arrangements, our profile in the regions where we have offices and the professional opportunities we offer.

Moreover, the speed with which information spreads through news, social media and other sources on the Internet and the ease with which customers transact may amplify the onset and negative effects from such perceptions, such as rapid deposit withdrawals or other outflows. 45 Capital One Financial Corporation (COF) Table of Contents Item 1B. Unresolved Staff Comments None.

For example, debit card transactions on three-party networks—comprising the cardholder, merchant and network provider—could become subject to the Federal Reserve’s Regulation II limitation on interchange fees or its prohibition on network exclusivity, and other changes in laws or regulation could impose additional limitations on the fees issuers or networks can charge on debit or credit card transactions or require merchants to be provided an alternative network for transaction routing, any of which may have an adverse effect on our business.

For example, debit card transactions on three-party networks could become subject to the Federal Reserve’s Regulation II (Debit Card Interchange Fees and Routing) requirements, and other changes in laws or regulations or in the interpretation of existing laws or regulations could impose additional limitations on the fees issuers or networks can charge on debit or credit card transactions or require merchants to be provided an alternative network for transaction routing, any of which may have an adverse effect on our business.

Other factors that may impact our ability to achieve the anticipated benefits of the proposed Transaction include the outcome of any legal or regulatory proceedings that may be currently pending or later instituted against us (before or after completion of the Transaction) or against Discover, including those related to Discover’s card product misclassification issue.

Other factors that also may impact our ability to achieve the anticipated benefits of the Transaction include the outcome of any legal or regulatory proceedings that may be currently pending or later instituted against us, including those related to the Card Product Misclassification.

There can be no assurance that unauthorized access or cyber incidents similar to the 2019 Cybersecurity Incident will not occur or that we will not suffer material losses in the future.

There can be no assurance that unauthorized access or cyber incidents will not occur or that we will not suffer material losses in the future.

Moreover, new regulations may require us to publicly disclose certain information about certain cybersecurity incidents before they have been resolved or fully investigated, and any delays in receiving timely information from impacted service providers and business partners can affect our ability to fully meet applicable disclosure requirements for a given incident.

Moreover, we are subject to varied cybersecurity laws and regulations and incident reporting requirements, and may in the future be subject to new cybersecurity laws and regulations and incident reporting requirements, which could require us to publicly disclose certain information about certain cybersecurity incidents before they have been resolved or fully investigated, and any delays in receiving timely information from impacted service providers and business partners can affect our ability to fully meet applicable disclosure requirements for a given incident.

We have substantially migrated primarily all aspects of our core information technology systems and customer-facing applications to third-party cloud infrastructure platforms, principally AWS.

Other than the ongoing integration of Discover, we have substantially migrated primarily all aspects of our core information technology infrastructure and systems and customer-facing applications to third-party cloud infrastructure platforms, principally AWS.

We and our service providers and other third parties with which we interact may be unable to anticipate or identify certain attack methods or techniques in order to implement effective preventative or detective measures or mitigate or remediate the damages caused in a timely manner.

We and our service providers and other third parties with which we interact may be unable to anticipate or identify certain attack methods or techniques in order to implement effective 34 Capital One Financial Corporation (COF) Table of Contents preventative or detective measures or mitigate or remediate the damages caused in a timely manner.

Any failure to maintain our infrastructure or prevent disruption of our systems, networks and applications could diminish our ability to operate our businesses, service customer accounts and protect customers’ information, or result in potential liability to customers, reputational damage, regulatory intervention and customers’ loss of confidence in our businesses, any of which could result in a material adverse effect.

Any failure to maintain our infrastructure or prevent disruption of our systems, networks and applications could diminish our ability to operate our businesses, service customer accounts and protect customers’ information, or pay our debts in a timely manner (which could limit our access to future funding), or result in potential liability to customers and business partners, reputational damage, regulatory intervention and customers’ loss of confidence in our businesses, any of which could result in a material adverse effect.

An actual, suspected, threatened or alleged disruption or breach, including as a result of a cyber-attack such as the 2019 Cybersecurity Incident, or media (including social media) reports of alleged or perceived security vulnerabilities or incidents at Capital One or at our service providers, could result in significant legal and financial exposure, regulatory intervention, litigation, enforcement actions, remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business.

An actual, suspected, threatened or alleged disruption or breach, including as a result of a cyber-attack, or media (including social media) reports of alleged or perceived security vulnerabilities or incidents at Capital One or at our service providers, could result in significant legal and financial exposure, regulatory intervention, litigation, enforcement actions, remediation costs, card reissuance, inability to timely pay our debts (and consequently limit our access to future funding), operational disruptions, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business.

Any of these parties may attempt to fraudulently induce employees, service providers, customers, partners or other third-party users of our systems or networks to disclose confidential 32 Capital One Financial Corporation (COF) Table of Contents or sensitive information (including personal information) in order to gain access to our systems, networks or data or that of our customers, partners, or third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment.

Any of these parties may attempt to fraudulently induce employees, service providers, insiders, customers, partners, network participants, including merchants, or other third-party users of our systems or networks to disclose confidential or sensitive information (including personal information) in order to gain access to our systems, networks or data or that of our customers, partners, network participants, including merchants, or other third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment.

The frequency and size of any future dividends to our stockholders and our stock repurchases will depend upon regulatory limitations imposed by our regulators and our results of operations, financial condition, capital levels, cash requirements, future prospects, regulatory review and other factors as further described in “Item 1.

The frequency and size of any future dividends to our stockholders and our stock repurchases will depend upon any applicable regulatory requirements and our results of operations, financial condition, capital levels, cash requirements, future prospects, regulatory review and other factors as further described in “Part I—Item 1.

… 279 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

15 edited+4 added−1 removed16 unchanged

2024 filing

2025 filing

Biggest changeOur CIO has been with the Company for approximately 20 years, during which he has overseen multiple technology transformation initiatives, including the Company’s transition to the public cloud. He holds degrees in physics and business administration from Harvard University.

Biggest changeHe holds a degree in computer science from the Georgia Institute of Technology and a doctorate in computer security from the University of Cambridge. Our CIO has been with the Company for approximately 20 years, during which he has overseen multiple technology transformation initiatives, including the Company’s transition to the public cloud.

Our policies and procedures define an overall, enterprise-wide approach for managing cybersecurity and technology risk. They establish the following process to identify, assess and manage such risks across our three lines of defense: 1.Identification: We evaluate the activities of our lines of business on a regular basis to identify potential cybersecurity and technology risk, including cybersecurity threats and vulnerabilities.

Our policies and procedures define an enterprise-wide approach for managing cybersecurity and technology risk. They establish the following process to identify, assess and manage such risks across our three lines of defense: 1. Identification: We evaluate the activities of our lines of business on a regular basis to identify potential cybersecurity and technology risk, including cybersecurity threats and vulnerabilities.

Risk Factors” under the headings “We face risks related to our operational, technological and organizational infrastructure , ” and “A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions.” Governance The Board of Directors is responsible for providing oversight of our Framework.

Risk Factors ” under the headings “ We face risks related to our operational, technological and organizational infrastructure ” and “A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions.” Governance The Board of Directors is responsible for providing oversight of our Framework.

Risk Factors.” We manage cybersecurity and technology risk at the enterprise level according to our Framework, as described in more detail under “Part II—Item 7. MD&A—Risk Management” in this Report, which uses a three lines of defense model. Our cybersecurity and technology risks are managed programmatically under the “operational risk” category of our Framework.

Risk Factors. ” We manage cybersecurity and technology risk at the enterprise level according to our Framework, as described in more detail under “ Part II — Item 7. MD&A— Risk Management ” in this Report, which uses a three lines of defense model. Our cybersecurity and technology risks are managed programmatically under the “operational risk” category of our Framework.

Our policies and procedures collectively help execute a risk management approach designed to account for cybersecurity threats specifically targeting us, as well as those that may arise from our engagement with business partners, customers, service providers and other third parties.

For cybersecurity and technology risks, our first line of defense includes the following: • Chief Information Security Officer: The CISO establishes and manages the enterprise-wide cybersecurity program. • Chief Information Officer: The CIO oversees the establishment of appropriate governance, processes, and accountabilities within each business area to comply with our internal policies. our second line of defense includes the following: • Chief Technology Risk Officer: The CTRO provides independent oversight of our cybersecurity programs and challenges of first line risk management and risk-taking activities pertaining to cybersecurity and technology risk. 47 Capital One Financial Corporation (COF) Table of Contents • The Executive Risk Committee: This committee provides a forum for our top management to have integrated discussions of risk management across the enterprise, including cybersecurity and technology risk, with the purpose of ensuring prioritization and awareness, encouraging alignment, and coordinating risk management activities among key executives.

For cybersecurity and technology risks, our first line of defense includes the following: • Chief Information Security Officer: The CISO establishes and manages the enterprise-wide cybersecurity program. • Chief Information Officer: The CIO oversees the establishment of appropriate governance, processes and accountabilities within each business area to comply with our internal policies. our second line of defense includes the following: • Chief Technology Risk Officer: The CTRO provides independent oversight of our cybersecurity programs and challenges of first line risk management and risk-taking activities pertaining to cybersecurity and technology risk. • The Executive Risk Committee: This committee provides a forum for our top management to have integrated discussions of risk management across the enterprise, including cybersecurity and technology risk, with the purpose of ensuring prioritization and awareness, encouraging alignment and coordinating risk management activities among key executives.

When appropriate, we leverage partnerships with relevant government entities, law enforcement agencies, and industry information sharing forums, 46 Capital One Financial Corporation (COF) Table of Contents such as the Financial Services Information Sharing and Analysis Center (“FS-ISAC”), to further inform our understanding of the threat environment and how to effectively defend the Company against such threats.

When appropriate, we leverage partnerships with relevant government entities, law enforcement agencies and industry information sharing forums, such as the Financial Services Information Sharing and Analysis Center (“FS-ISAC”), to further inform our understanding of the threat environment and how to effectively defend the Company against such threats.

While no organization can eliminate cybersecurity and technology risk entirely, we devote significant resources to a cybersecurity program designed to mitigate such risks. For further discussion of cybersecurity and technology risk, and related risks for our business, see “Item 1A.

While no organization can eliminate cybersecurity and technology risk entirely, we devote significant resources to a cybersecurity program designed to identify, assess and manage such risks. For further discussion of cybersecurity and technology risk, and related risks for our business, see “ Item 1A.

Management also establishes processes designed to escalate, report, and address risks and deficiencies within different business lines, according to the requirements of our policies. For additional information regarding the escalation of these risks to the Board of Directors, see “Governance” below.

Management also establishes processes designed to escalate, report, and address risks and deficiencies within different business 52 Capital One Financial Corporation (COF) Table of Contents lines, according to the requirements of our policies. For additional information regarding the escalation of these risks to the Board of Directors, see “Governance” below.

Once a risk is identified and measured, management determines the appropriate response, including determining whether to accept the risk in accordance with our established risk appetite, or alternatively to implement new controls, enhance existing controls, and/or develop additional mitigation strategies to reduce the impact of the risk. 3.Monitoring and Testing: Management is required to evaluate the effectiveness of risk management practices and controls through monitoring of key risk indicator metrics, testing and other activities.

