What changed in U.S. Bancorp's 10-K — 2024 vs 2025
vs
Paragraph-level year-over-year comparison of U.S. Bancorp's 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.
+135 added−141 removedSource: 10-K (2026-02-23) vs 10-K (2025-02-21)
Top changes in U.S. Bancorp's 2025 10-K
135 paragraphs added · 141 removed · 99 edited across 7 sections
- Item 1. Business+104 / −108 · 75 edited
- Item 1C. Cybersecurity+23 / −25 · 17 edited
- Item 5. Market for Registrant's Common Equity+3 / −3 · 2 edited
- Item 2. Properties+2 / −2 · 2 edited
- Item 3. Legal Proceedings+1 / −1 · 1 edited
Item 1. Business
Business — how the company describes what it does
75 edited+29 added−33 removed143 unchanged
Item 1. Business
Business — how the company describes what it does
75 edited+29 added−33 removed143 unchanged
2024 filing
2025 filing
Biggest changeBancorp’s operational, technology or security systems or infrastructure, or those of third parties, including as a result of cybersecurity incidents; • Failures to safeguard personal information; • Impacts of pandemics, natural disasters, terrorist activities, civil unrest, international hostilities and geopolitical events; • Impacts of supply chain disruptions, rising inflation, slower growth or a recession; • Failure to execute on strategic or operational plans; 1 • Effects of mergers and acquisitions and related integration; • Effects of critical accounting policies and judgments; • Effects of changes in or interpretations of tax laws and regulations; • Management’s ability to effectively manage credit risk, market risk, operational risk, compliance risk, strategic risk, interest rate risk, liquidity risk and reputation risk; and • The risks and uncertainties more fully discussed in the section entitled “Risk Factors” of the 2024 Annual Report.
Biggest changeBancorp’s operational, technology or security systems or infrastructure, or those of third parties, including as a result of cybersecurity incidents; • Failures to safeguard personal information; • Impacts of pandemics, natural disasters, terrorist activities, civil unrest, international hostilities and geopolitical events; • Impacts of supply chain disruptions, rising inflation, slower growth or a recession; • Failure to execute on strategic or operational plans; • Effects of mergers and acquisitions, such as the pending acquisition of Condor Trading LP and its subsidiaries, including BTIG, LLC (collectively, “BTIG”), and related integration, including that the expected benefits may take longer than anticipated to achieve or may not be achieved in entirety or at all and the costs relating to the combination may be greater than expected; • Effects of critical accounting policies and judgments; 1 • Effects of changes in or interpretations of tax laws and regulations; • Management’s ability to effectively manage credit risk, market risk, operational risk, compliance risk, strategic risk, interest rate risk and liquidity risk; and • The risks and uncertainties more fully discussed in the section entitled “Risk Factors” of the 2025 Annual Report.
In November 2023, the FDIC released a final rule to impose a special assessment to recover the losses to the DIF resulting from failures of other banking institutions during 2023. The special assessments are tax deductible.
In November 2023, the FDIC released a final rule to impose a special assessment to recover the losses to the DIF resulting from failures of other banking institutions during 2023 (Special Assessment Rule). The special assessments are tax deductible.
These laws and regulations require, among other things, disclosures of the cost of credit and terms of deposit accounts, provide substantive consumer rights, prohibit discrimination in credit transactions, regulate the use of credit report information, provide financial privacy protections, prohibit unfair, deceptive and abusive practices and subject USBNA to substantial regulatory oversight.
These laws and regulations, among other things, require disclosures of the cost of credit and terms of deposit accounts, provide substantive consumer rights, prohibit discrimination in credit transactions, regulate the use of credit report information, provide financial privacy protections, prohibit unfair, deceptive and abusive practices and subject USBNA to substantial regulatory oversight.
Forward-looking statements often use words such as “anticipates,” “targets,” “expects,” “hopes,” “estimates,” “projects,” “forecasts,” “intends,” “plans,” “goals,” “believes,” “continue” and other similar expressions or future or conditional verbs such as “will,” “may,” “might,” “should,” “would” and “could.” Forward-looking statements involve inherent risks and uncertainties that could cause actual results to differ materially from those set forth in forward-looking statements, including the following risks and uncertainties: • Deterioration in general business and economic conditions or turbulence in domestic or global financial markets, which could adversely affect U.S.
Forward-looking statements often use words such as “anticipates,” “targets,” “expects,” “hopes,” “estimates,” “projects,” “forecasts,” “intends,” “plans,” “goals,” “believes,” “continue” and other similar expressions or future or conditional verbs such as “will,” “may,” “might,” “should,” “would” and “could.” Forward-looking statements involve inherent risks and uncertainties that could cause actual results to differ materially from those set forth in forward-looking statements, including the following risks and uncertainties: • Deterioration in general business, political and economic conditions or turbulence in domestic or global financial markets, which could adversely affect U.S.
USBNA is also required to file periodically separate resolution plans with the FDIC that should enable the FDIC, as receiver, to resolve USBNA under applicable receivership provisions of the Federal Deposit Insurance Act in a manner that ensures that depositors receive access to their insured deposits within one business day of the institution’s failure, maximizes the net present 8 value return from the sale or disposition of its assets and minimizes the amount of any loss to the institution’s creditors.
USBNA is also required to file periodically separate resolution plans with the FDIC that should enable the FDIC, as receiver, to resolve USBNA under applicable receivership provisions of the Federal Deposit Insurance Act in a manner that ensures that depositors receive access to their insured deposits within one business day of the institution’s failure, maximizes the net present value return from the sale or disposition of its assets and minimizes the amount of any loss to the institution’s creditors.
Enhanced Prudential Standards Under the Dodd-Frank Act, as modified by the Economic Growth, Regulatory Relief and Consumer Protection Act and the Tailoring Rules, large bank holding companies, such as the Company, are subject to certain enhanced prudential standards based on the banking organization’s size and certain “risk-based indicators.” The prudential standards include enhanced risk-based capital and leverage requirements, enhanced liquidity requirements, enhanced risk 5 management and risk committee requirements, a requirement to submit a resolution plan, single-counterparty credit limits and stress tests.
Enhanced Prudential Standards Under the Dodd-Frank Act, as modified by the Economic Growth, Regulatory Relief and Consumer Protection Act and the Tailoring Rules, large bank holding companies, such as the Company, are subject to certain enhanced prudential standards based on the banking organization’s size and certain “risk-based indicators.” The prudential standards include enhanced risk-based capital and leverage requirements, enhanced liquidity requirements, enhanced risk management and risk committee requirements, a requirement to submit a resolution plan, single-counterparty credit limits and stress tests.
In addition, under the proposed rule, also subject to a phase-in period, Category III banking institutions, such as the Company, would no longer be permitted to opt out of including certain components of accumulated other comprehensive income in regulatory capital, which would result in unrealized gains and losses on available- 6 for-sale securities being included in the calculation of the Company’s regulatory capital ratios.
In addition, under the proposed rule, also subject to a phase-in period, Category III banking institutions, such as the Company, would no longer be permitted to opt out of including certain components of accumulated other comprehensive income in regulatory capital, which would result in unrealized gains and losses on available-for-sale securities being included in the calculation of the Company’s regulatory capital ratios.
Under the final rule, USBNA will be required to provide consumers and, upon the consumer’s request, their authorized third parties electronic access to “covered data.” This includes transaction information, account balances, upcoming bill information, information to initiate payment to and from accounts, the terms and conditions under which an account or credit card was provided, and certain other basic account verification information.
Under the final rule, USBNA will be required to provide consumers and, upon the consumer’s request, their authorized third parties with electronic access to “covered data.” This includes transaction information, account balances, upcoming bill information, information to initiate payment to and from accounts, the terms and conditions under which an account or credit card was provided, and certain other basic account verification information.
