What changed in U.S. Bancorp's 2024 10-K compared to 2023?

Across the narrative sections we track, U.S. Bancorp (USB) added 167 paragraphs, removed 178, and edited 131 between the 2023 and 2024 10-K filings. The biggest movers are Item 1. Business (+136/−148), Item 1C. Cybersecurity (+21/−19), Item 5. Market for Registrant's Common Equity (+4/−5).

What changed in U.S. Bancorp's MD&A (Item 7) in 2024?

Item 7 Management's Discussion & Analysis shows 1 new/edited paragraphs and 1 removed paragraphs year-over-year. Read the side-by-side diff to see exactly which revenue, margin, and outlook commentary was rewritten.

Did U.S. Bancorp update its Cybersecurity disclosure (Item 1C) in 2024?

Item 1C Cybersecurity has 21 paragraph-level changes between the 2023 and 2024 filings.

Did U.S. Bancorp's Legal Proceedings (Item 3) change in 2024?

Item 3 shows 1 added/edited paragraphs and 1 removed paragraphs — usually indicating new litigation disclosed or settled cases removed.

Where does this USB 10-K diff come from?

The source filings are U.S. Bancorp's official 2023 and 2024 Form 10-K annual reports from SEC EDGAR. 10q10k.net parses each filing, aligns paragraphs by section (Item 1, 1A, 1C, 2, 3, 7, 7A), and highlights every added, removed and edited sentence side-by-side.

What changed in U.S. Bancorp's 10-K — 2023 vs 2024

Paragraph-level year-over-year comparison of U.S. Bancorp's 2023 and 2024 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2024 report.

+167 added−178 removedSource: 10-K (2025-02-21) vs 10-K (2024-02-20)

Top changes in U.S. Bancorp's 2024 10-K

167 paragraphs added · 178 removed · 131 edited across 7 sections

Item 1. Business+136 / −148 · 104 edited
Item 1C. Cybersecurity+21 / −19 · 18 edited
Item 5. Market for Registrant's Common Equity+4 / −5 · 4 edited
Item 2. Properties+3 / −3 · 2 edited
Item 3. Legal Proceedings+1 / −1 · 1 edited

Item 1. Business

Business — how the company describes what it does

104 edited+32 added−44 removed115 unchanged

2023 filing

2024 filing

Biggest changeThe Company’s operations in the areas of insurance brokerage and reinsurance of credit life insurance are subject to regulation and supervision by various state insurance regulatory authorities, including the licensing of insurance brokers and agents. 13 Regulation of Derivatives and the Swaps Marketplace Under the Dodd-Frank Act, USBNA, as a CFTC registered swap dealer, is subject to rules regarding the regulation of the swaps marketplace and over-the-counter derivatives, including rules that require swap dealers and major swap participants to register with the CFTC, to meet robust business conduct standards to lower risk and promote market integrity, to meet certain recordkeeping and reporting requirements so that regulators can better monitor the markets, to centrally clear and trade swaps on regulated exchanges or execution facilities, and to be subject to certain capital and margin requirements.

Biggest changeRegulation of Derivatives and the Swaps Marketplace Under the Dodd-Frank Act, USBNA, as a CFTC registered swap dealer, is subject to rules regarding the regulation of the swaps marketplace and over-the-counter derivatives, including rules that require swap dealers and major swap participants to register with the CFTC, to meet certain business conduct, document, risk management, recordkeeping, reporting, and segregation requirements, and to centrally clear and trade swaps on regulated exchanges or execution facilities.

Many of the statutory provisions in the AMLA will require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance. In June 2021, the Financial Crimes Enforcement Network, a bureau of the U.S.

Many of the statutory provisions in the AMLA require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance. In June 2021, the Financial Crimes Enforcement Network, a bureau of the U.S.

The Federal Reserve has issued comprehensive guidance on incentive compensation policies (the “Incentive Compensation Guidance”) intended to ensure that the incentive compensation policies of banking organizations do not undermine safety and soundness organizations by encouraging excessive risk-taking.

Each of the Replacement Capital Covenants provides that neither the Company nor any of its subsidiaries (including any of the Trusts) will repay, redeem or purchase any of the Preferred Stock, Exchangeable Preferred Stock or the Capital Securities and the securities held by the Trust (the “Other Securities”), as applicable, on or before the date specified in the applicable Replacement Capital Covenant, unless the Company has received proceeds from the sale of qualifying securities that (a) have equity-like characteristics that are the same as, or more equity-like than, the applicable characteristics of the Preferred Stock, the Exchangeable Preferred Stock, the Capital Securities or Other Securities, as applicable, at the time of repayment, redemption or purchase, and (b) the Company has obtained the prior approval of the Federal Reserve, if such approval is then required by the Federal Reserve or, in the case of the Exchangeable Preferred Stock, the approval of the OCC.

Each of the Replacement Capital Covenants provides that neither the Company nor any of its subsidiaries (including the Trust) will repay, redeem or purchase any of the Preferred Stock, Exchangeable Preferred Stock or the Capital Securities and the securities held by the Trust (the “Other Securities”), as applicable, on or before the date specified in the applicable Replacement Capital Covenant, unless the Company has received proceeds from the sale of qualifying securities that (a) have equity-like characteristics that are the same as, or more equity-like than, the applicable characteristics of the Preferred Stock, the Exchangeable Preferred Stock, the Capital Securities or Other Securities, as applicable, at the time of repayment, redemption or purchase, and (b) the Company has obtained the prior approval of the Federal Reserve, if such approval is then required by the Federal Reserve or, in the case of the Exchangeable Preferred Stock, the approval of the OCC.

Enhanced Prudential Standards Under the Dodd-Frank Act, as modified by the Economic Growth, Regulatory Relief and Consumer Protection Act and the Tailoring Rules, large bank holding companies, such as the Company, are subject to certain enhanced prudential standards based on the banking organization’s size and certain “risk-based indicators.” The prudential standards include enhanced risk-based capital and leverage requirements, enhanced liquidity requirements, enhanced risk management and risk committee requirements, a requirement to submit a resolution plan, single-counterparty credit limits and stress tests.

Enhanced Prudential Standards Under the Dodd-Frank Act, as modified by the Economic Growth, Regulatory Relief and Consumer Protection Act and the Tailoring Rules, large bank holding companies, such as the Company, are subject to certain enhanced prudential standards based on the banking organization’s size and certain “risk-based indicators.” The prudential standards include enhanced risk-based capital and leverage requirements, enhanced liquidity requirements, enhanced risk 5 management and risk committee requirements, a requirement to submit a resolution plan, single-counterparty credit limits and stress tests.

In addition, under the proposed rule, also subject to a phase-in period, Category III banking institutions, such as the Company, would no longer be permitted to opt out of including certain components of accumulated other comprehensive income in regulatory capital, which would result in unrealized gains and losses on available-for-sale securities being included in the calculation of the Company’s regulatory capital ratios.

In addition, under the proposed rule, also subject to a phase-in period, Category III banking institutions, such as the Company, would no longer be permitted to opt out of including certain components of accumulated other comprehensive income in regulatory capital, which would result in unrealized gains and losses on available- 6 for-sale securities being included in the calculation of the Company’s regulatory capital ratios.

Bancorp makes available free of charge on its website, by clicking on “About us” and then clicking on “Investor relations” and then clicking on "SEC & Other Filings," its annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13 or 15(d) of the Exchange Act, as well as all other reports filed by U.S.

Bancorp makes available free of charge on its website, by clicking on “About us” and then clicking on “Investor relations” and then clicking on “Financials” and then clicking on "SEC filings," its annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13 or 15(d) of the Exchange Act, as well as all other reports filed by U.S.

Among other things, the AMLA codified a risk-based approach to anti-money laundering compliance for financial institutions; 12 required the development of standards by the U.S. Department of the Treasury for evaluating technology and internal processes for BSA compliance; and expanded enforcement- and investigation-related authority, including a significant expansion in the available sanctions for certain BSA violations.