The Risk Committee regularly receives reports from management on our cybersecurity and technology risk profile, and key enterprise cybersecurity initiatives, and on any identified significant threats or incidents, or new risk developments, which, in the aggregate, are intended to present an overall view on the status of our cybersecurity program and the Company’s compliance with applicable legal and regulatory requirements.

The Risk Committee regularly receives reports from management on our cybersecurity and technology risk profile, key enterprise cybersecurity initiatives, and on any identified significant threats or incidents, or new risk developments, which, in the aggregate, are intended to present an overall view on the status of our cybersecurity program and the Company’s compliance with applicable legal and regulatory requirements. 53 Capital One Financial Corporation (COF) Table of Contents The Risk Committee coordinates with the full Board of Directors regarding the strategic implications of cybersecurity and technology risks.

Item 1C. Cybersecurity Risk Management and Strategy As a financial services company entrusted with the safeguarding of sensitive information, including sensitive personal information, we believe that a strong enterprise cybersecurity program is a vital component of effectively managing risks related to the confidentiality, integrity and availability of our data.

Cybersecurity Risk Management and Strategy As a financial services company entrusted with the safeguarding of sensitive information, including sensitive personal information, we believe that a strong enterprise cybersecurity program is a vital component of effectively managing risks related to the confidentiality, integrity and availability of our data, including information about us, our customers, transactions processed on our networks or on third-party networks on our behalf, or third parties with which we do business.

We do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, such as the 2019 Cybersecurity Incident, have materially affected our overall business strategy, results of operations, or financial condition. For further discussion of cybersecurity, and related risks for our business, see “Item 1A.

Risk Factors—Risks Relating to the Transaction and Integration of Discover ” for more information. We do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, such as the 2019 Cybersecurity Incident, have materially affected our overall business strategy, results of operations or financial condition.

We also maintain an Enterprise Cyber Response Plan (“ECRP”) designed to handle potential or actual cybersecurity events that could impact us and our personnel, data, systems and customers.

We also maintain an Enterprise Cyber Response Plan (“ECRP”) designed to handle suspected or actual cybersecurity events that could impact us and our personnel, data, systems, transactions processed on our networks, customers and third parties with which we do business.

Identified issues are remediated, addressed via mitigation plans, or escalated, in line with our risk appetite. 4.Aggregation, Reporting and Escalation: Management collects and aggregates risks across the Company in order to support strategic decision-making and to measure overall risk performance against risk appetite metrics.

Aggregation, Reporting and Escalation: Management collects and aggregates risks across the Company in order to support strategic decision-making and to measure overall risk performance against risk appetite metrics.

Removed

The Risk Committee coordinates with the full Board of Directors regarding the strategic implications of cybersecurity and technology risks.

Added

Monitoring and Testing: Management is required to evaluate the effectiveness of risk management practices and controls through monitoring of key risk indicator metrics, testing and other activities. Identified issues are remediated, addressed via mitigation plans, or escalated, in line with our risk appetite. 4.

Added

With respect to our recent acquisition of Discover, we have been actively integrating the Discover cybersecurity program into ours in accordance with our Framework, while continuing to identify, assess, and manage cybersecurity and technology risks that may arise as part of our ongoing integration processes. See “ Item 1A.

Added

For further discussion of cybersecurity, and related risks for our business, see “ Item 1A.

Added

He holds degrees in physics and business administration from Harvard University.

Item 2. Properties

Properties — owned and leased real estate

5 edited+0 added−0 removed1 unchanged

2024 filing

2025 filing

Biggest changeOur 1.8 million square feet for bank branches and cafés is located primarily across New York, Louisiana, Texas, Maryland, Virginia, New Jersey and the District of Columbia and consists of approximately 1.1 million square feet of leased space and 713 thousand square feet of owned space. See “Part II—Item 8.

Biggest changeOur 1.9 million square feet for bank branches and cafés is located primarily across New York, Louisiana, Texas, Maryland, Virginia, New Jersey and the District of Columbia and consists of approximately 1.4 million square feet of leased space and 54 Capital One Financial Corporation (COF) Table of Contents 476 thousand square feet of owned space. See “Part II—Item 8.

We maintain corporate office space primarily in Virginia, New York and Texas including our headquarters located in McLean, Virginia.

We maintain corporate office space primarily in Virginia, New York, Texas and Illinois, including our headquarters located in McLean, Virginia.

Item 2. Properties Our corporate and banking real estate portfolio consists of approximately 10.2 million square feet of owned or leased office and retail space, which is used to support our business.

Item 2. Properties Our corporate and banking real estate portfolio consists of approximately 12.3 million square feet of owned or leased office and retail space, which is used to support our business.

Mine Safety Disclosures Not applicable. 48 Capital One Financial Corporation (COF) Table of Contents PART II

Mine Safety Disclosures Not applicable. 55 Capital One Financial Corporation (COF) Table of Contents PART II

Of this overall portfolio, approximately 8.4 million square feet of space is dedicated for various corporate office uses and approximately 1.8 million square feet of space is for bank branches and cafés. Our 8.4 million square feet of corporate office space consists of approximately 5.9 million square feet of owned space and 2.5 million square feet of leased space.

Of this overall portfolio, approximately 10.4 million square feet of space is dedicated for various corporate office uses and approximately 1.9 million square feet of space is for bank branches and cafés. Our 10.4 million square feet of corporate office space consists of approximately 7 million square feet of owned space and 3.4 million square feet of leased space.

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

6 edited+1 added−0 removed2 unchanged

2024 filing

2025 filing

Biggest changeTotal Number of Shares Purchased (1) Average Price per Share Total Number of Shares Purchased as Part of Publicly Announced Plans (1) Maximum Amount That May Yet be Purchased Under the Publicly Announced Plans (1) (in millions) October 402,507 $ 155.40 402,507 $ 4,121 November 414,445 179.40 345,006 4,058 December 129,962 187.79 129,962 4,034 Total 946,914 170.35 877,475 __________ (1) In April 2022, our Board of Directors authorized the repurchase of up to $5.0 billion of shares of our common stock.

Biggest changeTotal Number of Shares Purchased (1) Average Price per Share Total Number of Shares Purchased as Part of Publicly Announced Plans (1) Maximum Amount That May Yet be Purchased Under the Publicly Announced Plans (in millions) October 4,505,409 $ 215.46 4,503,455 $ 15,644 November 4,068,170 214.24 3,990,809 14,789 December 2,913,698 232.77 2,899,191 14,114 Total 11,487,277 219.42 11,393,455 __________ (1) On October 20, 2025, our Board of Directors authorized the repurchase of up to $16 billion of shares of the Company’s common stock, effective October 21, 2025.

Issuer Purchases of Equity Securities The following table presents information related to repurchases of shares of our common stock for each calendar month in the fourth quarter of 2024. Commission costs are excluded from the amounts presented below.

Issuer Purchases of Equity Securities The following table presents information related to repurchases of shares of our common stock for each calendar month in the fourth quarter of 2025. Commission costs are excluded from the amounts presented below.

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters.” 49 Capital One Financial Corporation (COF) Table of Contents Common Stock Performance Graph The following graph shows the cumulative total stockholder return on our common stock compared to an overall stock market index, the S&P Composite 500 Stock Index (“S&P 500 Index”), and a published industry index, the S&P Financial Composite Index (“S&P Financial Index”), over the five-year period commencing December 31, 2019 and ended December 31, 2024.

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters.” 56 Capital One Financial Corporation (COF) Table of Contents Common Stock Performance Graph The following graph shows the cumulative total stockholder return on our common stock compared to an overall stock market index, the S&P Composite 500 Stock Index (“S&P 500 Index”), and a published industry index, the S&P Financial Composite Index (“S&P Financial Index”), over the five-year period commencing December 31, 2020 and ended December 31, 2025.

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information Our common stock is listed on the NYSE and is traded under the symbol “COF.” As of January 31, 2025, there were 8,201 holders of record of our common stock.

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Market Information Our common stock is listed on the NYSE and is traded under the symbol “COF.” As of January 31, 2026, there were 39,599 holders of record of our common stock.

There were 69,439 shares withheld in November, to cover taxes on restricted stock awards whose restrictions lapsed. See “Item 7. MD&A—Capital Management—Dividend Policy and Stock Purchases” for more information. 51 Capital One Financial Corporation (COF) Table of Contents Item 6. [Reserved]

There were 1,954, 77,361 and 14,507 shares withheld in October, November and December, respectively, to cover taxes on restricted stock awards whose restrictions lapsed. See “Item 7. MD&A—Capital Management—Dividend Policy and Stock Purchases” for more information. 58 Capital One Financial Corporation (COF) Table of Contents Item 6. [Reserved]

December 31, 2019 2020 2021 2022 2023 2024 Capital One $ 100.00 $ 97.32 $ 145.28 $ 94.95 $ 137.03 $ 189.44 S&P 500 Index 100.00 118.40 152.39 124.79 157.59 197.02 S&P Financial Index 100.00 98.31 132.75 118.77 133.20 173.90 50 Capital One Financial Corporation (COF) Table of Contents Recent Sales of Unregistered Securities We did not have any sales of unregistered equity securities in 2024.

December 31, 2020 2021 2022 2023 2024 2025 Capital One $ 100.00 $ 149.28 $ 97.56 $ 140.79 $ 194.65 $ 268.00 S&P 500 Index 100.00 128.71 105.40 133.10 166.40 196.16 S&P Financial Index 100.00 135.04 120.81 135.49 176.89 203.47 57 Capital One Financial Corporation (COF) Table of Contents Recent Sales of Unregistered Securities We did not have any sales of unregistered equity securities in 2025.

Added

This new authorization replaces the Company’s prior authorization to repurchase its common stock approved by our Board of Directors in April 2022. During the fourth quarter, we repurchased $614 million under the prior authorization and $1.9 billion under the new authorization.