Similarly, the Office of the Superintendent of Financial Institutions in Canada requires Federally Regulated Financial Institutions to report qualifying technology and cybersecurity incidents under the provisions of the August 13, 2021 Technology and Cyber Security Incident Reporting Advisory. 11 Consumer Protection USBNA’s retail banking activities are subject to a variety of federal and state statutes and regulations designed to protect consumers.
Similarly, the Office of the Superintendent of Financial Institutions in Canada requires Federally Regulated Financial Institutions to report qualifying technology and cybersecurity incidents under the provisions of the August 13, 2021 Technology and Cyber Security Incident Reporting Advisory. Consumer Protection USBNA’s retail banking activities are subject to a variety of federal and state statutes and regulations designed to protect consumers.
Further, several states in which the Company operates have enacted or proposed statutes, regulations or guidance addressing climate change and other sustainability issues. For example, in 2023, the State of California enacted laws, which are subject to ongoing litigation, requiring certain companies doing business in California to disclose greenhouse gas emissions data and certain other climate-related information.
Several states in which the Company operates have enacted or proposed statutes, regulations or guidance addressing climate change and other sustainability issues. For example, in 2023, the State of California enacted laws, which are subject to ongoing litigation, requiring certain companies doing business in California to disclose greenhouse gas emissions data and certain other climate-related information.
Use of such information is regulated under the Fair Credit Reporting Act (“FCRA”), and the FCRA also regulates reporting information to consumer reporting agencies, prescreening individuals for credit offers, sharing of consumer reports between affiliates, and using affiliate credit data for marketing purposes. Similar state laws may impose additional requirements on the Company and its subsidiaries.
Use of such information is regulated under the Fair Credit Reporting Act (“FCRA”), and the FCRA also regulates reporting information to consumer reporting agencies, prescreening individuals for credit offers, sharing of consumer reports between affiliates, and using affiliate credit data for marketing purposes. Similar state laws may impose additional requirements on the Company and its 11 subsidiaries.
The Company recognizes that supporting, engaging and continuously upskilling its workforce is key to meeting evolving corporate and customer needs. To further those efforts, the Company is committed to supporting employees’ professional development through programs that promote engagement, learning and productivity and providing pay that is competitive and fair, as well as other benefits and programs that promote wellness.
The Company recognizes that supporting, engaging and continuously upskilling its workforce is key to meeting evolving corporate and customer needs. To further those efforts, the Company is committed to supporting employees’ professional development through programs that promote engagement, learning and productivity and by providing pay that is competitive and fair, as well as other benefits and programs that promote wellness.
(b) Under certain circumstances, upon the direction of the OCC, each share of USB Realty Corp.’s Series A Preferred Stock will be automatically exchanged for one share of U.S. Bancorp’s Series C Non-Cumulative Perpetual Preferred Stock. Available Information U.S. Bancorp’s website can be found at www.usbank.com. U.S.
(b) Under certain circumstances, upon the direction of the OCC, each share of USB Realty Corp.’s Series A Preferred Stock will be automatically exchanged for one share of U.S. Bancorp’s Series C Non-Cumulative Perpetual Preferred Stock. 13 Available Information U.S. Bancorp’s website can be found at www.usbank.com. U.S.
If the Federal Reserve and the FDIC jointly determine that the resolution plan is not credible and such deficiencies are not cured in a timely manner, the regulators may jointly impose on the Company more stringent capital, leverage or liquidity requirements or restrictions on the Company’s growth, activities or operations.
If the Federal Reserve and the FDIC jointly determine that the resolution plan is not credible and such deficiencies are not cured in a 8 timely manner, the regulators may jointly impose on the Company more stringent capital, leverage or liquidity requirements or restrictions on the Company’s growth, activities or operations.
As of April 2022, banking organizations, such as the Company and USBNA, are required to notify their primary federal regulator within 36 hours of a computer-security incident that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores or transmits, which has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the banking organization’s ability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of the banking organization, or impact the stability of the financial sector.
Banking organizations, such as the Company and USBNA, are required to notify their primary federal regulator within 36 hours of a computer-security incident that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores or transmits, which has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the banking organization’s ability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of the banking organization, or impact the stability of the financial sector.
Many of the statutory provisions in the AMLA require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance. In June 2021, the Financial Crimes Enforcement Network, a bureau of the U.S.
Many of the statutory provisions in the AMLA require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance. In 9 June 2021, the Financial Crimes Enforcement Network, a bureau of the U.S.
In addition, the European Union’s Corporate Sustainability Reporting Directive came into effect in January 2023, significantly expanding the scope of sustainability disclosures required to be disclosed by certain EU and non-EU companies.
In addition, the 12 European Union’s Corporate Sustainability Reporting Directive came into effect in January 2023, significantly expanding the scope of sustainability disclosures required to be disclosed by certain EU and non-EU companies.
Other Supervision and Regulation As a public company, the Company is subject to the requirements of the Securities Act of 1933, as amended, the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and the rules and regulations promulgated 12 by the SEC thereunder, as administered by the SEC.
Other Supervision and Regulation As a public company, the Company is subject to the requirements of the Securities Act of 1933, as amended, the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and the rules and regulations promulgated by the SEC thereunder, as administered by the SEC.
USBNA is required to file its next initial interim supplement on or before July 1, 2025, and its next full resolution plan on or before July 1, 2026. Recovery Plans The OCC has established enforceable guidelines for recovery planning by insured national banks with average total consolidated assets of $250 billion or more, including USBNA.
USBNA filed its initial interim supplement in July 2025 and is required to file its next full resolution plan on or before July 1, 2026. Recovery Plans The OCC has established enforceable guidelines for recovery planning by insured national banks with average total consolidated assets of $250 billion or more, including USBNA.
The CFPB has undertaken numerous rule-making and other initiatives, including launching an initiative to reduce the amounts and types of fees financial institutions may charge, including by recently proposing a rule that would significantly reduce the permissible amount of credit card late fees, issuing informal guidance and taking enforcement actions against certain financial institutions.
The CFPB has in the past undertaken numerous rule-making and other initiatives, including launching an initiative to reduce the amounts and types of fees financial institutions may charge, including by recently proposing a rule that would significantly reduce the permissible amount of credit card late fees, issuing informal guidance and taking enforcement actions against certain financial institutions.
The OCC assesses 9 USBNA on its record in meeting the credit needs of the community served by USBNA, including low- and moderate-income neighborhoods.
The OCC assesses USBNA on its record in meeting the credit needs of the community served by USBNA, including low- and moderate-income neighborhoods.
Under the United States Basel III-based capital rules, the Company is subject to a minimum common equity tier 1 (“CET1”) capital ratio (CET1 capital to risk-weighted assets) of 4.5 percent, a minimum tier 1 capital ratio of 6.0 percent and a minimum total capital ratio of 8.0 percent. At December 31, 2024, the Company exceeded these minimum capital ratio requirements.
Under the United States Basel III-based capital rules, the Company is subject to a minimum common equity tier 1 (“CET1”) capital ratio (CET1 capital to risk-weighted assets) of 4.5 percent, a minimum tier 1 capital ratio of 6.0 percent and a minimum total capital ratio of 8.0 percent. At December 31, 2025, the Company exceeded these minimum capital ratio requirements.
The Company’s ability to continue to compete effectively also depends in large part on its ability to attract new employees and retain 3 and motivate existing employees, while managing compensation and other costs. For additional information relating to how the Company attracts and retains employees, see “Human Capital” above.
The Company’s ability to continue to compete effectively also depends in large part on its ability to attract new employees and develop, retain and motivate existing employees, while managing compensation and other costs. For additional information relating to how the Company attracts and retains employees, see “Human Capital” above.