Among other things, the AMLA codified a risk-based approach to anti-money laundering compliance for financial institutions; required the development of standards by the U.S. Department of the Treasury for evaluating technology and internal processes for BSA compliance; and expanded enforcement- and investigation-related authority, including a significant expansion in the available sanctions for certain BSA violations.

Similarly, the Office of the Superintendent of Financial Institutions in Canada requires Federally Regulated Financial Institutions to report qualifying technology and cybersecurity incidents under the provisions of the August 13, 2021 Technology and Cyber Security Incident Reporting Advisory. Consumer Protection USBNA’s retail banking activities are subject to a variety of federal and state statutes and regulations designed to protect consumers.

Similarly, the Office of the Superintendent of Financial Institutions in Canada requires Federally Regulated Financial Institutions to report qualifying technology and cybersecurity incidents under the provisions of the August 13, 2021 Technology and Cyber Security Incident Reporting Advisory. 11 Consumer Protection USBNA’s retail banking activities are subject to a variety of federal and state statutes and regulations designed to protect consumers.

Under the proposed rule, covered banking organizations would be required to maintain long-term debt in an amount that is equal to the greater of (i) 6% of the organization’s risk-weighted 10 assets; (ii) 3.5% of the organization’s average total consolidated assets; and (iii) 2.5% of the organization’s total leverage exposure, if the organization is subject to the SLR rule.

Under the proposed rule, covered banking organizations would be required to maintain long-term debt in an amount that is equal to the greater of (i) 6% of the organization’s risk-weighted assets; (ii) 3.5% of the organization’s average total consolidated assets; and (iii) 2.5% of the organization’s total leverage exposure, if the organization is subject to the SLR rule.

Use of such information is regulated under the Fair Credit Reporting Act (“FCRA”), and the FCRA also regulates 14 reporting information to consumer reporting agencies, prescreening individuals for credit offers, sharing of consumer reports between affiliates, and using affiliate credit data for marketing purposes. Similar state laws may impose additional requirements on the Company and its subsidiaries.

Use of such information is regulated under the Fair Credit Reporting Act (“FCRA”), and the FCRA also regulates reporting information to consumer reporting agencies, prescreening individuals for credit offers, sharing of consumer reports between affiliates, and using affiliate credit data for marketing purposes. Similar state laws may impose additional requirements on the Company and its subsidiaries.

In addition to laws and regulations, state and federal bank regulatory agencies may issue policy statements, interpretive letters and similar written guidance applicable to the 6 Company and its subsidiaries. Any change in the statutes, regulations or regulatory policies applicable to the Company, including changes in their interpretation or implementation, could have a material effect on its business or organization.

In addition to laws and regulations, state and federal bank regulatory agencies may issue policy statements, interpretive letters and similar written guidance applicable to the Company and its subsidiaries. Any change in the statutes, regulations or regulatory policies applicable to the Company, including changes in their interpretation or implementation, could have a material effect on its business or organization.

(b) Under certain circumstances, upon the direction of the OCC, each share of USB Realty Corp.’s Series A Preferred Stock will be automatically exchanged for one share of U.S. Bancorp’s Series C Non-Cumulative Perpetual Preferred Stock. Available Information U.S. Bancorp’s internet website can be found at www.usbank.com. U.S.

The Company’s ability to continue to compete effectively also depends in large part on its ability to attract new employees and retain and motivate existing employees, while managing compensation and other costs. For additional information relating to how the Company attracts and retains employees, see “Human Capital” above.

The Company’s ability to continue to compete effectively also depends in large part on its ability to attract new employees and retain 3 and motivate existing employees, while managing compensation and other costs. For additional information relating to how the Company attracts and retains employees, see “Human Capital” above.

Supervision and regulation by the responsible regulatory agencies generally include comprehensive annual reviews of all major aspects of the Company’s and USBNA’s business and condition, regular on-site examinations, and imposition of periodic reporting requirements and limitations on investments and certain types of activities.

Supervision and regulation by the responsible bank regulatory agencies generally include comprehensive annual reviews of all major aspects of the Company’s and USBNA’s business and condition, regular on-site examinations, and imposition of periodic reporting requirements and limitations on investments and certain types of activities.

FHCs are also required to obtain the approval of the Federal Reserve before they may acquire more than five percent of the voting shares or substantially all of the 7 assets of an unaffiliated BHC, bank or savings association.

FHCs are also required to obtain the approval of the Federal Reserve before they may acquire more than five percent of the voting shares or substantially all of the assets of an unaffiliated BHC, bank or savings association.

Other Supervision and Regulation As a public company, the Company is subject to the requirements of the Securities Act of 1933, as amended, the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and the rules and regulations promulgated by the SEC thereunder, as administered by the SEC.

The OCC assesses USBNA on its record in meeting the credit needs of the community served by USBNA, including low- and moderate-income neighborhoods.

The OCC assesses 9 USBNA on its record in meeting the credit needs of the community served by USBNA, including low- and moderate-income neighborhoods.

Under the United States Basel III-based capital rules, the Company is subject to a minimum common equity tier 1 (“CET1”) capital ratio (CET1 capital to risk-weighted assets) of 4.5 percent, a minimum tier 1 capital ratio of 6.0 percent and a minimum total capital ratio of 8.0 percent. At December 31, 2023, the Company exceeded these minimum capital ratio requirements.

Under the United States Basel III-based capital rules, the Company is subject to a minimum common equity tier 1 (“CET1”) capital ratio (CET1 capital to risk-weighted assets) of 4.5 percent, a minimum tier 1 capital ratio of 6.0 percent and a minimum total capital ratio of 8.0 percent. At December 31, 2024, the Company exceeded these minimum capital ratio requirements.

As a result, the Company will continue to be subject to the regulatory capital and liquidity requirements applicable to Category III institutions until otherwise required under the Tailoring Rules (i.e., until the Company’s total average consolidated assets for the then most recent four quarters equal $700 billion or more or the amount of the Company’s average cross-jurisdictional activities for the then most recent four quarters equals $75 billion or more).

The Company will continue to be subject to the regulatory capital and liquidity requirements applicable to Category III institutions until otherwise required under the Tailoring Rules (i.e., until the Company’s total average consolidated assets for the then most recent four quarters equal $700 billion or more or the amount of the Company’s average cross-jurisdictional activities for the then most recent four quarters equals $75 billion or more).

These amendments will, among other things, increase liquidity requirements for money market funds by requiring funds to hold greater proportions of their total assets in securities that can be liquidated in one business day, and will require institutional prime and institutional tax-exempt money market funds to impose liquidity fees on investors that redeem their investments during times of stress.

These amendments, among other things, increased liquidity requirements for money market funds by requiring funds to hold greater proportions of their total assets in securities that can be liquidated in one business day, and require institutional prime and institutional tax-exempt money market funds to impose liquidity fees on investors that redeem their investments during times of stress.

Government Policies The operations of the Company’s various businesses are affected by federal and state laws and legislative changes and by policies of various regulatory authorities of the numerous states in which they operate, the United States and foreign governments.

Government Policies The operations of the Company’s various businesses are affected by federal and state laws and legislative changes and by policies of various regulatory authorities of the United States and the numerous states and foreign countries in which they operate.

The Company operates a network of 4,524 ATMs as of December 31, 2023, and provides 24-hour, seven day a week telephone customer service. Mortgage banking services are provided through banking offices and loan production offices throughout the Company’s domestic markets. Lending products may be originated through banking offices, indirect correspondents, brokers or other lending sources.

The Company operates a network of 4,489 ATMs as of December 31, 2024, and provides 24-hour, seven day a week telephone customer service. Mortgage banking services are provided through banking offices and loan production offices throughout the Company’s domestic markets. Lending products may be originated through banking offices, indirect correspondents, brokers or other lending sources.