Item 6. [Reserved]

Selected Financial Data — reserved (removed by SEC in 2021)

3 edited+0 added−0 removed0 unchanged

2024 filing

2025 filing

Biggest changeFinancial Statements and Supplementary Data 130 Consolidated Statements of Income 135 Consolidated Statements of Comprehensive Income 136 Consolidated Balance Sheets 137 1 Capital One Financial Corporation (COF) Consolidated Statements of Changes in Stockholders’ Equity 138 Consolidated Statements of Cash Flows 139 Notes to Consolidated Financial Statements 141 Note 1—Summary of Significant Accounting Policies 141 Note 2—Business Combinations 156 Note 3—Investment Securities 157 Note 4—Loans 160 Note 5—Allowance for Credit Losses and Reserve for Unfunded Lending Commitments 174 Note 6—Variable Interest Entities and Securitizations 178 Note 7—Goodwill and Other Intangible Assets 182 Note 8—Premises, Equipment and Leases 185 Note 9—Deposits and Borrowings 187 Note 10—Derivative Instruments and Hedging Activities 189 Note 11—Stockholders’ Equity 198 Note 12—Regulatory and Capital Adequacy 201 Note 13—Earnings Per Common Share 203 Note 1 4 —Stock-Based Compensation Plans 204 Note 15—Employee Benefit Plans 206 Note 16—Income Taxes 208 Note 17—Fair Value Measurement 211 Note 18—Business Segments and Revenue from Contracts with Customers 220 Note 19—Commitments, Contingencies, Guarantees and Others 225 Note 20—Capital One Financial Corporation (Parent Company Only) 229 Note 21—Related Party Transactions 231

Biggest changeFinancial Statements and Supplementary Data 139 Consolidated Statements of Income 145 Consolidated Statements of Comprehensive Income 146 Consolidated Balance Sheets 147 1 Capital One Financial Corporation (COF) Consolidated Statements of Changes in Stockholders’ Equity 148 Consolidated Statements of Cash Flows 149 Notes to Consolidated Financial Statements 151 Note 1—Summary of Significant Accounting Policies 151 Note 2—Business Combinations and Discontinued Operations 166 Note 3—Investment Securities 172 Note 4—Loans 175 Note 5—Allowance for Credit Losses and Reserve for Unfunded Lending Commitments 191 Note 6—Variable Interest Entities and Securitizations 195 Note 7—Goodwill and Other Intangible Assets 199 Note 8—Premises, Equipment and Leases 202 Note 9—Deposits and Borrowings 204 Note 10—Derivative Instruments and Hedging Activities 206 Note 11—Stockholders’ Equity 215 Note 12—Regulatory and Capital Adequacy 218 Note 13—Earnings Per Common Share 220 Note 14—Stock-Based Compensation Plans 221 Note 15—Employee Benefit Plans 223 Note 16—Income Taxes 224 Note 17—Fair Value Measurement 228 Note 18—Business Segments and Revenue from Contracts with Customers 237 Note 19—Commitments, Contingencies, Guarantees and Others 242 Note 20—Capital One Financial Corporation (Parent Company Only) 247 Note 21—Related Party Transactions 249 Note 22—Subsequent Events 250

Quantitative and Qualitative Disclosures about Market Risk 129 Item 8.

Quantitative and Qualitative Disclosures about Market Risk 138 Item 8.

Management’s Discussion and Analysis of Financial Condition and Results of Operations (“MD&A”) 52 Selected Financial Data 53 Executive Summary 56 Consolidated Results of Operations 57 Consolidated Balance Sheets Analysis 63 Off-Balance Sheet Arrangements 67 Business Segment Financial Performance 68 Critical Accounting Policies and Estimates 78 Accounting Changes and Developments 82 Capital Management 83 Risk Management 88 Credit Risk Profile 94 Liquidity Risk Profile 108 Market Risk Profile 113 Supplemental Table s 117 Glossary and Acronyms 119 Item 7A.

Management’s Discussion and Analysis of Financial Condition and Results of Operations (“MD&A”) 59 Selected Financial Data 60 Executive Summary 63 Consolidated Results of Operations 64 Consolidated Balance Sheets Analysis 70 Off-Balance Sheet Arrangements 74 Business Segment Financial Performance 75 Critical Accounting Policies and Estimates 86 Accounting Changes and Developments 91 Capital Management 92 Risk Management 98 Credit Risk Profile 104 Liquidity Risk Profile 117 Market Risk Profile 122 Supplemental Tables 127 Glossary and Acronyms 129 Item 7A.

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

329 edited+68 added−61 removed186 unchanged

2024 filing

2025 filing

Biggest changeThree-Year Summary of Selected Financial Data (Dollars in millions, except per share data and as noted) 2024 2023 2022 2024 vs. 2023 2023 vs. 2022 Income statement Interest income $ 46,034 $ 41,938 $ 31,237 10% 34% Interest expense 14,826 12,697 4,123 17 ** Net interest income $ 31,208 $ 29,241 $ 27,114 7 8 Non-interest income 7,904 7,546 7,136 5 6 Total net revenue 39,112 36,787 34,250 6 7 Provision for credit losses 11,716 10,426 5,847 12 78 Non-interest expense: Marketing 4,562 4,009 4,017 14 — Operating expense 16,924 16,307 15,146 4 8 Total non-interest expense 21,486 20,316 19,163 6 6 Income from continuing operations before income taxes 5,910 6,045 9,240 (2) (35) Income tax provision 1,163 1,158 1,880 — (38) Income from continuing operations, net of tax 4,747 4,887 7,360 (3) (34) Income (loss) from discontinued operations, net of tax 3 — — ** — Net income 4,750 4,887 7,360 (3) (34) Dividends and undistributed earnings allocated to participating securities (77) (77) (88) — (13) Preferred stock dividends (228) (228) (228) — — Net income available to common stockholders $ 4,445 $ 4,582 $ 7,044 (3) (35) Common share statistics Basic earnings per common share: Net income from continuing operations $ 11.60 $ 11.98 $ 17.98 (3)% (33)% Income (loss) from discontinued operations 0.01 — — ** — Net income per basic common share $ 11.61 $ 11.98 $ 17.98 (3) (33) Diluted earnings per common share: Net income from continuing operations $ 11.58 $ 11.95 $ 17.91 (3)% (33)% Income (loss) from discontinued operations 0.01 — — ** — Net income per diluted common share $ 11.59 $ 11.95 $ 17.91 (3) (33) Common shares outstanding (period-end, in millions) 381.2 380.4 381.3 — — Dividends declared and paid per common share $ 2.40 $ 2.40 $ 2.40 — — Book value per common share (period-end) 159.44 152.71 137.90 4 11 Tangible book value per common share (period-end) (1) 106.97 99.78 86.11 7 16 53 Capital One Financial Corporation (COF) Table of Contents (Dollars in millions, except per share data and as noted) 2024 2023 2022 2024 vs. 2023 2023 vs. 2022 Common dividend payout ratio (2) 20.67% 20.03% 13.35% 1 7 Stock price per common share (period-end) $ 178.32 $ 131.12 $ 92.96 36 41 Total market capitalization (period-end) 67,981 49,877 35,447 36 41 Balance sheet (average balances) Loans held for investment $ 317,421 $ 311,541 $ 292,238 2% 7% Interest-earning assets 453,481 441,238 406,646 3 9 Total assets 480,451 467,807 440,538 3 6 Interest-bearing deposits 324,297 313,737 277,208 3 13 Total deposits 351,168 343,554 313,551 2 10 Borrowings 48,465 49,332 51,006 (2) (3) Common equity 54,953 50,349 50,279 9 — Total stockholders’ equity 59,799 55,195 55,125 8 — Selected performance metrics Purchase volume $ 654,436 $ 620,290 $ 587,283 6% 6% Total net revenue margin (3) 8.62% 8.34% 8.42 % 28bps (8) bps Net interest margin 6.88 6.63 6.67 25 (4) Return on average assets (4) 0.99 1.04 1.67 (5) (63) Return on average tangible assets (5) 1.02 1.08 1.73 (6) (65) Return on average common equity (6) 8.08 9.10 14.01 (102) (491) Return on average tangible common equity (7) 11.18 13.04 19.91 (186) (687) Equity-to-assets ratio (8) 12.45 11.80 12.51 65 (71) Efficiency ratio (9) 54.93 55.23 55.95 (30) (72) Operating efficiency ratio (10) 43.27 44.33 44.22 (106) 11 Adjusted operating efficiency ratio (11) 42.35 43.54 44.53 (119) (99) Effective income tax rate from continuing operations 19.7 19.2 20.3 50 (110) Net charge-offs $ 10,748 $ 8,414 $ 3,973 28% 112% Net charge-off rate 3.39 % 2.70 % 1.36 % 69bps 134 bps December 31, Change (Dollars in millions, except as noted) 2024 2023 2022 2024 vs. 2023 2023 vs. 2022 Balance sheet (period-end) Loans held for investment $ 327,775 $ 320,472 $ 312,331 2% 3% Interest-earning assets 463,058 449,701 427,248 3 5 Total assets 490,144 478,464 455,249 2 5 Interest-bearing deposits 336,585 320,389 300,789 5 7 Total deposits 362,707 348,413 332,992 4 5 Borrowings 45,551 49,856 48,715 (9) 2 Common equity 55,938 53,244 47,737 5 12 Total stockholders’ equity 60,784 58,089 52,582 5 10 Credit quality metrics Allowance for credit losses $ 16,258 $ 15,296 $ 13,240 6% 16% Allowance coverage ratio 4.96 % 4.77 % 4.24% 19bps 53 bps 30+ day performing delinquency rate 3.69 3.71 2.96 (2) 75 30+ day delinquency rate 3.98 3.99 3.21 (1) 78 54 Capital One Financial Corporation (COF) Table of Contents December 31, Change (Dollars in millions, except as noted) 2024 2023 2022 2024 vs. 2023 2023 vs. 2022 Capital ratios Common equity Tier 1 capital (12) 13.5 % 12.9 % 12.5% 60 bps 40 bps Tier 1 capital (12) 14.8 14.2 13.9 60 30 Total capital (12) 16.4 16.0 15.8 40 20 Tier 1 leverage (12) 11.6 11.2 11.1 40 10 Tangible common equity (13) 8.6 8.2 7.5 39 70 Supplementary leverage (12) 9.9 9.6 9.5 30 10 Other Employees (period end, in thousands) 52.6 52.0 56.0 1% (7)% __________ (1) Tangible book value per common share is a non-GAAP measure calculated based on tangible common equity (“TCE”) divided by common shares outstanding.