For example, the Company is subject to the California Consumer Protection Act of 2018 and its implementing regulations, as amended in 2020 by the California Privacy Rights Act (the "CCPA"), which provided residents of California with specific rights with respect to the collection of their personal information. The CCPA exempts NPI from its scope.
For example, the Company is subject to the California Consumer Protection Act of 2018 and its implementing regulations, as amended in 2020 by the California Privacy Rights Act (the "CCPA"), which provides residents of California with specific rights with respect to the collection of their personal information. The CCPA exempts NPI from its scope.
These forward-looking statements cover, among other things, future economic conditions and the anticipated future revenue, expenses, financial condition, asset quality, capital and liquidity levels, plans, prospects and operations of U.S. Bancorp.
These forward-looking statements cover, among other things, future economic conditions and the anticipated future revenue, expenses, financial condition, asset quality, capital and liquidity levels, plans, prospects, targets, initiatives and operations of U.S. Bancorp.
Government Policies The operations of the Company’s various businesses are affected by federal and state laws and legislative changes and by policies of various regulatory authorities of the United States and the numerous states and foreign countries in which they operate.
Government Policies The operations of the Company’s various businesses are affected by federal and state laws and legislative changes, executive actions, and policies of various regulatory authorities of the United States and the numerous states and foreign countries in which they operate.
If the Company were to fail to address the deficiencies in its resolution plan when required, it could eventually be required to divest certain assets or operations. As a Category III banking organization, the Company is required to submit resolution plans on a triennial cycle (alternating between targeted and full submissions).
If the Company were to fail to address the deficiencies in its resolution plan when required, it could eventually be required to divest certain assets or operations. As a Category III banking organization, the Company is required to submit resolution plans on a triennial cycle (alternating between targeted and full submissions). The Company submitted its triennial plan in October 2025.
The stress test is based on the OCC’s stress scenarios (which are typically the same as the Federal Reserve’s stress scenarios) and capital actions that are appropriate for the economic conditions assumed in each scenario.
The stress test is based on the OCC’s stress scenarios (which typically have been the same as the Federal Reserve’s stress scenarios) and capital actions that are appropriate for the economic conditions assumed in each scenario.
If the Federal Reserve were to raise the countercyclical capital buffer, or if the SCB applicable to the Company were to exceed 3.1 percent, this would also change the effective minimum capital ratios to which the Company is subject. For USBNA, the buffer requirement consists of the static capital conservation buffer equal to 2.5 percent of risk-weighted assets.
If the Federal Reserve were to raise the countercyclical capital buffer, or if the SCB applicable to the Company were to exceed 2.6 percent, this would also change the effective minimum capital ratios to which the Company is subject. For USBNA, the buffer requirement consists of the static capital conservation buffer equal to 2.5 percent of risk-weighted assets.
The Company operates a network of 4,489 ATMs as of December 31, 2024, and provides 24-hour, seven day a week telephone customer service. Mortgage banking services are provided through banking offices and loan production offices throughout the Company’s domestic markets. Lending products may be originated through banking offices, indirect correspondents, brokers or other lending sources.
The Company operates a network of 4,428 ATMs as of December 31, 2025, and provides 24-hour, seven day a week telephone customer service. Mortgage banking services are provided through banking offices and loan production offices throughout the Company’s domestic markets. Lending products may be originated through banking offices, indirect correspondents, brokers or other lending sources.
Additional information regarding the Company’s business segments can be found on pages 54 to 56 of the Company’s 2024 Annual Report under the heading “Business Segment Financial Review,” which is incorporated herein by reference. Human Capital The Company’s success depends, in large part, on its ability to attract, develop and retain skilled employees.
Additional information regarding the Company’s business segments can be found on pages 53 to 54 of the Company’s 2025 Annual Report under the heading “Business Segment Financial Review,” which is incorporated herein by reference. Human Capital The Company’s success depends, in large part, on its ability to attract, develop and retain skilled employees.
Bancorp with the SEC as soon as reasonably practicable after electronically filed with, or furnished to, the SEC. Additional Information Additional information in response to this Item 1 can be found in the 2024 Annual Report on pages 54 to 56 under the heading “Business Segment Financial Review.” That information is incorporated into this report by reference. Item 1A .
Bancorp with the SEC as soon as reasonably practicable after electronically filed with, or furnished to, the SEC. Additional Information Additional information in response to this Item 1 can be found in the 2025 Annual Report on pages 53 to 54 under the heading “Business Segment Financial Review.” That information is incorporated into this report by reference. Item 1A .
In addition to its competitive 401(k) matching program, the Company maintains an active cash balance pension program for its U.S. employees, including newly hired employees. Competition The financial services industry is highly competitive.
In addition to its competitive 401(k) matching program, the Company maintains an active cash balance pension program for its U.S. employees, including newly hired employees. Competition The financial services industry is highly competitive and constantly evolving.
Banking and investment services are provided through a network of branches and banking offices across the United States, primarily in the Midwest and West regions, including 2,165 branches across 26 states as of December 31, 2024. A significant percentage of consumer transactions are completed using USBNA's digital banking services, both online and through its digital app.
Banking and investment services are provided through a network of branches and banking offices across the United States, primarily in the Midwest and West regions, including 2,075 branches across 26 states as of December 31, 2025. A significant percentage of consumer transactions are completed using USBNA's digital banking services, both online and through its digital app.
The following table identifies the closing date for each transaction, issuer, series of Capital Securities, Preferred Stock or Exchangeable Preferred Stock issued in the relevant transaction, Other Securities, if any, and applicable Covered Debt as of February 21, 2025, for those securities that remain outstanding.
The following table identifies the closing date for each transaction, issuer, series of Capital Securities, Preferred Stock or Exchangeable Preferred Stock issued in the relevant transaction, Other Securities, if any, and applicable Covered Debt as of February 23, 2026, for those securities that remain outstanding.
Bancorp’s role as a loan servicer; • Impacts of current, pending or future litigation and governmental proceedings; • Increased competition from both banks and non-banks; • Effects of climate change and related physical and transition risks; • Changes in customer behavior and preferences and the ability to implement technological changes to respond to customer needs and meet competitive demands; • Breaches in data security; • Failures or disruptions in or breaches of U.S.
Bancorp’s role as a loan servicer; • Impacts of current, pending or future litigation and governmental proceedings; • Increased competitive pressure; • Effects of climate change and related physical and transition risks; • Changes in customer behavior and preferences and the ability to implement technological changes to respond to customer needs and meet competitive demands; • Breaches in data security; • Failures or disruptions in or breaches of U.S.
USBNA received an “Outstanding” CRA rating in its most recent examination, covering the period from January 1, 2016 through December 31, 2020. In October 2023, the OCC, together with the Federal Reserve and FDIC, issued a final rule to modernize the CRA regulatory framework.
USBNA received an “Outstanding” CRA rating in its most recent examination, covering the period from January 1, 2016 through December 31, 2020. In October 2023, the OCC, together with the Federal Reserve and FDIC, issued a final rule that introduced major changes to the CRA regulatory framework.
As of December 31, 2024, the Company employed a total of 70,263 employees globally. The Company’s current workforce strategy is focused on promoting in-person engagement across more than 20 corporate hub locations, its branch network and business centers to support the Company’s business and customer needs.
As of December 31, 2025, the Company employed a total of 68,520 employees globally. The Company’s current workforce strategy is focused on promoting in-person engagement across more than 20 corporate hub locations, its branch network and business centers to support the Company’s business and customer needs.