In addition, in the European Union (“EU”), privacy law is governed by the General Data Protection Regulation (“GDPR”), which is directly binding and applicable in each EU member state. The GDPR contains enhanced compliance obligations and increased penalties for non-compliance compared to the prior law governing data privacy in the EU and is regularly enforced by European regulators.

Bancorp’s operational, technology or security systems or infrastructure, or those of third parties; • Failures to safeguard personal information; • Impacts of pandemics, natural disasters, terrorist activities, civil unrest, international hostilities and geopolitical events; • Impacts of supply chain disruptions, rising inflation, slower growth or a recession; • Failure to execute on strategic or operational plans; 2 • Effects of mergers and acquisitions and related integration; • Effects of critical accounting policies and judgments; • Effects of changes in or interpretations of tax laws and regulations; • Management’s ability to effectively manage credit risk, market risk, operational risk, compliance risk, strategic risk, interest rate risk, liquidity risk and reputation risk; and • The risks and uncertainties more fully discussed in the section entitled “Risk Factors” of the 2023 Annual Report.

Bancorp’s operational, technology or security systems or infrastructure, or those of third parties, including as a result of cybersecurity incidents; • Failures to safeguard personal information; • Impacts of pandemics, natural disasters, terrorist activities, civil unrest, international hostilities and geopolitical events; • Impacts of supply chain disruptions, rising inflation, slower growth or a recession; • Failure to execute on strategic or operational plans; 1 • Effects of mergers and acquisitions and related integration; • Effects of critical accounting policies and judgments; • Effects of changes in or interpretations of tax laws and regulations; • Management’s ability to effectively manage credit risk, market risk, operational risk, compliance risk, strategic risk, interest rate risk, liquidity risk and reputation risk; and • The risks and uncertainties more fully discussed in the section entitled “Risk Factors” of the 2024 Annual Report.

The guidelines state that a recovery plan should, among other elements, (i) establish triggers, which are quantitative or qualitative indicators of the risk or existence of severe stress that should always be escalated to management or the board of directors, as appropriate, for purposes of initiating a response; (ii) identify a wide range of credible options that a covered bank could undertake to restore financial and operational strength and viability; and (iii) address escalation procedures, management reports, and communication procedures.

The guidelines state that a recovery plan should, among other elements, (i) establish triggers, which are quantitative or qualitative indicators of the risk or existence of severe stress that should always be escalated to management or the board of directors, as appropriate, for purposes of initiating a response; (ii) identify a wide range of credible options that a covered bank could undertake to restore financial and operational strength and viability; (iii) include impact assessments for each such recovery option, and (iv) address escalation procedures, management reports, and communication procedures.

Through the 2023 stress test cycle, the Federal Reserve has not yet incorporated CECL into the calculation of the allowance for credit losses in supervisory stress tests, and the Federal Reserve issued guidance in December 2023 to indicate that it will maintain the current framework for allowance for credit losses in the supervisory stress test through the 2024 stress test cycle.

Through the 2024 stress test cycle, the Federal Reserve has not yet incorporated CECL into the calculation of the allowance for credit losses in supervisory stress tests, and the Federal Reserve issued guidance in October 2024 to indicate that it will maintain the current framework for allowance for credit losses in the supervisory stress test through the 2025 stress test cycle.

Under the final rule, which was effective April 1, 2022, a banking organization, such as the Company and USBNA, is required to notify their primary federal regulator within 36 hours of a computer-security incident that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores or transmits, which has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the banking organization’s ability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of the banking organization, or impact the stability of the financial sector.

As of April 2022, banking organizations, such as the Company and USBNA, are required to notify their primary federal regulator within 36 hours of a computer-security incident that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores or transmits, which has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the banking organization’s ability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of the banking organization, or impact the stability of the financial sector.

At December 31, 2023, the Company exceeded the applicable minimum tier 1 leverage ratio and SLR requirements.

At December 31, 2024, the Company exceeded the applicable minimum tier 1 leverage ratio and SLR requirements.

This regulatory framework is intended primarily for the protection of depositors, the deposit insurance fund (the “DIF”) of the Federal Deposit Insurance Corporation (the “FDIC”), consumers, the stability of the financial system in the United States, and the health of the national economy, and not for investors in the Company.

This regulatory framework is intended primarily for the protection of depositors, the deposit insurance fund (the “DIF”) of the FDIC, consumers, the stability of the financial system in the United States, and the health of the national economy, and not for investors in the Company.

Additional information regarding the Company’s business segments can be found on pages 56 to 58 of the Company’s 2023 Annual Report under the heading “Line of Business Financial Review,” which is incorporated herein by reference. Human Capital The Company’s success depends, in large part, on its ability to attract, develop and retain skilled employees.

Additional information regarding the Company’s business segments can be found on pages 54 to 56 of the Company’s 2024 Annual Report under the heading “Business Segment Financial Review,” which is incorporated herein by reference. Human Capital The Company’s success depends, in large part, on its ability to attract, develop and retain skilled employees.

Capital Covenants The Company has entered into several transactions involving the issuance of capital securities (“Capital Securities”) by certain Delaware statutory trusts formed by the Company (the “Trusts”), the issuance by the Company of preferred stock (“Preferred Stock”) or the issuance by a subsidiary of USBNA of preferred stock exchangeable for the Company’s Preferred Stock under certain circumstances (“Exchangeable Preferred Stock”).

Capital Covenants The Company has entered into several transactions involving the issuance of capital securities (“Capital Securities”) by a certain Delaware statutory trust formed by the Company (the “Trust”), the issuance by the Company of preferred stock (“Preferred Stock”) and the issuance by a subsidiary of USBNA of preferred stock exchangeable for the Company’s Preferred Stock under certain circumstances (“Exchangeable Preferred Stock”).

In November 2023, the FDIC released a final rule to impose a special assessment to recover the losses to the DIF resulting from failures of other banking institutions during 2023. The Company expects the special assessments will be tax deductible.

In August 2023, the Federal Reserve and the FDIC released proposed guidance for 2024 and subsequent resolution plan submissions that would apply to certain institutions including Category III institutions such as the Company.

In August 2024, the Federal Reserve and the FDIC finalized guidance for 2025 and subsequent resolution plan submissions that would apply to certain institutions including Category III institutions such as the Company.

A downgrade in these ratings could limit the Company’s ability to pursue acquisitions or conduct other expansionary activities for a period of time, require new or additional regulatory approvals before engaging in certain other business activities or investments, affect USBNA’s deposit insurance assessment rates, limit the Company's access to funding through government-sponsored liquidity programs, and impose additional recordkeeping and corporate governance requirements, as well as generally increase regulatory scrutiny of the Company.

Wealth, Corporate, Commercial and Institutional Banking Wealth, Corporate, Commercial and Institutional Banking provides core banking, specialized lending, transaction and payment processing, capital markets, asset management, and brokerage and investment related services to wealth, middle market, large corporate, government and institutional clients.

Wealth, Corporate, Commercial and Institutional Banking provides core banking, specialized lending, transaction and payment processing, capital markets, asset management, and brokerage and investment related services to wealth, middle market, large corporate, commercial real estate, government and institutional clients. Consumer and Business Banking comprises consumer banking, small business banking and consumer lending.

This category of laws includes the Bank Secrecy Act (the “BSA”), the Money Laundering Control Act, the USA PATRIOT Act (collectively, “AML laws”), and implementing regulations for the International Emergency Economic Powers Act and the Trading with the Enemy Act, as administered by the United States Treasury Department’s Office of Foreign Assets Control (“sanctions laws”).

This category of laws includes the Bank Secrecy Act (the “BSA”), the Money Laundering Control Act, the USA PATRIOT Act (collectively, “AML laws”), and implementing regulations for the International Emergency Economic Powers Act and the Trading with the Enemy Act, as administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“sanctions laws”).