Biggest changeThree-Year Summary of Selected Financial Data (Dollars in millions, except per share data and as noted) 2025 2024 2023 2025 vs. 2024 2024 vs. 2023 Income statement Interest income $ 58,696 $ 46,034 $ 41,938 28% 10% Interest expense 15,818 14,826 12,697 7 17 Net interest income 42,878 31,208 29,241 37 7 Non-interest income 10,556 7,904 7,546 34 5 Total net revenue 53,434 39,112 36,787 37 6 Provision for credit losses 20,655 11,716 10,426 76 12 Non-interest expense: Marketing 5,884 4,562 4,009 29 14 Operating expense 24,614 16,924 16,307 45 4 Total non-interest expense 30,498 21,486 20,316 42 6 Income from continuing operations before income taxes 2,281 5,910 6,045 (61) (2) Income tax provision 193 1,163 1,158 (83) — Income from continuing operations, net of tax 2,088 4,747 4,887 (56) (3) Income from discontinued operations, net of tax 365 3 — ** ** Net income 2,453 4,750 4,887 (48) (3) Dividends and undistributed earnings allocated to participating securities (26) (77) (77) (66) — Preferred stock dividends (252) (228) (228) 11 — Discount on redeemed preferred stock 6 — — ** — Net income available to common stockholders $ 2,181 $ 4,445 $ 4,582 (51) (3) Common share statistics Basic earnings per common share: Net income from continuing operations $ 3.36 $ 11.60 $ 11.98 (71)% (3)% Income from discontinued operations 0.67 0.01 — ** ** Net income per basic common share $ 4.03 $ 11.61 $ 11.98 (65) (3) Diluted earnings per common share: Net income from continuing operations $ 3.36 $ 11.58 $ 11.95 (71)% (3)% Income from discontinued operations 0.67 0.01 — ** ** Net income per diluted common share $ 4.03 $ 11.59 $ 11.95 (65) (3) Common shares outstanding (period-end, in millions) 625.1 381.2 380.4 64 — Dividends declared and paid per common share $ 2.60 $ 2.40 $ 2.40 8 — Book value per common share (period-end) 181.76 159.44 152.71 14 4 Tangible book value per common share (period-end) (1) 107.72 106.97 99.78 1 7 Common dividend payout ratio (2) 64.52% 20.67% 20.03% 44 1 Stock price per common share (period-end) $ 242.36 $ 178.32 $ 131.12 36 36 Total market capitalization (period-end) 151,500 67,981 49,877 123 36 60 Capital One Financial Corporation (COF) Table of Contents (Dollars in millions, except per share data and as noted) 2025 2024 2023 2025 vs. 2024 2024 vs. 2023 Balance sheet (average balances) Loans held for investment $ 396,725 $ 317,421 $ 311,541 25% 2% Interest-earning assets 546,685 453,481 441,238 21 3 Total assets 597,536 480,451 467,807 24 3 Interest-bearing deposits 402,209 324,297 313,737 24 3 Total deposits 429,620 351,168 343,554 22 2 Borrowings 48,034 48,465 49,332 (1) (2) Common equity 89,286 54,953 50,349 62 9 Total stockholders’ equity 94,542 59,799 55,195 58 8 Selected performance metrics Purchase volume $ 828,467 $ 654,436 $ 620,290 27% 6% Global Payment Network volume (3) 401,775 N/A N/A ** ** Total net revenue margin (4) 9.77% 8.62% 8.34 % 115bps 28bps Net interest margin 7.84 6.88 6.63 96 25 Return on average assets (5) 0.35 0.99 1.04 (64) (5) Return on average tangible assets (6) 0.37 1.02 1.08 (65) (6) Return on average common equity (7) 2.03 8.08 9.10 (605) (102) Return on average tangible common equity (8) 3.16 11.18 13.04 (802) (186) Equity-to-assets ratio (9) 15.82 12.45 11.80 337 65 Efficiency ratio (10) 57.08 54.93 55.23 215 (30) Operating efficiency ratio (11) 46.06 43.27 44.33 279 (106) Effective income tax rate from continuing operations 8.5 19.7 19.2 (1,120) 50 Net charge-offs $ 13,102 $ 10,748 $ 8,414 22% 28% Net charge-off rate 3.30 % 3.39 % 2.70 % (9) bps 69 bps December 31, Change (Dollars in millions, except as noted) 2025 2024 2023 2025 vs. 2024 2024 vs. 2023 Balance sheet (period-end) Loans held for investment $ 453,622 $ 327,775 $ 320,472 38% 2% Interest-earning assets 613,750 463,058 449,701 33 3 Total assets 669,009 490,144 478,464 36 2 Interest-bearing deposits 448,386 336,585 320,389 33 5 Total deposits 475,771 362,707 348,413 31 4 Borrowings 51,000 45,551 49,856 12 (9) Common equity 108,209 55,938 53,244 93 5 Total stockholders’ equity 113,616 60,784 58,089 87 5 Credit quality metrics Allowance for credit losses $ 23,409 $ 16,258 $ 15,296 44% 6% Allowance coverage ratio 5.16 % 4.96 % 4.77 % 20bps 19bps 30+ day performing delinquency rate 3.41 3.69 3.71 (28) (2) 30+ day delinquency rate 3.59 3.98 3.99 (39) (1) 61 Capital One Financial Corporation (COF) Table of Contents December 31, Change (Dollars in millions, except as noted) 2025 2024 2023 2025 vs. 2024 2024 vs. 2023 Capital ratios Common equity Tier 1 capital (12) 14.3 % 13.5 % 12.9 % 80bps 60bps Tier 1 capital (12) 15.3 14.8 14.2 50 60 Total capital (12) 17.2 16.4 16.0 80 40 Tier 1 leverage (12) 12.5 11.6 11.2 90 40 Tangible common equity (“TCE”) (13) 10.7 8.6 8.2 210 39 Supplementary leverage (12) 10.6 9.9 9.6 70 30 Other Employees (period end, in thousands) 76.3 52.6 52.0 45% 1% __________ (1) Tangible book value per common share is a non-GAAP measure calculated based on TCE divided by common shares outstanding.

Our internal management and reporting process employs various allocation methodologies, including funds transfer pricing, to assign certain balance sheet assets, deposits and other liabilities and their related revenues and expenses directly or indirectly attributable to each business segment. Total interest income and non-interest income are directly attributable to the segment in which they are reported.

Our internal management and reporting process employs various allocation methodologies, including funds transfer pricing, to assign certain balance sheet assets, deposits and other liabilities and their related revenues and expenses directly or indirectly attributable to each business. Total interest income and non-interest income are directly attributable to the segment in which they are reported.

Because our Commercial Banking business has loans and investments that generate tax-exempt income, tax credits or other tax benefits, we present the revenues on a taxable-equivalent basis. Expenses primarily consist of the provision for credit losses and operating costs.

Because our Commercial Banking business has loans and investments that generate tax-exempt income, tax credits or other tax benefits, we present the revenues on a taxable-equivalent basis. Expenses primarily consist of operating costs and the provision for credit losses.

We also reserve for the uncollectible portion of finance charges and fees related to credit card loan receivables in the allowance for credit losses consistent with the methodology we use to estimate the allowance for credit losses on the principal portion of our credit card loan receivables. We also separately reserve for unfunded lending commitments that are not unconditionally cancellable.

We also reserve for the uncollectible portion of finance charges and fees related to credit card loan receivables in the allowance for credit losses consistent with the methodology we use to estimate the allowance for credit losses on the principal portion of our credit card loan receivables. We separately reserve for unfunded lending commitments that are not unconditionally cancellable.

Fair Value Fair value, also referred to as an exit price, is defined as the price that would be received for an asset or paid to transfer a liability in an orderly transaction between market participants on the measurement date. The fair value accounting guidance provides a three-level fair value hierarchy for classifying financial instruments.

Fair value, also referred to as an exit price, is defined as the price that would be received for an asset or paid to transfer a liability in an orderly transaction between market participants on the measurement date. The fair value accounting guidance provides a three-level fair value hierarchy for classifying financial instruments.

The level and composition of our capital may also be influenced by rating agency guidelines, subsidiary capital requirements, business environment, conditions in the financial markets and assessments of potential future losses due to adverse changes in our business and market environments. Capital Standards and Prompt Corrective Action The Company and the Bank are subject to the Basel III Capital Rules.

The following table presents reconciliations of these non-GAAP measures to the applicable amounts measured in accordance with U.S. GAAP. These non-GAAP measures should not be viewed as a substitute for reported results determined in accordance with U.S.

Allowance coverage ratio: Allowance for credit losses as a percentage of loans held for investment. Amortized cost: The amount at which a financing receivable or investment is originated or acquired, adjusted for applicable accrued interest, accretion, or amortization of premium, discount, and net deferred fees or costs, collection of cash, write-offs, foreign exchange and fair value hedge accounting adjustments.

Allowance coverage ratio: Allowance for credit losses as a percentage of loans held for investment. Amortized cost basis: The amount at which a financing receivable or investment is originated or acquired, adjusted for applicable accrued interest, accretion, or amortization of premium, discount, and net deferred fees or costs, collection of cash, write-offs, foreign exchange and fair value hedge accounting adjustments.

We estimate our uninsured amounts based on methodologies and assumptions used for our “Consolidated Reports of Condition and Income” (FFIEC 031) filed with the Federal Banking Agencies, adjusted to exclude intercompany balances and cash collateral received on certain derivative contracts which are not presented within deposits on our consolidated balance sheet.

We estimate our uninsured amounts based on methodologies and assumptions used for our “Consolidated Reports of Condition and Income” (FFIEC 031) filed with the Federal Banking Agencies, primarily adjusted to exclude intercompany balances and cash collateral received on certain derivative contracts which are not presented within deposits on our consolidated balance sheet.

Material risks are reported to the Board of Directors and senior management committees no less than quarterly. Capital and Liquidity Management (including Stress Testing) Our capital management processes are linked to its risk management practices, including the enterprise-wide identification, assessment and measurement of risks to ensure that all relevant risks are incorporated in the assessment of the Company's capital adequacy.

Material risks are reported to the Board of Directors and senior management committees no less than quarterly. Capital and Liquidity Management (including Stress Testing) Our capital management processes are linked to our risk management practices, including the enterprise-wide identification, assessment and measurement of risks to ensure that all relevant risks are incorporated in the assessment of the Company's capital adequacy.

Consolidated stockholder’s equity in excess of the sum of all reporting units capital requirements that is not identified for future capital needs, such as dividends, share buybacks, or other strategic initiatives, is allocated to the reporting units and the Other category and assumed to be distributed to equity holders in future periods.

Provides independent and objective assurance to the Board of Directors and senior management that the systems and governance processes are designed and working as intended. 88 Capital One Financial Corporation (COF) Table of Contents Our Framework sets consistent expectations for risk management across the Company and consists of the following nine elements: Governance and Accountability Strategy and Risk Alignment Risk Identification Assessment, Measurement and Response Monitoring and Testing Aggregation, Reporting and Escalation Capital and Liquidity Management (including Stress Testing) Risk Data and Enabling Technology Culture and Talent Management Governance and Accountability This element of the Framework sets the foundation for the methods for governing risk taking and the interactions within and among our three lines of defense.

Provides independent and objective assurance to the Board of Directors and senior management that the systems and governance processes are designed and working as intended. 98 Capital One Financial Corporation (COF) Table of Contents Our Framework sets consistent expectations for risk management across the Company and consists of the following nine elements: Governance and Accountability Strategy and Risk Alignment Risk Identification Assessment, Measurement and Response Monitoring and Testing Aggregation, Reporting and Escalation Capital and Liquidity Management (including Stress Testing) Risk Data and Enabling Technology Culture and Talent Management Governance and Accountability This element of the Framework sets the foundation for the methods for governing risk taking and the interactions within and among our three lines of defense.

In addition to macroeconomic factors, many credit factors inform our allowance for credit losses, including, but not limited to, historical loss and recovery experience, recent trends in delinquencies and charge-offs, risk ratings, the impact of bankruptcy 78 Capital One Financial Corporation (COF) Table of Contents filings, the value of collateral underlying secured loans, account seasoning, changes in our credit evaluation, underwriting and collection management policies, seasonality, credit bureau scores, current general economic conditions, changes in the legal and regulatory environment and uncertainties in forecasting and modeling techniques used in estimating our allowance for credit losses.

In addition to macroeconomic factors, many credit factors inform our allowance for credit losses, including, but not limited to, historical loss and recovery experience, recent trends in delinquencies and charge-offs, risk ratings, the impact of bankruptcy 86 Capital One Financial Corporation (COF) Table of Contents filings, the value of collateral underlying secured loans, account seasoning, changes in our credit evaluation, underwriting and collection management policies, seasonality, credit bureau scores, current general economic conditions, changes in the legal and regulatory environment and uncertainties in forecasting and modeling techniques used in estimating our allowance for credit losses.

Table 32: Interest Rate Sensitivity Analysis December 31, 2024 December 31, 2023 Estimated impact on projected baseline net interest income: +200 basis points 1.3 % 0.7 % +100 basis points 0.8 0.8 +50 basis points 0.4 0.4 –50 basis points (0.4) (0.5) –100 basis points (0.8) (0.9) –200 basis points (1.9) (2.0) Estimated impact on economic value of equity: +200 basis points (6.3) (8.4) +100 basis points (3.0) (3.7) +50 basis points (1.4) (1.8) –50 basis points 1.3 1.6 –100 basis points 2.5 2.9 –200 basis points 3.9 4.0 In addition to these industry standard measures, we also consider the potential impact of alternative interest rate scenarios, such as larger rate shocks, higher than +/- 200 bps, as well as steepening and flattening yield curve scenarios in our internal interest rate risk management decisions.