In recent years, competition has increased from institutions not subject to the same regulatory restrictions as domestic banks and bank holding companies, including by financial technology companies, or “fintechs,” which may offer bank-like products or services that compete directly with the Company’s products and services.
Competition has also increased from companies that are not subject to the same regulatory restrictions as domestic banks and bank holding companies, including by financial technology companies, or “fintechs,” which may offer bank-like products or services that compete directly with the Company’s products and services.
The Company competes with other commercial banks, savings and loan associations, mutual savings banks, finance companies, mortgage banking companies, credit unions, investment companies, credit card companies and a variety of other financial services, advisory and technology companies.
The Company competes with other commercial banks, savings and loan associations, mutual savings banks, finance companies, mortgage banking companies, credit unions, investment companies, credit card companies, custody banks, trust companies, asset managers, investment advisers and a variety of other financial services, advisory and technology companies.
A downgrade in these ratings could limit the Company’s ability to pursue acquisitions or conduct other expansionary activities for a period of time, require new or additional regulatory approvals before engaging in certain other business activities or investments, affect USBNA’s deposit insurance assessment rates, limit the Company's access to funding through government-sponsored liquidity programs, and impose additional recordkeeping and corporate governance requirements, as well as generally increase regulatory scrutiny of the Company. 4 BHC Activities The Company is a BHC under the BHC Act and has elected to be a financial holding company (“FHC”).
A downgrade in these ratings could limit the Company’s ability to pursue acquisitions or conduct other expansionary activities for a period of time, require new or additional regulatory approvals before engaging in certain other business activities or investments, affect USBNA’s deposit insurance assessment rates, limit the Company's access to funding through government-sponsored liquidity programs, and impose additional recordkeeping and corporate governance requirements, as well as generally increase regulatory scrutiny of the Company.
As a result of this rule, the Company recognized additional noninterest expense of $136 million and $734 million in 2024 and 2023, respectively, for the FDIC special assessment.
As a result of this rule, the Company recognized additional noninterest expense of $136 million in 2024 for the FDIC special assessment.
Banking organizations that fail to meet the effective minimum ratios will be subject to constraints on capital distributions, including dividends and share repurchases, and certain discretionary executive compensation, with the severity of the constraints depending on the extent of the shortfall and “eligible retained income” (defined as the greater of (i) net income for the four preceding quarters, net of distributions and associated tax effects not reflected in net income; and (ii) the average of all net income over the preceding four quarters).
Banking organizations that fail to meet the effective minimum ratios will be subject to constraints on capital distributions, including dividends and share repurchases, and certain discretionary executive compensation, with the severity of the constraints depending on the extent of the shortfall and “eligible retained income” (defined as the greater of (i) net income for the four preceding quarters, net of distributions and associated tax effects not reflected in net income; and (ii) the average of all net income over the preceding four quarters). 6 United States banking organizations are also subject to a minimum tier 1 leverage ratio of 4.0 percent.
In addition, the Company’s broker-dealer entities are members of the Securities Investor Protection Corporation, which oversees the liquidation of member broker-dealers that close when the broker-dealer is bankrupt or in financial distress and imposes membership fee assessments and other reporting requirements on the broker-dealer entities.
In addition, the Company’s broker-dealer entities are members of the Securities Investor Protection Corporation, which oversees the liquidation of member broker-dealers that close when the broker-dealer is bankrupt or in financial distress and imposes membership fee assessments and other reporting requirements on the broker-dealer entities. In addition, in January 2026, the Company announced the pending acquisition of Condor Trading LP.
Risk Factors Information in response to this Item 1A can be found in the 2024 Annual Report on pages 136 to 151 under the heading “Risk Factors.” That information is incorporated into this report by reference. 13
Risk Factors Information in response to this Item 1A can be found in the 2025 Annual Report on pages 135 to 150 under the heading “Risk Factors.” That information is incorporated into this report by reference.
As a BHC with over $100 billion in total consolidated assets, the Company is subject to the Dodd-Frank Act’s enhanced prudential standards, as applied to “Category III” institutions under the federal banking regulators’ rules that tailor how enhanced prudential standards apply to large U.S. banking organizations (the “Tailoring Rules”).
As a BHC with over $100 billion in total consolidated assets, the Company is subject to the enhanced prudential standards of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), as applied to “Category III” institutions under the federal banking regulators’ rules that tailor how enhanced prudential standards apply to large U.S. banking organizations (the “Tailoring Rules”).
It also engages in credit card services, merchant and ATM processing, mortgage banking, insurance, brokerage and leasing. U.S. Bancorp’s banking subsidiary, USBNA, is engaged in the general banking business, principally in domestic markets, and holds all of the Company’s consolidated deposits of $518.3 billion at December 31, 2024.
It also engages in credit card services, merchant and ATM processing, mortgage banking, insurance, brokerage and leasing. U.S. Bancorp’s banking subsidiary, U.S. Bank National Association (“USBNA”), is engaged in the general banking business, principally in domestic markets, and holds all of the Company’s consolidated deposits of $522.2 billion at December 31, 2025.
BHCs that qualify and elect to be treated as FHCs may engage in, and affiliate with financial companies engaging in, a broader range of activities than would otherwise be permitted for a BHC.
BHC Activities The Company is a BHC under the BHC Act and has elected to be a financial holding company (“FHC”). BHCs that qualify and elect to be treated as FHCs may engage in, and affiliate with financial companies engaging in, a broader range of activities than would otherwise be permitted for a BHC.
In addition, a notice of proposed rulemaking to revise the FCRA was also published in December 2024, with comments to the proposal due in March 2025.
A notice of proposed rulemaking to revise the FCRA was published in December 2024, with comments to the proposal due in March 2025. The CFPB subsequently withdrew the proposed rule in May 2025.
United States banking organizations are also subject to a minimum tier 1 leverage ratio of 4.0 percent. As a Category III banking organization, the Company is also subject to a minimum Supplementary Leverage Ratio (“SLR”) of 3.0 percent that takes into account both on-balance sheet and certain off-balance sheet exposures.
As a Category III banking organization, the Company is also subject to a minimum Supplementary Leverage Ratio (“SLR”) of 3.0 percent that takes into account both on-balance sheet and certain off-balance sheet exposures. At December 31, 2025, the Company exceeded the applicable minimum tier 1 leverage ratio and SLR requirements.
Payment Services includes consumer and business credit cards, stored-value cards, debit cards, corporate, government and purchasing card services and merchant processing. 2 Treasury and Corporate Support includes the Company’s investment portfolios, funding, capital management, interest rate risk management, income taxes not allocated to the business lines, including most investments in tax-advantaged projects, and the residual aggregate of those expenses associated with corporate activities that are managed on a consolidated basis.
Treasury and Corporate Support includes the Company’s investment portfolios, funding, capital management, interest rate risk management, income taxes not allocated to the business segments, including most investments in tax-advantaged projects, and the residual aggregate of those expenses associated with corporate activities that are managed on a consolidated basis.
Canada is in the process of replacing its federal privacy law, the Personal Information Protection and Electronic Documents Act, with a new privacy framework that the Company expects will impose additional compliance obligations on the Company’s Canadian operations.
The GDPR contains enhanced compliance obligations and increased penalties for non-compliance and is regularly enforced by European regulators. Canada is in the process of replacing its federal privacy law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”), with a new privacy framework that the Company expects will impose additional compliance obligations on the Company’s Canadian operations.
The operations of the First American family of funds, the Company’s proprietary money market fund complex, also are subject to regulation by the SEC, including rules requiring a floating net asset value for institutional prime and tax-free money market funds and permitting the board of directors of the money market funds the ability to limit redemptions during periods of stress (allowing for the use of liquidity fees and redemption gates during such times).