The final rule introduces major changes to the CRA regulatory framework: (i) the delineation of assessment areas; (ii) the overall evaluation framework and performance standards and metrics; (iii) the definition of community development activities; and (iv) data collection and reporting.

The final rule introduces major changes to the CRA regulatory framework, including: (i) the delineation of assessment areas outside a bank’s traditional physical footprint; (ii) the overall evaluation framework and performance standards and metrics; (iii) the definition of community development activities; and (iv) data collection and reporting.

CFTC rules also require USBNA to be a member of the National Futures Association, a self-regulatory organization with authority over swap dealers.

CFTC rules also require USBNA to be a member of the National Futures Association, a self-regulatory organization with authority over swap dealers, and to comply with the rules of applicable exchanges and clearinghouses.

For example, the Company is subject to the California Consumer Protection Act of 2018 and its implementing regulations, as amended in 2020 by the California Privacy Rights Act (the "CCPA"), which provided residents of California with specific rights with respect to the collection of their personal information. The process of drafting and finalizing implementing regulations for the CCPA is ongoing.

Bancorp's loan portfolios or in the value of the collateral securing those loans; • Risks related to originating and selling mortgages, including repurchase and indemnity demands, and related to U.S.

Bancorp's loan portfolios or in the value of the collateral securing those loans; • Changes in commercial real estate occupancy rates; • Risks related to originating and selling mortgages, including repurchase and indemnity demands, and related to U.S.

Bancorp’s ability to address or satisfy those requirements and other requirements or conditions imposed by regulatory entities; • Changes in interest rates; • Increases in unemployment rates; • Deterioration in the credit quality of U.S.

Bancorp’s ability to address or satisfy those requirements and other requirements or conditions imposed by regulatory entities; • Changes in trade policy, including the imposition of tariffs or the impacts of retaliatory tariffs; • Changes in interest rates; • Increases in unemployment rates; • Deterioration in the credit quality of U.S.

Banking and investment services are provided through a network of 2,274 banking offices across 26 states as of December 31, 2023, principally operating in the Midwest and West regions of the United States. A significant percentage of consumer transactions are completed using USBNA's digital banking services, both online and through its digital app.

Banking and investment services are provided through a network of branches and banking offices across the United States, primarily in the Midwest and West regions, including 2,165 branches across 26 states as of December 31, 2024. A significant percentage of consumer transactions are completed using USBNA's digital banking services, both online and through its digital app.

The effects on the Company's resolution planning, including the timing of submission, will depend on the final form of any guidance. 11 USBNA is required to file periodically separate resolution plans with the FDIC that should enable the FDIC, as receiver, to resolve USBNA under applicable receivership provisions of the Federal Deposit Insurance Act in a manner that ensures that depositors receive access to their insured deposits within one business day of the institution’s failure, maximizes the net present value return from the sale or disposition of its assets and minimizes the amount of any loss to the institution’s creditors.

USBNA is also required to file periodically separate resolution plans with the FDIC that should enable the FDIC, as receiver, to resolve USBNA under applicable receivership provisions of the Federal Deposit Insurance Act in a manner that ensures that depositors receive access to their insured deposits within one business day of the institution’s failure, maximizes the net present 8 value return from the sale or disposition of its assets and minimizes the amount of any loss to the institution’s creditors.

Bancorp with the SEC as soon as reasonably practicable after electronically filed with, or furnished to, the SEC. Additional Information Additional information in response to this Item 1 can be found in the 2023 Annual Report on pages 56 to 58 under the heading “Line of Business Financial Review.” That information is incorporated into this report by reference.

Bancorp with the SEC as soon as reasonably practicable after electronically filed with, or furnished to, the SEC. Additional Information Additional information in response to this Item 1 can be found in the 2024 Annual Report on pages 54 to 56 under the heading “Business Segment Financial Review.” That information is incorporated into this report by reference. Item 1A .

The Company continues to evaluate the new regulations, and the effects on the Company will depend on the form of any additional rulemakings. Similar comprehensive consumer privacy laws have been adopted by other states where the Company does business.

The process of drafting and finalizing implementing regulations for the CCPA is ongoing. The Company continues to evaluate the new regulations, and the effects on the Company will depend on the form of any additional rulemakings. Similar comprehensive consumer privacy laws have been adopted by other states where the Company does business.

Item 1A . Risk Factors Information in response to this Item 1A can be found in the 2023 Annual Report on pages 140 to 155 under the heading “Risk Factors.” That information is incorporated into this report by reference.

Risk Factors Information in response to this Item 1A can be found in the 2024 Annual Report on pages 136 to 151 under the heading “Risk Factors.” That information is incorporated into this report by reference. 13

Closing Date Issuer Capital Securities, Preferred Stock or Exchangeable Preferred Stock Other Securities Covered Debt 3/17/06 USB Capital IX and U.S. Bancorp USB Capital IX’s $675,378,000 of 6.189% Fixed-to-Floating Rate Normal Income Trust Securities U.S. Bancorp’s Series A Non-Cumulative Perpetual Preferred Stock U.S. Bancorp’s 7.50% Subordinated Debentures due 2026 (CUSIP No. 911596AL8) 3/27/06 U.S. Bancorp U.S.

Closing Date Issuer Capital Securities, Preferred Stock or Exchangeable Preferred Stock Other Securities Covered Debt 3/17/06 USB Capital IX and U.S. Bancorp USB Capital IX’s $675,378,000 of 6.189% Fixed-to-Floating Rate Normal Income Trust Securities U.S. Bancorp’s Series A Non-Cumulative Perpetual Preferred Stock U.S. Bancorp’s 2.491% Fixed Rate Reset Subordinated Notes due November 3, 2036 (CUSIP No. 91159HJB7) 3/27/06 U.S.

Privacy and Data Protection Federal and state laws contain extensive consumer privacy and data protection provisions. The Gramm Leach-Bliley Act (“GLBA”) requires financial institutions to periodically disclose their privacy policies and practices relating to sharing nonpublic personal information and enables retail customers to opt out of the sharing of such information with nonaffiliated third parties under certain circumstances.

The Gramm Leach-Bliley Act (“GLBA”) requires financial institutions to periodically disclose their privacy policies and practices relating to sharing nonpublic personal information (“NPI”) and enables retail customers to opt out of the sharing of such information with nonaffiliated third parties under certain circumstances.

As a result of this rule, in the fourth quarter of 2023, the Company recognized additional noninterest expense of $734 million for the FDIC special assessment.

As a result of this rule, the Company recognized additional noninterest expense of $136 million and $734 million in 2024 and 2023, respectively, for the FDIC special assessment.

BHC Activities The Company is a BHC under the BHC Act and has elected to be a financial holding company (“FHC”). BHCs that qualify and elect to be treated as FHCs may engage in, and affiliate with financial companies engaging in, a broader range of activities than would otherwise be permitted for a BHC.

BHCs that qualify and elect to be treated as FHCs may engage in, and affiliate with financial companies engaging in, a broader range of activities than would otherwise be permitted for a BHC.

Treasury and Corporate Support Treasury and Corporate Support includes the Company’s investment portfolios, funding, capital management, interest rate risk management, income taxes not allocated to the business lines, including most investments in tax-advantaged projects, and the residual aggregate of those expenses associated with corporate activities that are managed on a consolidated basis.

Payment Services includes consumer and business credit cards, stored-value cards, debit cards, corporate, government and purchasing card services and merchant processing. 2 Treasury and Corporate Support includes the Company’s investment portfolios, funding, capital management, interest rate risk management, income taxes not allocated to the business lines, including most investments in tax-advantaged projects, and the residual aggregate of those expenses associated with corporate activities that are managed on a consolidated basis.

The Company is also one of the largest providers of corporate and purchasing card services and corporate trust services in the United States. The Company’s wholly-owned subsidiary, Elavon, Inc. (“Elavon”), provides domestic merchant processing services directly to merchants. Wholly-owned subsidiaries of Elavon provide similar merchant services in Canada and segments of Europe.