Table 32: Interest Rate Sensitivity Analysis December 31, 2025 December 31, 2024 Estimated impact on projected baseline net interest income: +200 basis points 1.0 % 1.3 % +100 basis points 0.6 0.8 +50 basis points 0.3 0.4 –50 basis points (0.3) (0.4) –100 basis points (0.7) (0.8) –200 basis points (2.7) (1.9) Estimated impact on economic value of equity: +200 basis points (4.5) (6.3) +100 basis points (2.0) (3.0) +50 basis points (0.9) (1.4) –50 basis points 0.7 1.3 –100 basis points 1.2 2.5 –200 basis points 1.1 3.9 In addition to these industry standard measures, we also consider the potential impact of alternative interest rate scenarios, such as larger rate shocks, higher than +/- 200 bps, as well as steepening and flattening yield curve scenarios in our internal interest rate risk management decisions.

Our funds transfer pricing process is managed by our centralized Corporate Treasury group and provides a funds credit for sources of funds, such as deposits generated by our Consumer Banking and Commercial Banking businesses, and a charge for the use of funds by each business segment.

Period-end balance sheet amounts may vary from average balance sheet amounts due to the timing of normal balance sheet management activities that are intended to support our capital and liquidity positions, our market risk profile and the needs of our customers.

Period-end balance sheet amounts may vary from average balance sheet amounts due to the Transaction, timing of normal balance sheet management activities that are intended to support our capital and liquidity positions, our market risk profile and the needs of our customers.

Our non-dollar equity investments in foreign operations expose our balance sheet and capital ratios to translation risk in AOCI. We manage our translation risk by entering into foreign currency derivatives designated as net investment hedges.

Certain non-dollar equity investments in foreign operations expose our balance sheet and capital ratios to translation risk in AOCI. We manage our translation risk by entering into foreign currency derivatives designated as net investment hedges.

(5) Return on average tangible common equity is a non-GAAP measure calculated based on annualized net income (loss) available to common stockholders less income (loss) from discontinued operations, net of tax, for the period, divided by average TCE. 118 Capital One Financial Corporation (COF) Table of Contents Glossary and Acronyms 2004 Plan: The Amended and Restated 2004 Stock Incentive Plan. 2019 Cybersecurity Incident: The unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for our credit card products and to our credit card customers that we announced on July 29, 2019. 2022 Call Report: Consolidated Reports of Condition and Income, (“FFIEC 031”) as of December 31, 2022.

(5) Return on average tangible common equity is a non-GAAP measure calculated based on net income (loss) available to common stockholders less income (loss) from discontinued operations, net of tax, for the period, divided by average TCE. 128 Capital One Financial Corporation (COF) Table of Contents GLOSSARY AND ACRONYMS 2004 Plan: The Amended and Restated 2004 Stock Incentive Plan. 2019 Cybersecurity Incident: The unauthorized access by an outside individual who obtained certain types of personal information relating to people who had applied for our credit card products and to our credit card customers that we announced on July 29, 2019. 2022 Call Report: Consolidated Reports of Condition and Income, (“FFIEC 031”) as of December 31, 2022.

Contingency Funding Plan (“CFP”): A plan that describes the Company’s event management process and management response plans to ensure that the Company is prepared to respond to a liquidity crisis and to maintain the liquidity necessary to fund normal operating requirements.

Contingency Funding Plan: A plan that describes the Company’s event management process and management response plans to ensure that the Company is prepared to respond to a liquidity crisis and to maintain the liquidity necessary to fund normal operating requirements.

There are core Governance, Risk Management and Compliance systems which are used as the system of record for risks, controls, issues and events for our risk categories and supports the analysis, aggregation and reporting capabilities across the categories. 90 Capital One Financial Corporation (COF) Table of Contents Culture and Talent Management The Framework must be supported with the right culture, talent and skills to enable effective risk management across the Company.

There are core Governance, Risk Management and Compliance systems which are used as the system of record for risks, controls, issues and events for our risk categories and supports the analysis, aggregation and reporting capabilities across the categories. 100 Capital One Financial Corporation (COF) Table of Contents Culture and Talent Management The Framework must be supported with the right culture, talent and skills to enable effective risk management across the Company.

Financial Statements and Supplementary Data—Note 9—Deposits and Borrowings.” 65 Capital One Financial Corporation (COF) Table of Contents Deferred Tax Assets and Liabilities Deferred tax assets and liabilities represent decreases or increases in taxes expected to be paid in the future because of future reversals of temporary differences between the financial reporting and tax bases of assets and liabilities, as well as from net operating loss and tax credit carryforwards.

Financial Statements and Supplementary Data—Note 9—Deposits and Borrowings.” 72 Capital One Financial Corporation (COF) Table of Contents Deferred Tax Assets and Liabilities Deferred tax assets and liabilities represent decreases or increases in taxes expected to be paid in the future because of future reversals of temporary differences between the financial reporting and tax bases of assets and liabilities, as well as from net operating loss and tax credit carryforwards.

IRM is also responsible for identifying our material aggregate risks on an ongoing basis. 89 Capital One Financial Corporation (COF) Table of Contents Assessment, Measurement and Response Management assesses risks associated with our activities. Risks identified are assessed to understand the severity of each risk and likelihood of occurrence under both normal and stressful conditions.

IRM is also responsible for identifying our material aggregate risks on an ongoing basis. 99 Capital One Financial Corporation (COF) Table of Contents Assessment, Measurement and Response Management assesses risks associated with our activities. Risks identified are assessed to understand the severity of each risk and likelihood of occurrence under both normal and stressful conditions.

The Chief Enterprise Risk Officer, in consultation with the Chief Credit and Financial Risk Officer, oversees the identification and assessment of risks associated with the Company’s strategy and the monitoring of these risks throughout the year. 93 Capital One Financial Corporation (COF) Table of Contents Our Strategic Risk Management Policy, processes and controls encompass an ongoing assessment of risks associated with corporate or line of business specific strategies.

The Chief Enterprise Risk Officer, in consultation with the Chief Credit and Financial Risk Officer, oversees the identification and assessment of risks associated with the Company’s strategy and the monitoring of these risks throughout the year. 103 Capital One Financial Corporation (COF) Table of Contents Our Strategic Risk Management Policy, processes and controls encompass an ongoing assessment of risks associated with corporate or line of business specific strategies.

(7) Return on average tangible common equity is a non-GAAP measure calculated based on net income (loss) available to common stockholders less income (loss) from discontinued operations, net of tax, for the period, divided by average TCE. Our calculation of return on average TCE may not be comparable to similarly-titled measures reported by other companies.

(8) Return on average tangible common equity is a non-GAAP measure calculated based on net income (loss) available to common stockholders less income (loss) from discontinued operations, net of tax, for the period, divided by average TCE. Our calculation of return on average TCE may not be comparable to similarly-titled measures reported by other companies.

(4) The denominators used in calculating nonperforming asset rates consist of total loans held for investment and other nonperforming assets. 104 Capital One Financial Corporation (COF) Table of Contents Net Charge-Offs Net charge-offs consist of the amortized cost basis, excluding accrued interest, of loans held for investment that we determine to be uncollectible, net of recovered amounts.

(4) The denominators used in calculating nonperforming asset rates consist of total loans held for investment and other nonperforming assets. 113 Capital One Financial Corporation (COF) Table of Contents Net Charge-Offs Net charge-offs consist of the amortized cost basis, excluding accrued interest, of loans held for investment that we determine to be uncollectible, net of recovered amounts.

Financial Statements and Supplementary Data—Note 16—Income Taxes.” 66 Capital One Financial Corporation (COF) Table of Contents OFF-BALANCE SHEET ARRANGEMENTS In the ordinary course of business, we engage in certain activities that are not reflected on our consolidated balance sheets, generally referred to as off-balance sheet arrangements.

Financial Statements and Supplementary Data—Note 16—Income Taxes.” 73 Capital One Financial Corporation (COF) Table of Contents OFF-BALANCE SHEET ARRANGEMENTS In the ordinary course of business, we engage in certain activities that are not reflected on our consolidated balance sheets, generally referred to as off-balance sheet arrangements.

In our models, deposit betas and mortgage security prepayments vary dynamically based on the level of interest rates and by product type. • Balance attrition assumptions for loans, including credit card, auto and commercial loans, remain unchanged between the baseline interest rate forecast and interest rate shock scenarios as those loans are mainly floating rate or shorter duration fixed rate loans and hence paydowns have a low sensitivity to the level of interest rates. • For assets and liabilities with embedded optionality, such as mortgage securities and deposit balances, we utilize Monte Carlo simulations to assess economic value with industry-standard term structure modeling of interest rates. • Our calculations of net present value apply appropriate spreads over the benchmark yield curve for select assets and liabilities to capture the inherent risks (including credit risk) to discount expected interest and principal cash flows. • In instances where an interest rate scenario would result in a rate less than 0%, we assume a rate of 0% for that scenario.

In our models, deposit betas and mortgage security prepayments vary dynamically based on the level of interest rates and by product type. • Balance attrition assumptions for loans, including credit card, personal, auto and commercial loans, remain unchanged between the baseline interest rate forecast and interest rate shock scenarios as the majority of these loans are floating rate or shorter duration fixed rate loans and hence paydowns have a low sensitivity to the level of interest rates. • For assets and liabilities with embedded optionality, such as mortgage securities and deposit balances, we utilize Monte Carlo simulations to assess economic value with industry-standard term structure modeling of interest rates. • Our calculations of net present value apply appropriate spreads over the benchmark yield curve for select assets and liabilities to capture the inherent risks (including credit risk) to discount expected interest and principal cash flows. • In instances where an interest rate scenario would result in a rate less than 0%, we assume a rate of 0% for that scenario.

For more information on FDMs, see “Item 8. Financial Statements—Note 4—Loans.” Allowance for Credit Losses and Reserve for Unfunded Lending Commitments Our allowance for credit losses represents management’s current estimate of expected credit losses over the contractual terms of our loans held for investment as of each balance sheet date.

For more information on FDMs, see “Item 8. Financial Statements and Supplementary Data—Note 4—Loans.” Allowance for Credit Losses and Reserve for Unfunded Lending Commitments Our allowance for credit losses represents management’s current estimate of expected credit losses over the contractual terms of our loans held for investment as of each balance sheet date.

Determining the fair value of a reporting unit is a subjective process that requires the use of estimates and the exercise of significant judgment. We calculate the fair value of our reporting units using a discounted cash flow (“DCF”) calculation, a 79 Capital One Financial Corporation (COF) Table of Contents form of the income approach.

Determining the fair value of a reporting unit is a subjective process that requires the use of estimates and the exercise of significant judgment. We calculate the fair value of our reporting units using a discounted cash flow (“DCF”) calculation, a 87 Capital One Financial Corporation (COF) Table of Contents form of the income approach.