The operations of the First American family of funds, the Company’s proprietary money market fund complex, also are subject to regulation by the SEC, including rules requiring a floating net asset value for institutional prime and tax-free money market funds, permitting the board of directors of the money market funds the ability to limit redemptions during periods of stress (allowing for the use of liquidity fees and redemption gates during such times), requiring funds to hold proportions of their total assets in securities that can be liquidated in one business day and requiring institutional prime and institutional tax-exempt money market funds to impose liquidity fees on investors that redeem their investments during times of stress.
These foreign operations are not significant to the Company. Business Segments The Company’s major business segments are Wealth, Corporate, Commercial and Institutional Banking, Consumer and Business Banking, Payment Services, and Treasury and Corporate Support.
Business Segments The Company’s major business segments are Wealth, Corporate, Commercial and Institutional Banking, Consumer and Business Banking, Payment Services, and Treasury and Corporate Support.
As of December 31, 2024, the SCB applicable to the Company is 3.1 percent, an increase from the SCB of 2.5 percent that applied to the Company at December 31, 2023.
As of December 31, 2025, the SCB applicable to the Company is 2.6 percent, a decrease from the SCB of 3.1 percent that applied to the Company at December 31, 2024.
Environmental, Social and Governance In recent years, federal, state and international lawmakers and regulators have increased their focus on financial institutions’ and other companies’ risk oversight, disclosures and practices in connection with climate change and other environmental, social and governance matters.
Environmental, Social and Sustainability In recent years, certain lawmakers and regulators inside and outside the United States have increased their focus on financial institutions’ and other companies’ risk oversight, disclosures and practices in connection with climate change and other environmental, social and sustainability matters.
Products and services are delivered through banking offices, telephone servicing and sales, online services, direct mail, ATMs, mobile devices, distributed mortgage loan officers, and intermediary relationships including auto dealerships, mortgage banks, and strategic business partners.
Products and services are delivered through banking offices, telephone servicing and sales, online services, direct mail, ATMs, mobile 2 devices, distributed mortgage loan officers, and intermediary relationships including auto dealerships, mortgage banks, and strategic business partners. Payment Services includes consumer and business credit cards, stored-value cards, debit cards, corporate, government and purchasing card services and merchant processing.
Conversely, some states in which the Company does business have enacted, or proposed to enact, certain “anti-ESG” measures, including statutes, regulations or policies that prohibit certain financial institutions from denying or canceling products or services to a person, or otherwise discriminating against a person in making available products or services, on the basis of social credit scores and certain other factors.
Fair Access to Financial Services In recent years, certain states have enacted, or have proposed to enact, statutes, regulations or policies that prohibit financial institutions from denying or canceling products or services to a person or business, or otherwise discriminating against a person or business in making available products or services, on the basis of certain social or political factors or other activities.
The Volcker Rule applies to the Company, USBNA and their affiliates, and compliance requirements are tailored based on the size and scope of trading activities.
The Volcker Rule applies to the Company, USBNA and their affiliates, and compliance requirements are tailored based on the size and scope of trading activities. The Company has a Volcker Rule compliance program in place that covers all of its subsidiaries and affiliates, including USBNA.
Competition is based on a number of factors, including, among others, customer service, quality and range of products and services offered, price, reputation, interest rates on loans and deposits, lending limits and customer convenience, including the ability to address customer needs by using technology to provide products and services that customers want to adopt.
Legislative, regulatory, economic, and technology changes, as well as consolidation within the financial services industry, could result in increased competition from new and existing market participants. 3 Competition is based on a number of factors including, among others, customer service, quality and range of products and services offered, price, reputation, interest rates on loans and deposits, lending limits, experience, relationships and customer convenience, including the ability to address customer needs by using technology to provide products and services that customers want to adopt.
If the Company were to become a “Category II” institution for purposes of the Tailoring Rules, the Company would become subject to annual (rather than biennial) company-run stress tests.
If the Company were to become a “Category II” institution for purposes of the Tailoring Rules, the Company would become subject to annual (rather than biennial) company-run stress tests. In October 2025, the Federal Reserve issued two proposals to revise its supervisory stress testing framework.
However, the Federal Reserve is authorized to take appropriate action at the BHC level, based on the undercapitalized status of the BHC’s subsidiary banking institutions.
Prompt corrective action regulations apply only to banks and not to BHCs such as the Company. However, the Federal Reserve is authorized to take appropriate action at the BHC level, based on the undercapitalized status of the BHC’s subsidiary banking institutions.
The final rule, which is being challenged by several banking industry groups, requires “data providers” such as USBNA to create detailed access interfaces for both consumers and developers in order to effectuate consumers’ access to, and transfer of, their personal financial data.
The final rule requires “data providers” such as USBNA to create detailed access interfaces for both consumers and developers in order to effectuate consumers’ access to, and transfer of, their personal financial data. USBNA will be prohibited from imposing any fees or charges for maintaining or providing access to or facilitating the transfer of such data.
Such restrictions may include a prohibition on capital distributions, restrictions on asset growth or restrictions on the ability to receive regulatory approval of applications.
Such restrictions may include a prohibition on capital distributions, restrictions on asset growth or restrictions on the ability to receive regulatory approval of applications. The FDICIA also provides for enhanced supervisory authority over undercapitalized institutions, including authority for the appointment of a conservator or receiver for the institution.
The Volcker Rule Section 13 of the BHC Act and its implementing regulations, commonly referred to as the “Volcker Rule,” prohibit banking entities from engaging in proprietary trading, and prohibit certain interests in, or relationships with, hedge funds or private equity funds.
Other rules generally exempt inter-affiliate transactions from initial margin requirements to the extent a depository institution’s total exposure to all affiliates is less than 15 percent of its tier 1 capital. 10 The Volcker Rule Section 13 of the BHC Act and its implementing regulations, commonly referred to as the “Volcker Rule,” prohibit banking entities from engaging in proprietary trading, and prohibit certain interests in, or relationships with, hedge funds or private equity funds.
If the Company were to become a “Category II” institution for purposes of the Tailoring Rules, the Company would become subject to the full (100 percent) LCR and NSFR requirements, as well as daily (rather than monthly) liquidity reporting requirements.
If the Company were to become a “Category II” institution for purposes of the Tailoring Rules, the Company would become subject to the full (100 percent) LCR and NSFR requirements, as well as daily (rather than monthly) liquidity reporting requirements. 7 Prompt Corrective Action The Federal Deposit Insurance Corporation Improvement Act (“FDICIA”) provides a framework for regulation of depository institutions and their affiliates (including parent holding companies) by federal banking regulators.
Bancorp's loan portfolios or in the value of the collateral securing those loans; • Changes in commercial real estate occupancy rates; • Risks related to originating and selling mortgages, including repurchase and indemnity demands, and related to U.S.
Bancorp's loan portfolios or in the value of the collateral securing those loans; • Changes in commercial real estate occupancy rates; • Increases in Federal Deposit Insurance Corporation (“FDIC”) assessments, including due to bank failures; • Actions taken by governmental agencies to stabilize or reform the financial system and the effectiveness of such actions; • Turmoil and volatility in the financial services industry; • Risks related to originating and selling mortgages, including repurchase and indemnity demands, and related to U.S.
The process of drafting and finalizing implementing regulations for the CCPA is ongoing. The Company continues to evaluate the new regulations, and the effects on the Company will depend on the form of any additional rulemakings. Similar comprehensive consumer privacy laws have been adopted by other states where the Company does business.
The Company continues to evaluate new regulations, enforcement activities and court decisions, and their effects on the Company. Similar comprehensive consumer privacy laws have been adopted by other states where the Company does business.