The Company is also one of the largest providers of corporate and purchasing card services and corporate trust services in the United States. The Company’s subsidiaries provide domestic merchant processing services directly to merchants, as well as similar merchant services in Canada and segments of Europe. The Company also provides corporate trust and fund administration services in Europe.

For further discussion of CECL, see Notes 1 and 6 of the Notes to Consolidated Financial Statements in the 2023 Annual Report. The Company and USBNA elected to delay and subsequently phase in the regulatory capital impact of CECL in accordance with this rule.

For further discussion of CECL, see Notes 1 and 5 of the Notes to Consolidated Financial Statements in the 2024 Annual Report. The Company and USBNA elected to delay and subsequently phase in the regulatory capital impact of CECL in accordance with this rule. For additional information regarding the Company’s regulatory capital, see “Capital Management” in the 2024 Annual Report.

Department of the Treasury, issued the priorities for anti-money laundering and countering the financing of terrorism policy required under the AMLA. The priorities include corruption, cybercrime, terrorist financing, fraud, transnational crime, drug trafficking, human trafficking and proliferation financing. Community Reinvestment Act USBNA is subject to the provisions of the CRA.

Department of the Treasury (“FinCEN”), issued the priorities for anti-money laundering and countering the financing of terrorism policy required under the AMLA. The priorities include corruption, cybercrime, terrorist financing, fraud, transnational crime, drug trafficking, human trafficking and proliferation financing.

As a listed company on the NYSE, the Company is subject to the rules of the NYSE for listed companies.

As a listed company on the New York Stock Exchange (“NYSE”), the Company is subject to the rules of the NYSE for listed companies.

Bancorp USB Realty Corp.’s 4,500 shares of Fixed-to-Floating-Rate Exchangeable Non-Cumulative Perpetual Series A Preferred Stock exchangeable for shares of U.S. Bancorp’s Series C Non-Cumulative Perpetual Preferred Stock (b) Not Applicable U.S. Bancorp’s 7.50% Subordinated Debentures due 2026 (CUSIP No. 911596AL8) (a) USB Realty Corp. is a subsidiary of USBNA.

Bancorp USB Realty Corp.’s 4,500 shares of Fixed-to-Floating-Rate Exchangeable Non-Cumulative Perpetual Series A Preferred Stock exchangeable for shares of U.S. Bancorp’s Series C Non-Cumulative Perpetual Preferred Stock (b) Not Applicable U.S. Bancorp’s 2.491% Fixed Rate Reset Subordinated Notes due November 3, 2036 (CUSIP No. 91159HJB7) (a) USB Realty Corp. is a subsidiary of USBNA.

USBNA’s recovery plan was reviewed and approved pursuant to these guidelines in December 2023. Transactions with Affiliates There are various legal restrictions on the extent to which the Company and its non-bank subsidiaries may borrow or otherwise engage in certain types of transactions with USBNA or its subsidiaries.

Transactions with Affiliates There are various legal restrictions on the extent to which the Company and its non-bank subsidiaries may borrow or otherwise engage in certain types of transactions with USBNA or its subsidiaries.

Bancorp, to borrow or raise capital; • Actions taken by governmental agencies to stabilize the financial system and the effectiveness of such actions; • Changes to regulatory capital, liquidity and resolution-related requirements applicable to large banking organizations in response to recent developments affecting the banking sector; • Changes to statutes, regulations, or regulatory policies or practices, including capital and liquidity requirements, and the enforcement and interpretation of such laws and regulations, and U.S.

Bancorp, to borrow or raise capital; • Increases in Federal Deposit Insurance Corporation (“FDIC”) assessments, including due to bank failures; • Actions taken by governmental agencies to stabilize the financial system and the effectiveness of such actions; • Uncertainty regarding the content, timing and impact of changes to regulatory capital, liquidity and resolution-related requirements applicable to large banking organizations in response to adverse developments affecting the banking sector; • Changes to statutes, regulations, or regulatory policies or practices, including capital and liquidity requirements, and the enforcement and interpretation of such laws and regulations, and U.S.

USBNA and its subsidiaries are subject to regulation, examination and supervision primarily by the Office of the Comptroller of the Currency (the “OCC”) and also by the FDIC, the Federal Reserve, the Consumer Financial Protection Bureau (the “CFPB”), the Securities and Exchange Commission (the “SEC”) and the Commodities Futures Trading Commission (the “CFTC”) in certain areas.

The principles apply to banking organizations with over $100 billion in total consolidated assets, including the Company and USBNA. The principles are intended to provide a framework for large banking organizations to guide their efforts to identify, measure, monitor, and mitigate physical and transition risks associated with climate change.

The principles are intended to provide a framework for large banking organizations to guide their efforts to identify, measure, monitor, and mitigate physical and transition risks associated with climate change.

The Company will provide a copy of any Replacement Capital Covenant to a holder of the relevant Covered Debt upon request. For copies of any of these documents, holders should write to Investor Relations, U.S.

Bancorp’s 40,000,000 Depositary Shares ($25 per Depositary Share) each representing a 1/1000 th interest in a share of Series B Non-Cumulative Perpetual Preferred Stock Not Applicable U.S. Bancorp’s 7.50% Subordinated Debentures due 2026 (CUSIP No. 911596AL8) 12/22/06 USB Realty Corp. (a) and U.S.

Bancorp U.S. Bancorp’s 40,000,000 Depositary Shares ($25 per Depositary Share), each representing a 1/1,000 th interest in a share of Series B Non-Cumulative Perpetual Preferred Stock Not Applicable U.S. Bancorp’s 2.491% Fixed Rate Reset Subordinated Notes due November 3, 2036 (CUSIP No. 91159HJB7) 12/22/06 USB Realty Corp. (a) and U.S.

The requirement would be phased in over three years, with covered banking organizations being required to meet 25% of the requirement within one year after finalization of the rule, 50% after two years and 100% after three years. The Company continues to evaluate the potential effects of the proposed rule.

These quantitative calculations are minimums, and the Federal Reserve and OCC may determine that a banking organization, based on its size, complexity or risk profile, must maintain a higher level of capital in order to operate in a safe and sound manner. 8 Under the Tailoring Rules, the Company and USBNA are each currently subject to “Category III” standards, and are “standardized approach” banking organizations that are subject to rules that provide for simplified capital requirements relating to the threshold deductions for mortgage servicing assets, deferred tax assets arising from temporary differences that a banking organization could not realize through net operating loss carry backs, and investments in the capital of unconsolidated financial institutions, as well as the inclusion of minority interests in regulatory capital.

Under the Tailoring Rules, the Company and USBNA are each currently subject to “Category III” standards, and are “standardized approach” banking organizations that are subject to rules that provide for simplified capital requirements relating to the threshold deductions for mortgage servicing assets, deferred tax assets arising from temporary differences that a banking organization could not realize through net operating loss carry backs, and investments in the capital of unconsolidated financial institutions, as well as the inclusion of minority interests in regulatory capital.

The 2023 review excluded employees from the MUB acquisition who had not transitioned into the Company's pay structures. The Company also provides its employees with comprehensive benefits programs, including competitive healthcare, retirement, leave, recognition, wellness, disability, life insurance, time-off, flexible work, and educational assistance programs, based on the Company’s recognition that such benefits are important to attract and retain employees.

The Company provides its employees with comprehensive benefits programs, including competitive healthcare, retirement, leave, recognition, wellness, disability, life insurance, time-off and educational assistance programs, based on the Company’s recognition that such benefits are important to attract and retain employees.

Bancorp, 800 Nicollet Mall, Minneapolis, Minnesota 55402, or call (866) 775-9668. 16 The following table identifies the closing date for each transaction, issuer, series of Capital Securities, Preferred Stock or Exchangeable Preferred Stock issued in the relevant transaction, Other Securities, if any, and applicable Covered Debt as of February 20, 2024, for those securities that remain outstanding.

