CASH 2018 Special Proxy Statement

following the date on which the regulations become effective as to them. Crestmark made the one-time, irrevocable election regarding the treatment of AOCI on March 31, 2015. In addition, the new regulations (unlike the original proposal), permit companies such as Crestmark, which had total assets of less than $15 billion on December 31, 2009, and had issued trust preferred securities on or prior to May 19, 2010, to continue to include such securities in Tier 1 capital. On January 1, 2015, for banking organizations such as Crestmark that are not Advanced Approaches Entities, the new regulations mandated a minimum ratio of CET 1 to standardized total risk-weighted assets (“RWA”) of 4.5%, an increased ratio of Tier 1 capital to RWA of 6.0% (compared to the prior requirement of 4.0%), a total capital ratio (that is, the sum of Tier 1 and Tier 2 capital to RWA) of 8.0%, and a minimum leverage ratio (that is, Tier 1 capital to adjusted average total consolidated assets) of 4.0%. The calculation of these amounts is affected by the new definitions of certain capital elements. The phase-in of the capital conservation buffer comprised solely of CET 1 commenced January 1, 2016, beginning at 0.625% of RWA and rising to 2.5% of RWA on January 1, 2019. Failure by a banking organization to maintain the aggregate required minimum capital ratios and capital conservation buffer will impair its ability to make certain distributions (including dividends and stock repurchases) and discretionary bonus payments to executive officers. These increased minimum capital requirements may adversely affect Crestmark’s ability to pay cash dividends, reduce Crestmark’s profitability, or otherwise adversely affect Crestmark’s business, financial condition or results of operations. In the event of a need for additional capital to meet these requirements, there can be no assurance of Crestmark’s ability to raise funding in the equity and capital markets. Factors that Crestmark cannot control, such as the disruption of financial markets or negative views of the financial services industry generally, could impair Crestmark’s ability to raise qualifying equity capital. In addition, Crestmark’s ability to raise qualifying equity capital could be impaired if investors develop a negative perception of Crestmark’s financial prospects. If Crestmark were unable to raise qualifying equity capital, it might be necessary for Crestmark to sell assets in order to maintain required capital ratios. Crestmark may be unable to sell some of Crestmark’s assets, or Crestmark may have to sell assets at a discount from market value, either of which could adversely affect Crestmark’s results of operations, cash flow and financial condition. Crestmark faces the risk of cyber-attack to its computer systems. In the ordinary course of business, Crestmark collects and stores sensitive data, including proprietary business information and personally identifiable information of Crestmark’s customers and employees in systems and on networks. The secure processing, maintenance and use of this information is critical to Crestmark’s operations. Crestmark’s systems and those of Crestmark’s customers and third-party service providers are under constant threat, and it is possible that Crestmark could experience a significant event in the future. Cybersecurity threats include unauthorized access, loss or destruction of data (including confidential client information), account takeovers, unavailability of service, computer viruses or other malicious code, cyber-attacks and other events. These threats may derive from human error, fraud or malice on the part of employees or third parties, or may result from accidental technological failure. If one or more of these events occurs, it could result in the disclosure of confidential client information, damage to Crestmark’s reputation with Crestmark’s clients and the market, additional costs to Crestmark (such as repairing systems or adding new personnel or protection technologies), regulatory penalties and financial losses, to both Crestmark and Crestmark’s clients and customers. Such events could also cause interruptions or malfunctions in Crestmark’s operations (such as the lack of availability of Crestmark’s online banking system), as well as the operations of Crestmark’s clients, customers or other third parties. Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking and other technology-based products and services by Crestmark and Crestmark’s customers. There can be no assurance that Crestmark will not suffer losses in the future that may be material in amount. 28