Similarly, the current Presidential administration has issued a number of executive orders and various agencies have taken positions that relate to environmental and social matters. Some of these measures may conflict with other regulatory requirements, including those described above. Due to legal challenges and other uncertainties, the effects of these measures on the Company cannot be predicted at this time.
In addition, some of the measures described in this section may conflict with other regulatory requirements, including those described above. Due to legal challenges and other uncertainties, the effects of these measures on the Company or USBNA cannot be predicted at this time.
The Company provides several talent development opportunities for employees to enhance skills that are critical in the current and future working environment and empowers employees to discover ways to thrive and grow in their careers. The Company has introduced and enhanced several learning programs in 2024, including the Product Academy, Foundational Leadership and Skill of the Month.
The Company provides several talent development opportunities for employees to enhance skills that are critical in the current and future working environment and empowers employees to discover ways to thrive and grow in their careers. In 2025, the Company hosted its second annual development event for all employees, which focused on topics ranging from communications to the future of banking.
Bancorp’s revenues and the values of its assets and liabilities, reduce the availability of funding to certain financial institutions, lead to a tightening of credit, and increase stock price volatility; • Turmoil and volatility in the financial services industry, including failures or rumors of failures of other depository institutions, which could affect the ability of depository institutions, including U.S.
Bancorp’s revenues and the values of its assets and liabilities, reduce the availability of funding to certain financial institutions, lead to a tightening of credit, and increase stock price volatility; • Changes to statutes, regulations, or regulatory policies or practices, including capital and liquidity requirements and any credit card interest caps, and the enforcement and interpretation of such laws and regulations, and U.S.
In addition, in the European Union (“EU”), privacy law is governed by the General Data Protection Regulation (“GDPR”), which is directly binding and applicable in each EU member state. The GDPR contains enhanced compliance obligations and increased penalties for non-compliance and is regularly enforced by European regulators.
The United States Congress has also proposed legislation relating to data privacy and data protection, and the federal government may in the future pass such legislation. In addition, in the European Union (“EU”), privacy law is governed by the General Data Protection Regulation (“GDPR”), which is directly binding and applicable in each EU member state.
USBNA’s most recent recovery plan was reviewed and approved pursuant to these guidelines in December 2024. In October 2024, the OCC finalized revisions to these guidelines that incorporate a testing standard and clarify the role of non-financial risk in recovery planning. These revisions are applicable to USBNA’s next recovery plan submission.
USBNA’s most recent recovery plan was reviewed and approved pursuant to these guidelines in December 2025. In October 2025, the OCC proposed a rule that would rescind its recovery planning guidelines. If finalized, USBNA would cease to be subject to recovery planning requirements.
Each of these state laws, however, includes an entity level exemption for “financial institutions” that are subject to the GLBA like the Company. The United States Congress has also proposed legislation relating to data privacy and data protection, and the federal government may in the future pass such legislation.
Each of these state laws, however, includes data level exemptions and/or entity level exemptions for “financial institutions” (or a similar variation) for entities that are subject to the BHC Act like the Company and USBNA.
Succession planning and talent development processes remain a top priority for the Company along with continuous improvements to its training and development programs. During 2024, employees completed over 1.8 million hours of training through the Company’s enterprise learning programs to better support their professional development and customer and business needs.
The Company also launched an “AI Essentials Channel” on Skills Academy, which is designed to help team members build skills in effectively using Company-approved artificial intelligence tools in their daily work. During 2025, employees completed over 1.7 million hours of training through the Company’s enterprise learning programs to better support their professional development and customer and business needs.
Removed
Bank National Association ("USBNA"), to attract and retain depositors, and could affect the ability of financial services providers, including U.S.
Added
These foreign operations are not significant to the Company.
Removed
Bancorp, to borrow or raise capital; • Increases in Federal Deposit Insurance Corporation (“FDIC”) assessments, including due to bank failures; • Actions taken by governmental agencies to stabilize the financial system and the effectiveness of such actions; • Uncertainty regarding the content, timing and impact of changes to regulatory capital, liquidity and resolution-related requirements applicable to large banking organizations in response to adverse developments affecting the banking sector; • Changes to statutes, regulations, or regulatory policies or practices, including capital and liquidity requirements, and the enforcement and interpretation of such laws and regulations, and U.S.
Added
Pending Acquisition of BTIG In January 2026, the Company announced that it entered into a definitive agreement to acquire BTIG for a purchase price of up to $1 billion, consisting of a targeted amount of $725 million ($362.5 million of cash and 6,600,594 shares of the Company’s common stock) to be paid at closing and up to an additional $275 million of cash consideration payable over three years, subject to achievement of defined performance targets.
Removed
The Company also launched the Skills Academy, a learning platform focused on the development of skills for all employees. In 2024, the Company also held a Development Day, highlighting the importance of self-development and the Company’s commitment to supporting learning.
… 57 more changes not shown on this page.
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
17 edited+6 added−8 removed21 unchanged
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
17 edited+6 added−8 removed21 unchanged
2024 filing
2025 filing
Biggest changeVenkatachari Dilip, the Company’s Senior Executive Vice President and Chief Information and Technology Officer, has oversight of technology-related risk management issues and controls that align to the NIST CSF. Mr. Dilip previously was an Executive Vice President from September 2018 to April 2023 and has served as Chief Information and Technology Officer since joining the Company in September 2018.
Biggest changeDilip has oversight of technology-related risk management issues and controls that align to the NIST CSF. Mr. Dilip has served as Chief Information and Technology Officer since joining the Company in September 2018 and has more than 20 years of relevant experience in this field.
Third Party Risks The Company also maintains a third-party risk management program responsible for the oversight of outsourced operations, which enables the Company to oversee and identify risks related to engaging third-party service providers, including risks from 14 cybersecurity threats to third-party service providers. The Company conducts due diligence using a risk-based approach in selecting and monitoring third-party service providers.
Third Party Risks The Company also maintains a third-party risk management program responsible for the oversight of outsourced operations, which enables the Company to oversee and identify risks related to engaging third-party service providers, including risks from cybersecurity threats to third-party service providers. The Company conducts due diligence using a risk-based approach in selecting and monitoring third-party service providers.
The third line of defense, the Company’s internal audit function, provides independent assessment and assurance regarding the effectiveness of the Company’s governance, risk management, and control processes with respect to cybersecurity threats, and provides challenges and recommendations for improvement.
The third line of defense, the Company’s internal audit function, provides independent assessment and assurance regarding the effectiveness of 14 the Company’s governance, risk management, and control processes with respect to cybersecurity threats, and provides challenges and recommendations for improvement.
These limits also inform how matters, including cybersecurity incidents or threats, are escalated to specific members of management, appropriate senior operating committees (including the ISRC and/or ERC), and/or the Board of Directors or appropriate Board committee. The Board’s Risk Management Committee oversees the Company’s risk profile relative to its risk appetite and compliance with risk limits.
These limits also inform how matters, including cybersecurity incidents or threats, are escalated to specific members of management, appropriate senior operating committees (including the CTGC and/or ERC), and/or the Board of Directors or appropriate Board committee. The Board’s Risk Management Committee oversees the Company’s risk profile relative to its risk appetite and compliance with risk limits.
The second line of defense, Cybersecurity Risk Oversight within the Company's Operational Risk Management group, provides reporting and escalation of emerging risks related to cybersecurity and other concerns to senior management, the ERC, the ISRC, other designated senior operating committees, and the Risk Management Committee of the Board of Directors.
The second line of defense, Cybersecurity Risk Oversight within the Company's Operational Risk Management group, provides reporting and escalation of emerging risks related to cybersecurity and other concerns to senior management, the ERC, the CTGC, other designated senior operating committees, and the Risk Management Committee of the Board of Directors.