The following table identifies the closing date for each transaction, issuer, series of Capital Securities, Preferred Stock or Exchangeable Preferred Stock issued in the relevant transaction, Other Securities, if any, and applicable Covered Debt as of February 21, 2025, for those securities that remain outstanding.

The FDIC may increase USBNA’s insurance premiums based on various factors, including the FDIC’s assessment of its risk profile. In addition, large insured depository institutions, including USBNA, are subject to enhanced deposit account recordkeeping and related information technology system requirements meant to facilitate prompt payment of insured deposits if such an institution were to fail.

In addition, large insured depository institutions, including USBNA, are subject to enhanced deposit account recordkeeping and related information technology system requirements meant to facilitate prompt payment of insured deposits if such an institution were to fail.

Bancorp’s results, and the reader should not consider these risks to be a complete set of all potential risks or uncertainties. Readers are cautioned not to place undue reliance on any forward-looking statements. Forward-looking statements speak only as of the date hereof, and U.S. Bancorp undertakes no obligation to update them in light of new information or future events.

Factors other than these risks also could adversely affect U.S. Bancorp’s results, and the reader should not consider these risks to be a complete set of all potential risks or uncertainties. Readers are cautioned not to place undue reliance on any forward-looking statements. Forward-looking statements speak only as of the date hereof, and U.S.

The final rule will become effective on April 1, 2024, but most provisions of the rule will not become applicable until January 1, 2026. The Company continues to evaluate the effect of the final rule on USBNA, and any effects may depend on further guidance from the regulators with respect to interpretive and implementation-related issues that may arise.

The Company continues to evaluate the effect of the final rule on USBNA, and any effects may depend on further guidance from the regulators with respect to interpretive and implementation-related issues that may arise.

The Volcker Rule applies to the Company, USBNA and their affiliates, and compliance requirements are tailored based on the size and scope of trading activities. The Company has a Volcker Rule compliance program in place that covers all of its subsidiaries and affiliates, including USBNA.

The Volcker Rule applies to the Company, USBNA and their affiliates, and compliance requirements are tailored based on the size and scope of trading activities.

Under the proposed rule, USBNA would be required to provide consumers and their authorized third parties electronic access to 24 months of transaction data, certain account information, account balance, upcoming bill information, information to initiate payment to and from accounts, and the terms and conditions under which an account or credit card was provided.

Under the final rule, USBNA will be required to provide consumers and, upon the consumer’s request, their authorized third parties electronic access to “covered data.” This includes transaction information, account balances, upcoming bill information, information to initiate payment to and from accounts, the terms and conditions under which an account or credit card was provided, and certain other basic account verification information.

Prompt corrective action regulations apply only to banks and not to BHCs such as the Company. However, the Federal Reserve is authorized to take appropriate action at the BHC level, based on the undercapitalized status of the BHC’s subsidiary banking institutions.

However, the Federal Reserve is authorized to take appropriate action at the BHC level, based on the undercapitalized status of the BHC’s subsidiary banking institutions.

Regulation of Brokerage, Investment Advisory and Insurance Activities The Company conducts a broad range of securities activities, both retail and institutional, in the United States through U.S. Bancorp Investments, Inc., PFM Fund Distributors, Inc. and U.S. Bancorp Advisors, LLC (collectively, “broker-dealer entities”).

Regulation of Brokerage, Investment Advisory and Insurance Activities The Company conducts a broad range of securities activities, both retail and institutional, in the United States through U.S. Bancorp Investments, Inc. and U.S. Bancorp Advisors, LLC (collectively, “broker-dealer entities”). These activities are subject to regulations of the SEC, the Financial Industry Regulatory Authority and other authorities, including state regulators.

As of December 31, 2023, the SCB applicable to the Company is 2.5 percent. If the Federal Reserve were to raise the countercyclical capital buffer, or if the SCB applicable to the Company were to exceed 2.5 percent, this would also change the effective minimum capital ratios to which the Company is subject.

If the Federal Reserve were to raise the countercyclical capital buffer, or if the SCB applicable to the Company were to exceed 3.1 percent, this would also change the effective minimum capital ratios to which the Company is subject. For USBNA, the buffer requirement consists of the static capital conservation buffer equal to 2.5 percent of risk-weighted assets.

For additional information regarding the Company’s regulatory capital, see “Capital Management” in the 2023 Annual Report. 9 Comprehensive Capital Analysis and Review As required by the Federal Reserve’s Comprehensive Capital Analysis and Review (“CCAR”) rules, the Company submits a capital plan to the Federal Reserve on an annual basis.

Comprehensive Capital Analysis and Review As required by the Federal Reserve’s Comprehensive Capital Analysis and Review (“CCAR”) rules, the Company submits a capital plan to the Federal Reserve on an annual basis.

Coordinating with the Compensation and Human Resources Committee, the Board’s Public Responsibility Committee also oversees the Company’s diversity, equity 5 and inclusion strategy. The Company’s Chief Human Resources Officer regularly reports to the Board’s Compensation and Human Resources Committee on human capital matters such as human resource practices and programs, including employee benefits and compensation programs.

Human Capital Governance The Company’s Board of Directors oversees the Company’s human capital management, including through its Compensation and Human Resources Committee. The Company’s Chief Human Resources Officer regularly reports to the Board’s Compensation and Human Resources Committee on human capital matters such as human resource practices and programs, including employee benefits and compensation programs.

The Company continues to evaluate the potential effects of the proposed rule, and the effects on the Company will depend on the final form of any rulemaking. However, the Company expects that any final rule would result in the Company being required to maintain increased levels of regulatory capital.

The Company continues to evaluate the potential effects of the proposed rule, and the effects on the Company will depend on the final form of any rulemaking.

Recovery Plans The OCC has established enforceable guidelines for recovery planning by insured national banks with average total consolidated assets of $250 billion or more, including USBNA.

USBNA is required to file its next initial interim supplement on or before July 1, 2025, and its next full resolution plan on or before July 1, 2026. Recovery Plans The OCC has established enforceable guidelines for recovery planning by insured national banks with average total consolidated assets of $250 billion or more, including USBNA.

A significant overhaul of the FCRA is expected to be issued in the first half of 2024, which will impact USBNA and its subsidiaries. The federal banking regulators, as well as the SEC, CFPB, CFTC, and related self-regulatory organizations, regularly issue guidance on cybersecurity that is intended to enhance cyber risk management among financial institutions.

The federal banking regulators, as well as the SEC, CFPB, CFTC, and related self-regulatory organizations, regularly issue guidance on cybersecurity that is intended to enhance cyber risk management among financial institutions and provide timely information to investors.

… 100 more changes not shown on this page.

Item 1C. Cybersecurity

Cybersecurity — threats and controls disclosure

18 edited+3 added−1 removed25 unchanged

2023 filing

2024 filing

Biggest changeCertain working groups meet with the CISO monthly to review completed risk assessments, and items that require escalation are reported up using the internal committee structure and ad hoc communications if time sensitive. 19 Additionally, working group and committee meetings report up issues to Operational Risk Management, which may decide to open a formal Risk Management Issue (RMI) based on the severity of the issue or other factors and which are subject to specific governance processes.

Biggest changeAdditionally, working group and committee meetings report up issues to Operational Risk Management, which may decide to open a formal Risk Management Issue (RMI) based on the severity of the issue or other factors and which are subject to specific governance processes.

Dilip co-founded and led startup companies CashEdge and CommerceSoft from 1996 until 2003. The CISO and his leadership team generally meet each business day to discuss security item triage and emerging threats and trends identified by the Threat Intelligence Team. The CISO shares pertinent information from those meetings with the Chief Risk Officer.