Financial Statements and Supplementary Data—Note 1—Summary of Significant Accounting Policies” for information on our accounting policies for delinquent and nonperforming loans, charge-offs and loan modifications and restructurings for each of our loan categories. 100 Capital One Financial Corporation (COF) Table of Contents Delinquency Rates We consider the entire balance of an account to be delinquent if the minimum required payment is not received by the customer’s due date, measured at each balance sheet date.

Financial Statements and Supplementary Data—Note 1—Summary of Significant Accounting Policies” for information on our accounting policies for delinquent and nonperforming loans, charge-offs and loan modifications and restructurings. 110 Capital One Financial Corporation (COF) Table of Contents Delinquency Rates We consider the entire balance of an account to be delinquent if the minimum required payment is not received by the customer’s due date, measured at each balance sheet date.

(6) Return on average common equity is calculated based on net income (loss) available to common stockholders less income (loss) from discontinued operations, net of tax, for the period, divided by average common equity. Our calculation of return on average common equity may not be comparable to similarly-titled measures reported by other companies.

(7) Return on average common equity is calculated based on net income (loss) available to common stockholders less income (loss) from discontinued operations, net of tax, for the period, divided by average common equity. Our calculation of return on average common equity may not be comparable to similarly-titled measures reported by other companies.

Financial Statements and Supplementary Data—Note 10—Derivative Instruments and Hedging Activities.” 115 Capital One Financial Corporation (COF) Table of Contents Foreign Exchange Risk Foreign exchange risk represents exposure to changes in the values of current holdings and future cash flows denominated in other currencies.

Financial Statements and Supplementary Data—Note 10—Derivative Instruments and Hedging Activities.” 125 Capital One Financial Corporation (COF) Table of Contents Foreign Exchange Risk Foreign exchange risk represents exposure to changes in the values of current holdings and future cash flows denominated in other currencies.

The Market Risk Rule generally applies to institutions with aggregate trading assets and liabilities equal to 10% or more of total assets or $1 billion or more. As of December 31, 2024, the Company and the Bank are subject to the Market Risk Rule. See “Market Risk Profile” below for additional information.

The Market Risk Rule generally applies to institutions with aggregate trading assets and liabilities equal to 10% or more of total assets or $1 billion or more. As of December 31, 2025, the Company and the Bank are subject to the Market Risk Rule. See “Market Risk Profile” below for additional information.

The calculation and the underlying components are based on our interpretations, expectations and assumptions of the relevant regulations, as well as interpretations provided by our regulators, and are subject to change based on changes to future regulations and interpretations. See “Part I—Item 1. Business—Supervision and Regulation” for additional information.

Th e calculation and the underlying components are based on our interpretations, expectations and assumptions of the relevant regulations, as well as interpretations provided by our regulators, and are subject to change based on changes to future regulations and interpretations. See “Part I—Item 1. Business—Supervision and Regulation” for additional information.

We measure our foreign exchange transaction risk exposures by applying a 1% U.S. dollar appreciation shock against the value of the non-dollar denominated intercompany funding and EUR-denominated borrowings and their related hedges, which shows the impact to our earnings from foreign exchange risk.

We measure our foreign exchange transaction risk exposures by applying a 1% U.S. dollar appreciation shock against the value of the non-dollar denominated intercompany funding and EUR-denominated borrowing and their related hedges, which shows the impact to our earnings from foreign exchange risk.

We provide additional information on our credit quality metrics in “Business Segment Financial Performance.” Table 21 presents our 30+ day performing delinquency rates and 30+ day delinquency rates of our portfolio of loans held for investment, by portfolio segment, as of December 31, 2024 and 2023.

See “Supplemental Table—Table B—Reconciliation of Non-GAAP Measures” for additional information on non-GAAP measures. (8) Equity-to-assets ratio is calculated based on average stockholders’ equity for the period divided by average total assets for the period. (9) Efficiency ratio is calculated based on total non-interest expense for the period divided by total net revenue for the period.

See “Supplemental Table—Table B—Reconciliation of Non-GAAP Measures” for additional information on non-GAAP measures. (9) Equity-to-assets ratio is calculated based on average stockholders’ equity for the period divided by average total assets for the period. (10) Efficiency ratio is calculated based on total non-interest expense for the period divided by total net revenue for the period.

If the Company or the Bank fails to maintain its capital ratios above the minimum capital requirements plus the applicable capital conservation buffers, it will face increasingly strict automatic limitations on capital distributions and discretionary bonus payments to certain executive officers.

If the Company or the Bank fails to maintain its capital ratios above the minimum capital requirements plus the applicable capital conservation buffer requirements, it will face increasingly strict automatic limitations on capital distributions and discretionary bonus payments to certain executive officers.

The key credit quality indicator for our commercial loan portfolios is our internal risk ratings as we generally classify loans that have been delinquent for an extended period of time and other loans with significant risk of loss as nonperforming.

The key credit quality indicator for our commercial loan portfolio is our internal risk ratings as we generally classify loans that have been delinquent for an extended period of time and other loans with significant risk of loss as nonperforming.

General Data Protection Regulation U.S.: United States of America USD: United States Dollar VAC: Valuations Advisory Committee VaR: Value-At-Risk VIE: Variable interest entity VOE: Voting interest entity 128 Capital One Financial Corporation (COF) Table of Contents

General Data Protection Regulation U.S.: United States of America USD: United States Dollar VAC: Valuations Advisory Committee VaR: Value-At-Risk VIE: Variable interest entity VOE: Voting interest entity 137 Capital One Financial Corporation (COF) Table of Contents

(4) Interest income/expense in the Other category represents the impact of hedge accounting on our loan portfolios and the offsetting reduction of the taxable-equivalent adjustments of our commercial loans as described above. (5) Includes amounts related to entities that provide capital to low-income and rural communities of $2.0 billion, $1.8 billion and $1.7 billion in 2024, 2023 and 2022, respectively.

(4) Interest income/expense in the Other category represents the impact of hedge accounting on our loan portfolios and the offsetting reduction of the taxable-equivalent adjustments of our commercial loans as described above. (5) Includes amounts related to entities that provide capital to low-income and rural communities of $2.1 billion, $2.0 billion and $1.8 billion in 2025, 2024 and 2023, respectively.

We summarize our business segment results for the years ended December 31, 2024, 2023 and 2022 and provide a comparative discussion of these results for 2024 and 2023, as well as changes in our financial condition and credit performance metrics as of December 31, 2024 compared to December 31, 2023.

We summarize our business segment results for the years ended December 31, 2025, 2024 and 2023 and provide a comparative discussion of these results for 2025 and 2024, as well as changes in our financial condition and credit performance metrics as of December 31, 2025 compared to December 31, 2024.

We are also exposed to foreign exchange risk due to changes in the dollar-denominated value of future earnings and cash flows from our foreign operations and from our Euro (“EUR”)-denominated borrowings. Our non-dollar denominated intercompany funding and EUR-denominated borrowings expose our earnings to foreign exchange transaction risk.

We are also exposed to foreign exchange risk due to changes in the dollar-denominated value of future earnings and cash flows from our foreign operations and from our Euro (“EUR”)-denominated borrowing. Our non-dollar denominated intercompany funding and EUR-denominated borrowing expose our earnings to foreign exchange transaction risk.

Unless otherwise specified, references to notes to our consolidated financial statements refer to the notes to our consolidated financial statements as of December 31, 2024 included in this Report. Management monitors a variety of key indicators to evaluate our business results and financial condition.

Unless otherwise specified, references to notes to our consolidated financial statements refer to the notes to our consolidated financial statements as of December 31, 2025 included in this Report. Management monitors a variety of key indicators to evaluate our business results and financial condition.

In 2024, 2023 and 2022, the Domestic Card business accounted for greater than 90% of total net revenue of our Credit Card business. Table 8.1 summarizes the financial results for our Domestic Card business and displays selected key metrics for the periods indicated.

In 2025, 2024 and 2023, the Domestic Card business accounted for greater than 90% of total net revenue of our Credit Card business. Table 8.1 summarizes the financial results for our Domestic Card business and displays selected key metrics for the periods indicated.

The program establishes practices for assessing the operational risk profile and executing key control processes for operational risks. These risks include topics such as internal and external fraud, cybersecurity and technology risk, data management, model risk, third-party management, and business continuity.

The program establishes practices for assessing the operational risk profile and executing key control processes for operational risks. These risks include topics such as internal and external fraud, cyber and technology risk, data management, model risk, third-party management, and business continuity.

In the contexts used in this section, “beta” refers to the change in deposit rate paid relative to the change in the federal funds rate. • In instances where an interest rate scenario would result in a rate less than 0%, we assume a rate of 0% for that scenario.

MD&A is organized in the following sections: • Selected Financial Data • Capital Management • Executive Summary • Risk Management • Consolidated Results of Operations • Credit Risk Profile • Consolidated Balance Sheets Analysis • Liquidity Risk Profile • Off-Balance Sheet Arrangements • Market Risk Profile • Business Segment Financial Performance • Supplemental Tables • Critical Accounting Policies and Estimates • Glossary and Acronyms • Accounting Changes and Developments 52 Capital One Financial Corporation (COF) Table of Contents SELECTED FINANCIAL DATA The following table presents selected consolidated financial data and performance metrics for the three-year period ended December 31, 2024, 2023 and 2022.

MD&A is organized in the following sections: • Selected Financial Data • Capital Management • Executive Summary • Risk Management • Consolidated Results of Operations • Credit Risk Profile • Consolidated Balance Sheets Analysis • Liquidity Risk Profile • Off-Balance Sheet Arrangements • Market Risk Profile • Business Segment Financial Performance • Supplemental Tables • Critical Accounting Policies and Estimates • Glossary and Acronyms • Accounting Changes and Developments 59 Capital One Financial Corporation (COF) Table of Contents SELECTED FINANCIAL DATA The following table presents selected consolidated financial data and performance metrics for the three-year period ended December 31, 2025, 2024 and 2023.

We continually evaluate our reserve and assumptions based on developments in redemption patterns, changes to the terms and 81 Capital One Financial Corporation (COF) Table of Contents conditions of the rewards program and other factors.

We 89 Capital One Financial Corporation (COF) Table of Contents continually evaluate our reserve and assumptions based on developments in redemption patterns, changes to the terms and conditions of the rewards program and other factors.

Trends in delinquency rates are the key credit quality indicator for our credit card and retail banking loan portfolios as changes in delinquency rates can provide an early warning of changes in potential future credit losses.

Trends in delinquency rates are the key credit quality indicator for our credit card, personal loans and retail banking loan portfolios as changes in delinquency rates can provide an early warning of changes in potential future credit losses.

Table 29 presents, by contractual maturity, the estimated uninsured portion of total time deposits as of December 31, 2024 and 2023. Our funding and liquidity management activities factor in the expected maturities of these deposits.

Table 29 presents, by contractual maturity, the estimated uninsured portion of total time deposits as of December 31, 2025 and 2024. Our funding and liquidity management activities factor in the expected maturities of these deposits.

Periodically, the methodology and assumptions utilized in the funds transfer pricing process are adjusted to reflect economic conditions and other factors, which may impact the allocation of net interest income to the business segments. We regularly assess the assumptions, methodologies and reporting classifications used for segment reporting, which may result in the implementation of refinements or changes in future periods.