ISS leadership reports prevention, detection, mitigation, and remediation activities through various working groups and committees. Certain working groups meet with the CISO monthly to review completed risk assessments, and items that require escalation are reported up using the internal committee structure and ad hoc communications if time sensitive.
ISS leadership reports prevention, detection, mitigation, and remediation activities through various working groups and committees. Certain working groups meet with the co-CISOs monthly to review completed risk assessments, and items that require escalation are reported up using the internal committee structure and ad hoc communications if time sensitive.
During the fiscal year ended December 31, 2024, the Company has not identified any specific risks from cybersecurity threats that have materially affected, or are reasonably likely to affect, the Company’s business strategy, results of operations, or financial condition, other than the risks described under “Risk Factors – Operations and Business Risk” in the 2024 Annual Report.
During the fiscal year ended December 31, 2025, the Company has not identified any specific risks from cybersecurity threats that have materially affected, or are reasonably likely to affect, the Company and its business strategy, results of operations, or financial condition, other than the risks described under “Risk Factors – Operations and Business Risk” in the 2025 Annual Report.
In this model, specific to cybersecurity threats, the first line of defense is Information Security Services (ISS), which is responsible for identifying and implementing cybersecurity controls in accordance with policy requirements and industry best practices, to meet regulatory requirements and to safeguard the business.
In this model, specific to cybersecurity threats, the first line of defense is ISS, which is responsible for identifying and implementing cybersecurity controls in accordance with policy requirements and industry best practices, to meet regulatory requirements and to safeguard the business.
The Board’s Risk Management Committee and Audit Committee also hold a joint meeting annually at which they receive a report from the Company’s CISO on cybersecurity threats facing the Company and its preparedness to meet and respond to those threats.
The Board’s Risk Management Committee and Audit Committee also hold a joint meeting annually at which they receive a report from the Company’s co-CISOs on cybersecurity threats facing the Company and its preparedness to meet and respond to those threats.
The Board carries out its risk management oversight responsibilities primarily through its committees. Each Board committee is responsible for overseeing certain risks under its charter. The Board’s Risk Management Committee, with support from its Cybersecurity and Technology Subcommittee, has primary oversight responsibility for cybersecurity risk, including risks from any cybersecurity threats.
The Board carries out its risk management oversight responsibilities primarily through its committees. Each Board committee is responsible for overseeing certain risks under its charter. The Board’s Risk Management Committee has primary oversight responsibility for cybersecurity risk, including risks from any cybersecurity threats.
Generally, each of the ERC and ISRC meet at least monthly. As part of the Company’s risk management framework, risk management programs and processes are in place to incorporate risk considerations into day-to-day business activities across the Company’s risk categories, business lines, and functions. Risk programs may manage all or certain components of a particular risk type.
As part of the Company’s risk management framework, risk management programs and processes are in place to incorporate risk considerations into day-to-day business activities across the Company’s risk categories, business lines, and functions. Risk programs may manage all or certain components of a particular risk type.
The Company’s Information Security Risk Committee (ISRC), which is co-chaired by the Chief Information Security Officer (CISO) and the Chief Technology Risk Officer, is a senior operating committee under this risk governance structure and is responsible for the management of information security risk at the Company.
The Company’s Cybersecurity and Technology Governance Committee (CTGC), which is co-chaired by the co-Chief Information Security Officers (CISOs), the Chief Technology Risk Officer, and the Head of Enterprise Architecture, is a senior operating committee under this risk governance structure and is responsible for the management of information security risk at the Company.
Management Oversight The members of the Company’s management that are primarily responsible for assessing and managing risks from cybersecurity threats, including monitoring risk appetite metrics and limits related to cybersecurity, include the Company’s CISO, Chief Risk Officer, and Chief Information and Technology Officer. The Company’s CISO is primarily responsible for the implementation of defense capabilities and risk mitigation strategies.
Management Oversight The members of the Company’s management who are primarily responsible for assessing and managing risks from cybersecurity threats, including monitoring risk appetite metrics and limits related to cybersecurity, include the Company’s co-CISOs, Chief Risk Officer, and Chief Information and Technology Officer.
Dilip co-founded and led startup companies CashEdge and CommerceSoft from 1996 until 2003. 15 The CISO and his leadership team generally meet each business day to discuss security item triage and emerging threats and trends identified by the Threat Intelligence Team. The CISO shares pertinent information from those meetings with the Chief Risk Officer.
The co-CISOs and their leadership team generally meet each business day to discuss security item triage and emerging threats and trends identified by the Threat Intelligence Team. The co-CISOs share pertinent information from those meetings with the Chief Information and Technology Officer and the Chief Risk Officer.
The Risk Management Committee monitors the Company’s compliance with the risk management framework and risk limits established under the Company’s risk appetite statement approved by the Board. The Risk Management Committee also oversees the Company’s independent risk management function. The Cybersecurity and Technology Subcommittee has oversight responsibility for cybersecurity risk management and cyber resiliency and certain technology matters.
The Risk Management Committee monitors the Company’s compliance with the risk management framework and risk limits established under the Company’s risk appetite statement approved by the Board. The Risk Management Committee also oversees the Company’s independent risk management function. The Risk Management Committee and its Cybersecurity and Technology Subcommittee receive quarterly reports from management on cybersecurity issues, including cybersecurity threats.
The ISRC serves as an escalation, decision making, and approval body for information security risk items, including key policies and programs, issue resolution, emerging risks, and key program adherence. The ISRC escalates matters as appropriate to executive management, the ERC, which reports to the Board’s Risk Management Committee, or a relevant committee of the Board.
The CTGC serves as a decision-making and approval body for key cybersecurity and technology policies, programs, emerging risks, and issues, while facilitating communication across business lines and escalating matters to executive management, the ERC, or the Board, including the Technology Committee, as appropriate.
The CISO is supported by his direct reports and their teams, many of whom hold cybersecurity-related certifications. The Company’s CISO reports to the Vice Chair and Chief Risk Officer, Jodi L. Richard, who has served in that position since October 2018.
The Company’s co-CISOs are primarily responsible for the implementation of defense capabilities and risk mitigation strategies. The co-CISOs are supported by their direct reports and teams, many of whom hold cybersecurity-related certifications.
Removed
The ISRC provides direction and oversight of the information security risk management framework and corporate control programs of the Company, including significant information security risk events, and mitigation strategies. Further, the ISRC facilitates communication across business lines to provide for effective and consistent information security risk identification and control infrastructure to mitigate and manage material information security risks.
Added
The CTGC acts as the primary management-level committee dedicated to the governance and oversight of cybersecurity and technology at the Company. The CTGC exercises oversight and provides strategic direction regarding cybersecurity and technology risks, including significant related risk events, and also monitors the overall health of the functions and the timely execution of critical actions.
Removed
The Risk Management Committee and its Cybersecurity and Technology Subcommittee receive quarterly reports from management on cybersecurity issues, including cybersecurity threats.
Added
The CTGC considers the condition of the risks, the Company’s programs to manage risks, and significant cybersecurity or technology risk items escalated to the CTGC.
Removed
The Company’s CISO, Timothy J. Held, has over 27 years of information technology and cybersecurity experience.
Added
To accomplish its responsibilities, the CTGC is composed of senior management from Technology, including Information Security Services (ISS), Risk Management and Compliance, and from business line risk management. Generally, each of the ERC and CTGC meet at least monthly.
Removed
He holds the title of Executive Vice President and Chief Information Security Officer and has been in his role since 2018, having served as the Company’s Deputy CISO from 2015 to 2018 and Head of Cyber Defense, Threat Intelligence, and Incident Response from 2012 to 2018.