Dilip co-founded and led startup companies CashEdge and CommerceSoft from 1996 until 2003. 15 The CISO and his leadership team generally meet each business day to discuss security item triage and emerging threats and trends identified by the Threat Intelligence Team. The CISO shares pertinent information from those meetings with the Chief Risk Officer.

The Company also maintains a third-party risk management program responsible for the oversight of outsourced operations, which enables the Company to oversee and identify risks related to engaging third-party service providers, including risks from cybersecurity threats to third-party service providers. The Company conducts due diligence using a risk-based approach in selecting and monitoring third-party service providers.

Third Party Risks The Company also maintains a third-party risk management program responsible for the oversight of outsourced operations, which enables the Company to oversee and identify risks related to engaging third-party service providers, including risks from 14 cybersecurity threats to third-party service providers. The Company conducts due diligence using a risk-based approach in selecting and monitoring third-party service providers.

As part of its responsibility to oversee the management, business, and strategy of the Company, the Company’s Board of Directors reviews and approves the Company’s risk management framework annually through its Risk Management Committee and oversees the Company’s risk management processes by informing itself about the Company’s key risks and evaluating whether management has reasonable risk management and control processes in place to address those risks.

Board of Directors Oversight As part of its responsibility to oversee the management, business, and strategy of the Company, the Company’s Board of Directors reviews and approves the Company’s risk management framework annually through its Risk Management Committee and oversees the Company’s risk management processes by informing itself about the Company’s key risks and evaluating whether management has reasonable risk management and control processes in place to address those risks.

These limits also inform how matters, including cybersecurity incidents or threats, are escalated to specific members of management, appropriate senior operating committee (including the ISRC and/or ERC), and/or the Board of Directors or appropriate Board committee. The Board’s Risk Management Committee oversees the Company’s risk profile relative to its risk appetite and compliance with risk limits.

These limits also inform how matters, including cybersecurity incidents or threats, are escalated to specific members of management, appropriate senior operating committees (including the ISRC and/or ERC), and/or the Board of Directors or appropriate Board committee. The Board’s Risk Management Committee oversees the Company’s risk profile relative to its risk appetite and compliance with risk limits.

The members of the Company’s management that are primarily responsible for assessing and managing risks from cybersecurity threats, including monitoring risk appetite metrics and limits related to cybersecurity, include the Company’s CISO, Chief Risk Officer, and Chief Information and Technology Officer. The Company’s CISO is primarily responsible for the implementation of defense capabilities and risk mitigation strategies.

Management Oversight The members of the Company’s management that are primarily responsible for assessing and managing risks from cybersecurity threats, including monitoring risk appetite metrics and limits related to cybersecurity, include the Company’s CISO, Chief Risk Officer, and Chief Information and Technology Officer. The Company’s CISO is primarily responsible for the implementation of defense capabilities and risk mitigation strategies.

Item 1C. Cybersecurity The Company is committed to managing risks that may impact the Company and incorporating risk considerations into its business activities at all levels, including strategic planning, risk identification inventory and assessment, and day-to-day business decisions.

Item 1C. Cybersecurity Risk Assessment and Management The Company is committed to managing risks that may impact the Company and incorporating risk considerations into its business activities at all levels, including strategic planning, risk identification inventory and assessment, and day-to-day business decisions.

The Company’s Information Security Risk Committee 17 (ISRC), which is co-chaired by the Chief Information Security Officer (CISO) and the Chief Technology Risk Officer, is a senior operating committee under this risk governance structure and is responsible for the management of information security risk at the Company.

The Company’s Information Security Risk Committee (ISRC), which is co-chaired by the Chief Information Security Officer (CISO) and the Chief Technology Risk Officer, is a senior operating committee under this risk governance structure and is responsible for the management of information security risk at the Company.

During the fiscal year ended December 31, 2023, the Company has not identified any specific risks from cybersecurity threats that have materially affected, or are reasonably likely to affect, the Company’s business strategy, results of operations, or financial condition, other than the risks described under “Risk Factors – Operations and Business Risk” in the 2023 Annual Report.

During the fiscal year ended December 31, 2024, the Company has not identified any specific risks from cybersecurity threats that have materially affected, or are reasonably likely to affect, the Company’s business strategy, results of operations, or financial condition, other than the risks described under “Risk Factors – Operations and Business Risk” in the 2024 Annual Report.

The Company’s processes for assessing, identifying, and managing material risks from cybersecurity threats is integrated into the Company’s overall risk governance and oversight structures through its “three lines of defense” model for establishing effective checks and balances within the risk management framework.

The Company’s processes for assessing, identifying, and managing material risks from cybersecurity threats are integrated into the Company’s overall risk governance and oversight structures through its “three lines of defense” model for establishing effective checks and balances within the risk management framework.

The third line of defense, the Company’s internal audit function, provides independent assessment and assurance regarding the effectiveness of the Company’s governance, risk management, and control processes with respect to cybersecurity threats, and provides challenge and recommendations for improvement.

Management monitors and measures the Company’s risk appetite using a quantitative risk scorecard, which consists of risk appetite metrics and associated limits reported to the Board’s Risk Management Committee on a quarterly basis. The Company’s risk appetite statement includes specific information security metrics and associated limits.

Management monitors and measures the Company’s risk appetite using a quantitative risk scorecard consisting of risk appetite metrics and associated limits reported to the Board’s Risk Management Committee on a quarterly basis. The Company’s risk appetite statement includes specific information security metrics and associated limits.

The Company’s CISO, Timothy J. Held, has over 26 years of information technology and cybersecurity experience.

The Company’s CISO, Timothy J. Held, has over 27 years of information technology and cybersecurity experience.

The Company’s risk management framework includes its risk appetite statement, which is approved annually by the Board’s Risk Management Committee and defines acceptable levels of risk-taking and risk limits and establishes the governance and oversight activities over risk management and reporting.

This exercise involves Board members, Managing Committee members, third-party companies, and regulators, as appropriate. The Company’s risk management framework includes its risk appetite statement, which is approved annually by the Board’s Risk Management Committee, and defines acceptable levels of risk-taking and risk limits and establishes the governance and oversight activities over risk management and reporting.

The Risk Management Committee monitors the Company’s compliance with the risk management framework and risk limits established under the Company’s risk appetite statement approved by the Board. The Risk Management Committee also oversees the Company’s independent risk management function. The Cybersecurity and Technology Subcommittee has oversight responsibility for cybersecurity risk management and cyber resiliency and certain technology matters.

The Company’s cybersecurity risk program provides centralized planning and management of related and interdependent work with a focus on risks from cybersecurity threats. The Company’s cybersecurity risk program is integrated into the Company’s overall business and operational strategies and requires that the Company allocate appropriate resources to maintain the program.

The Company’s cybersecurity risk program is integrated into the Company’s overall business and operational strategies and requires that the Company allocate appropriate resources to maintain the program.

In addition, the full Board typically holds an annual cybersecurity education session, which features the perspective of an outside expert on current cybersecurity topics. The Company also typically conducts an annual executive-level cybersecurity exercise to test its cyber incident response, completeness of playbooks, and communication protocols. This exercise involves Board members, managing committee members, third-party companies, and regulators as appropriate.

In addition, the full Board holds periodic cybersecurity education sessions, which may feature the perspective of an outside expert on current cybersecurity topics. The Company also typically conducts an annual executive-level crisis exercise that includes a cybersecurity component to test its resiliency response, completeness of playbooks, and communication protocols.

The Board’s Risk Management Committee has a Cybersecurity and Technology Subcommittee that provides dedicated oversight to 18 cybersecurity risk management and cyber resiliency and certain technology matters. The Risk Management Committee and its Cybersecurity and Technology Subcommittee receive quarterly reports from management on cybersecurity issues, including cybersecurity threats.

The Risk Management Committee and its Cybersecurity and Technology Subcommittee receive quarterly reports from management on cybersecurity issues, including cybersecurity threats.

Removed

ISS leadership reports prevention, detection, mitigation, and remediation activities through various working groups and committees.