Periodically, the methodology and assumptions utilized in the funds transfer pricing process are adjusted to reflect economic conditions and other factors, which may impact the allocation of net interest income to the businesses. We regularly assess the assumptions, methodologies and reporting classifications used for segment reporting, which may result in the implementation of refinements or changes in future periods.

The fair value governance process is set up in a manner that allows the Chairperson of the FVC to escalate valuation disputes that cannot be resolved by the FVC to a more senior committee called the Valuations Advisory Committee (“VAC”) for resolution. The VAC is chaired by the Chief Financial Officer (“CFO”) and includes other members of senior management.

The fair value governance process is set up in a manner that allows the Chairperson of the FVC to escalate valuation disputes that cannot be resolved by the FVC to a more senior committee cal led the Valuations Advisory Committee (“VAC”) for resolution. The VAC is chaired by the Chief Financial Officer (“CFO”) and includes other members of senior management.

MD&A is provided as a supplement to, and should be read in conjunction with, our audited consolidated financial statements as of and for the year ended December 31, 2024 and accompanying notes.

MD&A is provided as a supplement to, and should be read in conjunction with, our audited consolidated financial statements as of and for the year ended December 31, 2025 and accompanying notes.

The allocation is unique to each business segment and acquired business and is based on the composition of assets and liabilities. The funds transfer pricing process considers the interest rate and liquidity risk characteristics of assets and liabilities and off-balance sheet products.

The allocation is unique to each business and is based on the composition of assets and liabilities. The funds transfer pricing process considers the interest rate and liquidity risk characteristics of assets and liabilities and off-balance sheet products.

Our operating leases expire at various dates through 2071, although some have extension or termination options, and we assess the likelihood of exercising such options. If it is reasonably certain that we will exercise the options, then we include the impact in the measurement of our right-of-use assets and lease liabilities.

Our operating leases expire at various dates th rough 2071, although some have extension or termination options, and we assess the likelihood of exercising such options. If it is reasonably certain that we will exercise the options, then we include the impact in the measurement of our right-of-use assets and lease liabilities.

Economic value of equity sensitivity metrics are derived using the following key assumptions: • As of December 31, 2024, our metrics assume a market implied baseline interest rate projection for the upper limit of the Federal Funds Target Rate of 4.00% at both December 31, 2025 and 2026. • The analysis includes only existing assets, liabilities and derivative positions and does not incorporate business growth assumptions or projected balance sheet changes. • Similar to our net interest income sensitivity measure, we incorporate the dynamic nature of deposit repricing and attrition, which includes pricing lags and changes in deposit beta as interest rates change and the prepayment sensitivity of our mortgage securities to the level of interest rates.

Economic value of equity sensitivity metrics are derived using the following key assumptions: • As of December 31, 2025, our metrics assume a market implied baseline interest rate projection for the upper limit of the Federal Funds Target Rate of 3.25% and 3.25% at both December 31, 2026 and 2027. • The analysis includes only existing assets, liabilities and derivative positions and does not incorporate business growth assumptions or projected balance sheet changes. • Similar to our net interest income sensitivity measure, we incorporate the dynamic nature of deposit repricing and attrition, which includes pricing lags and changes in deposit beta as interest rates change and the prepayment sensitivity of our mortgage securities to the level of interest rates.

(2) Nonperforming assets primarily consist of nonperforming loans and repossessed assets. The total nonperforming asset rate is calculated based on total nonperforming assets divided by the combined period-end total loans held for investment and repossessed assets.

Generally, we include in interest income any past due fees, net of reversals, on loans that we deem collectible. Our net interest margin represents the difference between the yield on our interest-earning assets and the cost of our interest-bearing liabilities, including the notional impact of non-interest-bearing funding.

Financial Statements and Supplementary Data—Note 18—Business Segments and Revenue from Contracts with Customers.” 68 Capital One Financial Corporation (COF) Table of Contents Business Segment Financial Performance Table 7 summarizes our business segment results, which we report based on total net revenue (loss) and net income (loss) from continuing operations, for the years ended December 31, 2024, 2023 and 2022.

Financial Statements and Supplementary Data—Note 18—Business Segments and Revenue from Contracts with Customers.” 75 Capital One Financial Corporation (COF) Table of Contents Business Segment Financial Performance Table 7 summarizes our business segment results, which we report based on total net revenue (loss) and net income (loss) from continuing operations, for the years ended December 31, 2025, 2024 and 2023.

The macroeconomic forecast used to inform both quantitative and qualitative components of our allowance for credit losses estimate is sensitive to certain variables, such as the U.S. Unemployment Rate, and the U.S. Real Gross Domestic Product (“U.S. Real GDP”) Growth Rate assu mptions.

Virginia Financial Institution Holding Company Act: Chapter 7 of Title 6.2 of the Code of Virginia governing the acquisition of interests in Virginia financial institutions. 124 Capital One Financial Corporation (COF) Table of Contents Acronyms ABS: Asset-backed securities ACL: Allowance for credit losses AML: Anti-money laundering AOCI: Accumulated other comprehensive income ASU: Accounting Standards Update ATM: Automated teller machine AWS: Amazon Web Services, Inc.

Virginia Financial Institution Holding Company Act: Chapter 7 of Title 6.2 of the Code of Virginia governing the acquisition of interests in Virginia financial institutions. 134 Capital One Financial Corporation (COF) Table of Contents Acronyms ABS: Asset-backed securities ACL: Allowance for credit losses AML: Anti-money laundering AI: Artificial Intelligence AOCI: Accumulated other comprehensive income ASU: Accounting Standards Update ATM: Automated teller machine AWS: Amazon Web Services, Inc.

As of December 31, 2024 and 2023, respectively, the Company and the Bank each exceeded the minimum capital requirements and the capital conservation buffer requirements applicable to them, and the Company and the Bank were each “ well-capitalized. ” The “well-capitalized” standards applicable to the Company are established in the Federal Reserve’s regulations, and the “well-capitalized” standards applicable to the Bank are established in the OCC’s PCA capital requirements.

As of December 31, 2025 and 2024, respectively, the Company and the Bank each exceeded the minimum capital requirements and the capital conservation buffer requirements applicable to them, and the Company and the Bank were each “well-capitalized.” The “well-capitalized” standards applicable to the Company are established in the Federal Reserve’s regulations, and the “well-capitalized” standards applicable to the Bank are established in the OCC’s PCA capital requirements.

Accordingly, we present our Commercial Banking revenue and yields on a taxable-equivalent basis, calculated using the federal statutory tax rate of 21% and state taxes where applicable, with offsetting reductions to the Other category. 69 Capital One Financial Corporation (COF) Table of Contents Credit Card Business The primary sources of revenue for our Credit Card business are net interest income, net interchange income and annual membership fees collected from customers.

Accordingly, we present our Commercial Banking revenue and yields on a taxable-equivalent basis, calculated using the federal statutory tax rate of 21% and state taxes where applicable, with offsetting reductions to the Other category. 76 Capital One Financial Corporation (COF) Table of Contents Credit Card Business The primary sources of revenue for our Credit Card business are net interest income, net discount and interchange income and fees collected from customers.

We are still assessing the extent of the impacts of adoption to the disclosures. 82 Capital One Financial Corporation (COF) Table of Contents CAPITAL MANAGEMENT The level and composition of our capital are determined by multiple factors, including our consolidated regulatory capital requirements as described in more detail below and internal risk-based capital assessments such as internal stress testing.

We are still assessing the extent of the impacts of adoption to our consolidated financial statements. 91 Capital One Financial Corporation (COF) Table of Contents CAPITAL MANAGEMENT The level and composition of our capital are determined by multiple factors, including our consolidated regulatory capital requirements as described in more detail below and internal risk-based capital assessments such as internal stress testing.

A change in the economic conditions of a reporting unit, such as declines in business performance as a result of industry or macroeconomic trends or changes in our strategy, adverse impacts to loan or deposit growth trends, decreases in revenue, increases in expenses, deterioration in a significant loan portfolio, increases in credit losses, increases in capital requirements, deterioration of market conditions, declines in long-term growth expectations, an increase in disposition activity, adverse impacts of regulatory or legislative changes or increases in the estimated cost of capital could cause the estimated fair values of our reporting units to decline in the future, and increase the risk of a goodwill impairment in a future period.

A change in the economic conditions of a reporting unit, such as declines in business performance as a result of industry or macroeconomic trends or changes in our strategy, adverse impacts to loan or deposit growth trends, decreases in revenue, increases in expenses, deterioration in a significant loan portfolio, increases in credit losses, increases in capital requirements, deterioration of market conditions, declines in long-term growth expectations, an increase in disposition activity, the inability to achieve expected synergies from the Transaction, adverse impacts of regulatory or legislative changes or increases in the estimated cost of capital could cause the estimated fair values of our reporting units to decline in the future, and increase the risk of a goodwill impairment in a future period.

Additionally, we monitor timely and effective responsiveness to these conditions, strategic decisions that impact the Company’s scale, market position or operating model and failure to appropriately consider implementation risks in the Company’s strategy. Potential areas of opportunity or risk inform the Company’s strategy, which is led by the Chief Executive Officer and other senior executives.

BHC: Bank holding company BHC Act: The Bank Holding Company Act of 1956, as amended. bps: Basis points BSA: The Bank Secrecy Act CAD: Canadian dollar CAP: Compliance Assurance Process CCPA: California Consumer Privacy Act (as amended by the California Privacy Rights Act) CCP: Central Counterparty Clearinghouse, or Central Clearinghouse CDE: Community development entities CECL: Current expected credit loss CEO: Chief Executive Officer CET1: Common equity Tier 1 capital CFO: Chief Financial Officer CFPB: Consumer Financial Protection Bureau CFTC: Commodity Futures Trading Commission CIBC: Change in Bank Control Act CIO: Chief Information Officer CIRCIA: Cyber Incident Reporting for Critical Infrastructure Act CISA: Cybersecurity and Infrastructure Security Agency CISO: Chief Information Security Officer 125 Capital One Financial Corporation (COF) Table of Contents CMBS: Commercial mortgage-backed securities CME: Chicago Mercantile Exchange CODM: Chief Operating Decision Maker COEP: Capital One (Europe) plc COF: Capital One Financial Corporation CONA : Capital One, National Association COSO: Committee of Sponsoring Organizations of the Treadway Commission CRA: Community Reinvestment Act CTRO: Chief Technology Risk Officer CVA: Credit valuation adjustment DCF: Discounted cash flow DFAST: Dodd-Frank Act Stress Tests DIB: Diversity Inclusion and Belonging DIF : Deposit Insurance Fund DRR: Designated Reserve Ratio DTCC: Depository Trust and Clearing Corporation DVA: Debit valuation adjustment ECRP: Enterprise Cyber Response Plan EU: European Union EU GDPR: EU General Data Protection Regulation EUR: Euro Fannie Mae: Federal National Mortgage Association FASB: Financial Accounting Standards Board FCA: Financial Conduct Authority FCAC: Financial Consumer Agency of Canada FCM: Futures commission merchant FCRA: Fair Credit Reporting Act FDM: Financial difficulty modification FDIC: Federal Deposit Insurance Corporation FDICIA: Federal Deposit Insurance Corporation Improvement Act of 1991 FFIEC: Federal Financial Institutions Examination Council FHC: Financial Holding Company FHLB: Federal Home Loan Bank FICC - GSD : Fixed Income Clearing Corporation - Government Securities Division FICO: Fair Isaac Corporation FinCEN: Financial Crimes Enforcement Network FINRA: Financial Industry Regulatory Authority FIS: Fidelity Information Services Fitch: Fitch Ratings Freddie Mac: Federal Home Loan Mortgage Corporation FS-ISAC: Financial Services Information Sharing and Analysis Center FVC: Fair Value Committee GAAP: Generally accepted accounting principles in the U.S.