Added
The co-CISOs and the members of senior management within the Risk and Technology business lines all have relevant expertise and experience in cybersecurity and information technology risk management. 15 Following the departure of the Company’s CISO in November 2025, the two Deputy CISOs are temporarily serving in the role of co-CISOs while the search for a permanent CISO continues.
Removed
She served as Executive Vice President and Chief Operational Risk Officer of the Company from January 2018 until October 2018, having served as Senior Vice President and Chief Operational Risk Officer from 2014 until January 2018. Prior to that time, Ms.
Added
One of the co-CISOs, Julia Nolan, has over 23 years of experience at the Company, having transitioned from traditional consumer banking roles to ISS in 2016, and most recently holding the position of Deputy CISO responsible for data security, insider threat, security awareness, forensic investigations, adversary emulation and vulnerability management since 2024.
Removed
Richard held various senior leadership roles at HSBC from 2003 until 2014, including Executive Vice President and Head of Operational Risk and Internal Control at HSBC North America from 2008 to 2014.
Added
The other co-CISO, David Kuhn, has over 18 years of experience at the Company in ISS, most recently holding the position of Deputy CISO responsible for cyber defense since 2024. The Company’s co-CISOs report to Venkatachari Dilip, the Company’s Senior Executive Vice President and Chief Information and Technology Officer. Mr.
Removed
From May 2014 until July 2017, he served as Vice President at McKinsey Digital where he helped banks accelerate their digital transformation. From April 2009 to September 2013, he served as CEO at Compass Labs leading an innovative marketing analytics company.
Removed
From March 2006 until April 2008, he served as Director of Products at Google where he led product teams for mobile ads and Google Checkout. From March 2004 until March 2006, he served as Vice President of PayPal/eBay and on the Board of PayPal Europe, where he was responsible for Payments Services, Risk and Fraud Management. Previously, Mr.
Item 2. Properties
Properties — owned and leased real estate
2 edited+0 added−0 removed1 unchanged
Item 2. Properties
Properties — owned and leased real estate
2 edited+0 added−0 removed1 unchanged
2024 filing
2025 filing
Biggest changeItem 2. Properties U.S. Bancorp and its subsidiaries occupy headquarter offices under a long-term lease in Minneapolis, Minnesota. U.S. Bancorp and its subsidiaries lease 5 freestanding operations centers in Kansas City, Little Rock, Atlanta, Minneapolis and Chicago, and also own 8 principal operations centers in Cincinnati, Fargo, Knoxville, Oshkosh, Olathe, Owensboro, Portland and St. Paul. At December 31, 2024, U.S.
Biggest changeItem 2. Properties U.S. Bancorp and its subsidiaries occupy headquarter offices under a long-term lease in Minneapolis, Minnesota. U.S. Bancorp and its subsidiaries lease 4 freestanding operations centers in Kansas City, Little Rock, Minneapolis and Chicago, and also own 8 principal operations centers in Cincinnati, Fargo, Knoxville, Oshkosh, Olathe, Owensboro, Portland and St. Paul. At December 31, 2025, U.S.
Bancorp and its subsidiaries owned and operated a total of 1,171 facilities and leased an additional 1,465 facilities. The Company believes its current facilities are adequate to meet its needs. Additional information with respect to the Company’s premises and equipment is presented in Note 8 of the Notes to Consolidated Financial Statements included in the 2024 Annual Report.
Bancorp and its subsidiaries owned and operated a total of 1,056 facilities and leased an additional 1,409 facilities. The Company believes its current facilities are adequate to meet its needs. Additional information with respect to the Company’s premises and equipment is presented in Note 8 of the Notes to Consolidated Financial Statements included in the 2025 Annual Report.
Item 3. Legal Proceedings
Legal Proceedings — active lawsuits and investigations
1 edited+0 added−0 removed0 unchanged
Item 3. Legal Proceedings
Legal Proceedings — active lawsuits and investigations
1 edited+0 added−0 removed0 unchanged
2024 filing
2025 filing
Biggest changeItem 3. Legal Proceedings Information in response to this Item 3 can be found in Note 22 of the Notes to Consolidated Financial Statements included in the 2024 Annual Report under the heading, “Litigation and Regulatory Matters.” That information is incorporated into this report by reference.
Biggest changeItem 3. Legal Proceedings Information in response to this Item 3 can be found in Note 22 of the Notes to Consolidated Financial Statements included in the 2025 Annual Report under the heading, “Litigation and Regulatory Matters.” That information is incorporated into this report by reference.
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
2 edited+1 added−1 removed1 unchanged
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
2 edited+1 added−1 removed1 unchanged
2024 filing
2025 filing
Biggest changeThe following table provides a detailed analysis of all shares of common stock of the Company purchased by the Company or any affiliated purchaser during the fourth quarter of 2024: Period Total Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Program (In Millions) October 1-31 843,134 $48.58 843,134 $4,959 November 1-30 1,220,444 49.01 1,220,444 4,899 December 1-31 616,282 (a) 50.10 419,779 4,878 Total 2,679,860 (a) $49.13 2,483,357 $4,878 (a) Includes 196,503 shares of common stock purchased, at an average price per share of $48.24, in open-market transactions by USBNA, the Company’s banking subsidiary, in its capacity as trustee of the U.S.
Biggest changeThe following table provides a detailed analysis of all shares of common stock of the Company purchased by the Company during the fourth quarter of 2025: Period Total Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Program (In Millions) October 1-31 2,134,438 $47.05 2,134,438 $4,411 November 1-30 750 45.90 750 4,411 December 1-31 411,240 53.41 411,240 4,389 Total 2,546,428 $48.08 2,546,428 $4,389 Additional Information Additional information in response to this Item 5 can be found in the 2025 Annual Report on page 134 under the heading “U.S.
This share repurchase program replaced the previous share repurchase program announced on December 22, 2020, which was terminated effective on September 12, 2024. Capital distributions, including dividends and stock repurchases, are subject to the approval of the Company’s Board of Directors and compliance with legal and regulatory requirements.
Capital distributions, including dividends and stock repurchases, are subject to the approval of the Company’s Board of Directors and compliance with legal and regulatory requirements.
Removed
Bank 401(k) Savings Plan, which is the Company’s employee retirement savings plan. Additional Information Additional information in response to this Item 5 can be found in the 2024 Annual Report on page 135 under the heading “U.S. Bancorp Supplemental Financial Data (Unaudited).” That information is incorporated into this report by reference.
Added
Bancorp Supplemental Financial Data (Unaudited).” That information is incorporated into this report by reference.
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
1 edited+0 added−0 removed0 unchanged
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
1 edited+0 added−0 removed0 unchanged
2024 filing
2025 filing
Biggest changeItem 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations Information in response to this Item 7 can be found in the 2024 Annual Report on pages 22 to 56 under the heading “Management’s Discussion and Analysis.” That information is incorporated into this report by reference.
Biggest changeItem 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations Information in response to this Item 7 can be found in the 2025 Annual Report on pages 22 to 59 under the heading “Management’s Discussion and Analysis.” That information is incorporated into this report by reference.
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
Market Risk — interest-rate, FX, commodity exposure
1 edited+0 added−0 removed0 unchanged
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
Market Risk — interest-rate, FX, commodity exposure
1 edited+0 added−0 removed0 unchanged
2024 filing
2025 filing
Biggest changeItem 7A. Quantitative and Qualitative Disclosures About Market Risk Information in response to this Item 7A can be found in the 2024 Annual Report on pages 33 to 53 under the heading “Corporate Risk Profile.” That information is incorporated into this report by reference.
Biggest changeItem 7A. Quantitative and Qualitative Disclosures About Market Risk Information in response to this Item 7A can be found in the 2025 Annual Report on pages 31 to 52 under the heading “Corporate Risk Profile.” That information is incorporated into this report by reference.