Added

The Company’s cybersecurity risk program provides centralized planning and management of related and interdependent work with a focus on risks from cybersecurity threats. Additionally, the Company’s Information Security Awareness and Training Program educates employees and contractors on information security policies, standards, and practices to protect U.S. Bancorp’s information, information systems, and processes.

Added

The Company may not be successful in preventing or mitigating the impacts of a future cybersecurity incident that could have a material adverse effect on the Company or its business strategy, results of operations or financial condition.

Added

ISS leadership reports prevention, detection, mitigation, and remediation activities through various working groups and committees. Certain working groups meet with the CISO monthly to review completed risk assessments, and items that require escalation are reported up using the internal committee structure and ad hoc communications if time sensitive.

Item 2. Properties

Properties — owned and leased real estate

2 edited+1 added−1 removed0 unchanged

2023 filing

2024 filing

Biggest changeAt December 31, 2023, the Company’s subsidiaries owned and operated a total of 1,219 facilities and leased an additional 1,576 facilities. The Company believes its current facilities are adequate to meet its needs.

Biggest changeBancorp and its subsidiaries owned and operated a total of 1,171 facilities and leased an additional 1,465 facilities. The Company believes its current facilities are adequate to meet its needs. Additional information with respect to the Company’s premises and equipment is presented in Note 8 of the Notes to Consolidated Financial Statements included in the 2024 Annual Report.

Item 2. Properties U.S. Bancorp and its significant subsidiaries occupy headquarter offices under a long-term lease in Minneapolis, Minnesota. The Company also leases 5 freestanding operations centers in Kansas City, Little Rock, Atlanta, Minneapolis and Chicago. The Company owns 8 principal operations centers in Cincinnati, Fargo, Knoxville, Oshkosh, Olathe, Owensboro, Portland and St. Paul.

Item 2. Properties U.S. Bancorp and its subsidiaries occupy headquarter offices under a long-term lease in Minneapolis, Minnesota. U.S. Bancorp and its subsidiaries lease 5 freestanding operations centers in Kansas City, Little Rock, Atlanta, Minneapolis and Chicago, and also own 8 principal operations centers in Cincinnati, Fargo, Knoxville, Oshkosh, Olathe, Owensboro, Portland and St. Paul. At December 31, 2024, U.S.

Removed

Additional information with respect to the Company’s premises and equipment is presented in Note 9 of the Notes to Consolidated Financial Statements included in the 2023 Annual Report. That information is incorporated into this report by reference.

Added

That information is incorporated into this report by reference.

Item 3. Legal Proceedings

Legal Proceedings — active lawsuits and investigations

1 edited+0 added−0 removed0 unchanged

2023 filing

2024 filing

Biggest changeItem 3. Legal Proceedings Information in response to this Item 3 can be found in Note 23 of the Notes to Consolidated Financial Statements included in the 2023 Annual Report under the heading, “Litigation and Regulatory Matters.” That information is incorporated into this report by reference.

Biggest changeItem 3. Legal Proceedings Information in response to this Item 3 can be found in Note 22 of the Notes to Consolidated Financial Statements included in the 2024 Annual Report under the heading, “Litigation and Regulatory Matters.” That information is incorporated into this report by reference.

Item 5. Market for Registrant's Common Equity

Market for Common Equity — stock, dividends, buybacks

4 edited+0 added−1 removed0 unchanged

2023 filing

2024 filing

Biggest changeCapital distributions, including dividends and stock repurchases, are subject to the approval of the Company’s Board of Directors and compliance with regulatory requirements.

Biggest changeThis share repurchase program replaced the previous share repurchase program announced on December 22, 2020, which was terminated effective on September 12, 2024. Capital distributions, including dividends and stock repurchases, are subject to the approval of the Company’s Board of Directors and compliance with legal and regulatory requirements.

Bank 401(k) Savings Plan, which is the Company’s employee retirement savings plan. 20 Additional Information Additional information in response to this Item 5 can be found in the 2023 Annual Report on page 139 under the heading “U.S. Bancorp Supplemental Financial Data (Unaudited).” That information is incorporated into this report by reference.

Bank 401(k) Savings Plan, which is the Company’s employee retirement savings plan. Additional Information Additional information in response to this Item 5 can be found in the 2024 Annual Report on page 135 under the heading “U.S. Bancorp Supplemental Financial Data (Unaudited).” That information is incorporated into this report by reference.

The following table provides a detailed analysis of all shares of common stock of the Company purchased by the Company or any affiliated purchaser during the fourth quarter of 2023: Period Total Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Program (In Millions) October 1-31 273,451 (a) $36.08 13,451 $1,330 November 1-30 4,183 37.20 4,183 1,330 December 1-31 359,226 45.31 359,226 1,314 Total 636,860 (a) $41.29 376,860 $1,314 (a) Includes 260,000 shares of common stock purchased, at an average price per share of $36.34, in open-market transactions by USBNA, the Company’s banking subsidiary, in its capacity as trustee of the U.S.

The following table provides a detailed analysis of all shares of common stock of the Company purchased by the Company or any affiliated purchaser during the fourth quarter of 2024: Period Total Number of Shares Purchased Average Price Paid per Share Total Number of Shares Purchased as Part of Publicly Announced Program Approximate Dollar Value of Shares that May Yet Be Purchased Under the Program (In Millions) October 1-31 843,134 $48.58 843,134 $4,959 November 1-30 1,220,444 49.01 1,220,444 4,899 December 1-31 616,282 (a) 50.10 419,779 4,878 Total 2,679,860 (a) $49.13 2,483,357 $4,878 (a) Includes 196,503 shares of common stock purchased, at an average price per share of $48.24, in open-market transactions by USBNA, the Company’s banking subsidiary, in its capacity as trustee of the U.S.

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities The Company announced on December 22, 2020 that its Board of Directors had approved an authorization to repurchase $3.0 billion of its common stock beginning January 1, 2021.

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities The Company announced on September 12, 2024 that its Board of Directors authorized a share repurchase program to repurchase up to $5.0 billion of its common stock, effective September 13, 2024.

Removed

The Company suspended all common stock repurchases at the beginning of the third quarter of 2021, except for those done exclusively in connection with its stock-based compensation programs, due to its acquisition of MUB. The Company will evaluate its share repurchases in connection with the potential capital requirements given the proposed regulatory capital rules and related landscape.

Item 7. Management's Discussion & Analysis

Management's Discussion & Analysis (MD&A) — revenue / margin commentary

1 edited+0 added−0 removed0 unchanged

2023 filing

2024 filing

Biggest changeItem 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations Information in response to this Item 7 can be found in the 2023 Annual Report on pages 22 to 58 under the heading “Management’s Discussion and Analysis.” That information is incorporated into this report by reference.

Biggest changeItem 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations Information in response to this Item 7 can be found in the 2024 Annual Report on pages 22 to 56 under the heading “Management’s Discussion and Analysis.” That information is incorporated into this report by reference.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Market Risk — interest-rate, FX, commodity exposure

1 edited+0 added−0 removed0 unchanged

2023 filing

2024 filing

Biggest changeItem 7A. Quantitative and Qualitative Disclosures About Market Risk Information in response to this Item 7A can be found in the 2023 Annual Report on pages 35 to 55 under the heading “Corporate Risk Profile.” That information is incorporated into this report by reference.

Biggest changeItem 7A. Quantitative and Qualitative Disclosures About Market Risk Information in response to this Item 7A can be found in the 2024 Annual Report on pages 33 to 53 under the heading “Corporate Risk Profile.” That information is incorporated into this report by reference.

Top changes in U.S. Bancorp's 2024 10-K

Item 1. Business

Item 1C. Cybersecurity

Item 2. Properties

Item 3. Legal Proceedings

Item 5. Market for Registrant's Common Equity

Item 7. Management's Discussion & Analysis

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Other USB 10-K year-over-year comparisons