BHC: Bank holding company BHC Act: The Bank Holding Company Act of 1956, as amended. bps: Basis points BSA: The Bank Secrecy Act CAD: Canadian dollar CAP: Compliance Assurance Process CCPA: California Consumer Privacy Act (as amended by the California Privacy Rights Act) CBP : Community Benefits Plan CCP: Central Counterparty Clearinghouse, or Central Clearinghouse CDE: Community development entities CECL: Current expected credit loss CEO: Chief Executive Officer CET1: Common equity Tier 1 capital CFO: Chief Financial Officer CFPB: Consumer Financial Protection Bureau CFTC: Commodity Futures Trading Commission CIBC: Change in Bank Control Act CIO: Chief Information Officer CIRCIA: Cyber Incident Reporting for Critical Infrastructure Act CISA: Cybersecurity and Infrastructure Security Agency CISO: Chief Information Security Officer CMBS: Commercial mortgage-backed securities CME: Chicago Mercantile Exchange CODM: Chief Operating Decision Maker COEP: Capital One (Europe) plc COF: Capital One Financial Corporation COMET: Capital One Multi-asset Execution Trust CONA : Capital One, National Association COSO: Committee of Sponsoring Organizations of the Treadway Commission CRA: Community Reinvestment Act CTRO: Chief Technology Risk Officer COPAR: Capital One Prime Auto Receivables Trusts CVA: Credit valuation adjustment DCENT: Discover Card Execution Note Trust 135 Capital One Financial Corporation (COF) Table of Contents DCF: Discounted cash flow DFAST: Dodd-Frank Act Stress Tests DIF : Deposit Insurance Fund DRR: Designated Reserve Ratio DTCC: Depository Trust and Clearing Corporation DVA: Debit valuation adjustment ECRP: Enterprise Cyber Response Plan EU: European Union EU GDPR: EU General Data Protection Regulation EUR: Euro Fannie Mae: Federal National Mortgage Association FASB: Financial Accounting Standards Board FCA: Financial Conduct Authority FCAC: Financial Consumer Agency of Canada FCM: Futures commission merchant FCRA: Fair Credit Reporting Act FDM: Financial difficulty modification FDIC: Federal Deposit Insurance Corporation FDICIA: Federal Deposit Insurance Corporation Improvement Act of 1991 FFIEC: Federal Financial Institutions Examination Council FHC: Financial Holding Company FHLB: Federal Home Loan Bank FICC - GSD : Fixed Income Clearing Corporation - Government Securities Division FICO: Fair Isaac Corporation FinCEN: Financial Crimes Enforcement Network FINRA: Financial Industry Regulatory Authority FIS: Fidelity Information Services Fitch: Fitch Ratings Freddie Mac: Federal Home Loan Mortgage Corporation FS-ISAC: Financial Services Information Sharing and Analysis Center FVC: Fair Value Committee GAAP: Generally accepted accounting principles in the U.S.

(2) Nonperforming loan rates are calculated based on nonperforming loans for each category divided by period-end total loans held for investment for each respective category. (3) Excluding the impact of domestic credit card loans, nonperforming loans as a percentage of total loans held for investment was 1.16% and 0.88% as of December 31, 2024 and 2023, respectively.

(2) Nonperforming loan rates are calculated based on nonperforming loans for each category divided by period-end total loans held for investment for each respective category. (3) Excluding the impact of domestic credit card loans, nonperforming loans as a percentage of total loans held for investment was 0.95% and 1.16% as of December 31, 2025 and 2024, respectively.

Strategy and Risk Alignment Our strategy is informed by and aligned with risk appetite, from development to execution. The Chief Executive Officer develops the strategy with input from the first, second, and third lines of defense, as well as the Board of Directors. The strategic planning process considers relevant changes to the Company’s overall risk profile.

Strategy and Risk Alignment Our strategy is informed by and aligned with risk appetite, from development to execution. The CEO develops the strategy with input from the first, second and third lines of defense, as well as the Board of Directors. The strategic planning process considers relevant changes to the Company’s overall risk profile.

Operational Risk Management and Technology Risk Management enforce these practices and delivers reporting of operational risk results to senior business leaders, the executive committee and the Board of Directors. For additional information on how we manage cybersecurity and technology risk, see “Part I—Item 1C. Cybersecurity” of this Report.

Operational Risk Management and Tech and Data Risk Management enforce these practices and deliver reporting of operational risk results to senior business leaders, the executive committee and the Board of Directors. For additional information on how we manage cybersecurity and technology risk, see “Part I—Item 1C. Cybersecurity” of this Report.

The information presented in this section excludes loans held for sale, which totaled $202 million and $854 million as of December 31, 2024 and 2023, respectively. Table 15 presents the maturities of our loans held for investment portfolio as of December 31, 2024. Determinations of maturities are based on scheduled repayments.

The information presented in this section excludes loans held for sale, which totaled $760 million and $202 million as of December 31, 2025 and 2024, respectively. Table 15 presents the maturities of our loans held for investment portfolio as of December 31, 2025. Determinations of maturities are based on scheduled repayments.

Compliance risk can also arise from nonconformance with prescribed practices, internal policies and procedures, contractual obligations or ethical standards that reinforce those laws, rules or regulations Credit The risk to current or projected financial condition and resilience arising from an obligor’s failure to meet the terms of any contract with the Company or otherwise perform as agreed Liquidity The risk that the Company will not be able to meet its future financial obligations as they come due, or invest in future asset growth because of an inability to obtain funds at a reasonable price within a reasonable time Market The risk that an institution’s earnings or the economic value of equity could be adversely impacted by changes in interest rates, foreign exchange rates or other market factors Operational The risk of loss, capital impairment, adverse customer experience or reputational impact resulting from failure to comply with policies and procedures, failed internal processes or systems, or from external events Reputation The risk to market value, recruitment and retention of talented associates and maintenance of a loyal customer base due to the negative perceptions of our internal and external constituents regarding our business strategies and activities Strategic The risk of a material impact on current or anticipated earnings, capital, franchise or enterprise value arising from the Company’s competitive and market position and evolving forces in the industry that can affect that position; lack of responsiveness to these conditions; strategic decisions to change the Company’s scale, market position or operating model; or, failure to appropriately consider implementation risks inherent in the Company’s strategy We provide an overview of how we manage our seven major categories of risk below.

Compliance risk can also arise from nonconformance with prescribed practices, internal policies and procedures, contractual obligations or ethical standards that reinforce those laws, rules or regulations Credit The risk to current or projected financial condition and resilience arising from an obligor’s failure to meet the terms of any contract with the Company or otherwise perform as agreed Liquidity The risk that the Company will not be able to meet its future financial obligations as they come due, or invest in future asset growth because of an inability to obtain funds at a reasonable price within a reasonable time Market The risk that an institution’s earnings or the economic value of equity could be adversely impacted by changes in interest rates, foreign exchange rates or other market factors Operational The risk of loss, capital impairment, adverse customer experience or reputational impact resulting from failure to comply with policies and procedures, failed internal processes or systems, or from external events Reputation The risk to market value, recruitment and retention of talented associates and maintenance of a loyal customer base due to the negative perceptions of our internal and external constituents regarding our business strategies and activities Strategic The risk of a material impact on current or anticipated earnings, capital, franchise or enterprise value arising from the Company’s competitive and market position and evolving forces in the industry that can affect that position; lack of responsiveness to these conditions; strategic decisions to change the Company’s scale, market position or operating model; or, failure to appropriately consider implementation risks inherent in the Company’s strategy The Company is in the process of integrating Discover Financial Services into its existing risk management practices, policies and processes.

The table below presents the geographic profile of our commercial real estate portfolio as of December 31, 2024 and 2023.

The table below presents the geographic profile of our commercial real estate portfolio as of December 31, 2025 and 2024.

Annual Report: References to “this Report” or our “2024 Form 10-K” or “2024 Annual Report” are to our Annual Report on Form 10-K for the fiscal year ended December 31, 2024. Bank: CONA, Capital One Financial Corporation’s principal operating subsidiary. Basel Committee: The Basel Committee on Banking Supervision.

Annual Report: References to “this Report” or our “2025 Form 10-K” or “2025 Annual Report” are to our Annual Report on Form 10-K for the fiscal year ended December 31, 2025. Bank: CONA, Capital One Financial Corporation’s principal operating subsidiary. Basel Committee: The Basel Committee on Banking Supervision.

Table 5 summarizes, by portfolio segment, the carrying value of our loans held for investment, the allowance for credit losses and net loan balance as of December 31, 2024 and 2023.

Table 5 summarizes by segment the carrying value of our loans held for investment, the allowance for credit losses and net loan balance as of December 31, 2025 and 2024.

Our credit card loan portfolio is geographically diversified due to our product and marketing approach. The table below presents the geographic profile of our credit card loan portfolio as of December 31, 2024 and 2023.

Our credit card loan portfolio is geographically diversified due to our product and marketing approach. The table below presents the geographic profile of our domestic credit card loan portfolio as of December 31, 2025 and 2024.

We established a risk governance structure and accountabilities to effectively and consistently oversee the management of risks across the Company. Our Board of Directors, Chief Executive Officer and management establish the tone at the top regarding the culture of the Company, including management of risk. Management reinforces expectations at the various levels of the organization.

We established a risk governance structure and accountabilities to effectively and consistently oversee the management of risks across the Company. Our Board of Directors, CEO and management establish the tone at the top regarding the culture of the Company, including management of risk. Management reinforces expectations at the various levels of the organization.

Financial Statements and Supplementary Data—Note 1—Summary of Significant Accounting Policies.” 106 Capital One Financial Corporation (COF) Table of Contents Table 26 presents changes in our allowance for credit losses and reserve for unfunded lending commitments for 2024 and 2023, and details by portfolio segment for the provision for credit losses, charge-offs and recoveries.

Financial Statements and Supplementary Data—Note 1—Summary of Significant Accounting Policies.” 115 Capital One Financial Corporation (COF) Table of Contents Table 26 presents changes in our allowance for credit losses and reserve for unfunded lending commitments for 2025 and 2024, and details by portfolio for the provision for credit losses, charge-offs and recoveries.

Net interest income sensitivity metrics are derived using the following key assumptions: • As of December 31, 2024, our metrics assume a market implied baseline interest rate projection for the upper limit of the Federal Funds Target Rate of 4.00% at both December 31, 2025 and 2026. • In addition to our existing assets, liabilities and derivative positions, we incorporate expected future business growth assumptions.

Net interest income sensitivity metrics are derived using the following key assumptions : • As of December 31, 2025, our metrics assume a market implied baseline interest rate projection for the upper limit of the Federal Funds Target Rate of 3.25% at both December 31, 2026 and 2027. • In addition to our existing assets, liabilities and derivative positions, we incorporate expected future business growth assumptions.

… 378 more changes not shown on this page.