UNITED STATES SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 10-K

(Mark One)

☒    ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the year ended December 31, 2022

☐    TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from                    to 

Commission File Number 001-33378

DISCOVER FINANCIAL SERVICES

(Exact name of registrant as specified in its charter)

Delaware

(State or other jurisdiction of incorporation or organization)

36-2517428

(I.R.S. Employer Identification No.)

2500 Lake Cook Road, Riverwoods, Illinois 60015

(Address of principal executive offices, including zip code)

(224) 405-0900

(Registrant’s telephone number, including area code)

Securities registered pursuant to Section 12(b) of the Act:
Title of each class	Trading Symbol(s)	Name of each exchange on which registered
Common Stock, par value $0.01 per share	DFS	New York Stock Exchange
Securities registered pursuant to Section 12(g) of the Act: None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes  ☒    No ☐

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Exchange Act. Yes  ☐    No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes  ☒    No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).     Yes  ☒    No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See the definitions of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act.

Large Accelerated Filer	☒	Accelerated Filer	☐	Smaller Reporting Company	☐
Non-accelerated Filer	☐			Emerging Growth Company	☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation of the effectiveness of its internal control over financial reporting under Section 404(b) of Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒ 

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).    Yes  ☐    No  ☒

The aggregate market value of the common equity held by non-affiliates of the registrant on the last business day of the registrant’s most recently completed second fiscal quarter was approximately $82,497,990,080.

As of February 17, 2023, there were 261,934,442 shares of the registrant’s Common Stock, par value $0.01 per share, outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the registrant’s definitive proxy statement for its annual stockholders’ meeting to be held on May 11, 2023 are incorporated by reference in Part III of this Form 10-K.

DISCOVER FINANCIAL SERVICES

Annual Report on Form 10-K for the year ended December 31, 2022

TABLE OF CONTENTS

 

Part I
Item 1.	Business	1
Item 1A.	Risk Factors	26
Item 1B.	Unresolved Staff Comments	44
Item 2.	Properties	44
Item 3.	Legal Proceedings	44
Item 4.	Mine Safety Disclosures	44
Part II
Item 5.	Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities	45
Item 6.	Reserved	46
Item 7.	Management’s Discussion and Analysis of Financial Condition and Results of Operations	47
Item 7A.	Quantitative and Qualitative Disclosures about Market Risk	74
Item 8.	Financial Statements and Supplementary Data	77
Item 9.	Changes in and Disagreements with Accountants on Accounting and Financial Disclosure	139
Item 9A.	Controls and Procedures	139
Item 9B.	Other Information	139
Item 9C.	Disclosure Regarding Foreign Jurisdictions that Prevent Inspections	139
Part III
Item 10.	Directors, Executive Officers and Corporate Governance	140
Item 11.	Executive Compensation	140
Item 12.	Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters	140
Item 13.	Certain Relationships and Related Transactions, and Director Independence	140
Item 14.	Principal Accounting Fees and Services	140
Part IV
Item 15.	Exhibits, Financial Statement Schedules	141
Item 16.	Form 10-K Summary	147

Except as otherwise indicated or unless the context otherwise requires, “Discover Financial Services,” “Discover,” “DFS,” “we,” “us,” “our,” and “the Company” refer to Discover Financial Services and its subsidiaries. See “Item 8 — Financial Statements and Supplementary Data — Glossary of Acronyms” for terms and abbreviations used throughout the annual report.

We own or have rights to use the trademarks, trade names and service marks that we use in conjunction with the operation of our business, including, but not limited to: Discover®, PULSE®, Cashback Bonus®, Discover Cashback Checking®, Discover it®, Freeze it®, College Covered® and Diners Club International®. All other trademarks, trade names and service marks included in this annual report on Form 10-K are the property of their respective owners.

Part I.

Part I | Item 1.    Business

Introduction

Discover Financial Services (the “Company”) is a digital banking and payment services company. We were incorporated in Delaware in 1960. We are a bank holding company under the Bank Holding Company Act of 1956 as well as a financial holding company under the Gramm-Leach-Bliley Act and therefore are subject to oversight, regulation and examination by the Board of Governors of the Federal Reserve System (the “Federal Reserve”). We provide digital banking products and services and payment services through our subsidiaries. We offer our customers credit card loans, private student loans, personal loans, home loans and deposit products. We had $112.1 billion in loan receivables and $70.5 billion in deposits issued through direct-to-consumer channels and affinity relationships at December 31, 2022. We also operate the Discover Network, the PULSE network (“PULSE”) and Diners Club International (“Diners Club”), collectively known as the Discover Global Network. The Discover Network processes transactions for Discover-branded credit and debit cards and provides payment transaction processing and settlement services. PULSE operates an electronic funds transfer network, providing financial institutions issuing debit cards on the PULSE network with access to ATMs domestically and internationally, as well as merchant acceptance throughout the United States of America (“U.S.”) for debit card transactions. Diners Club is a global payments network of licensees, which are generally financial institutions, that issue Diners Club branded charge cards and/or provide card acceptance services.

Available Information

We make available, free of charge through the investor relations page of our internet site www.discover.com, our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, proxy statements, Forms 3, 4 and 5 filed by or on behalf of our directors and executive officers, and any amendments to those documents filed with or furnished to the Securities and Exchange Commission (the “SEC”) pursuant to the Securities Exchange Act of 1934. These filings are available as soon as reasonably practicable after they are filed with or furnished to the SEC.

In addition, the following information is available on the investor relations page of our internet site: (i) our Corporate Governance Policies; (ii) our Code of Ethics and Business Conduct; and (iii) the charters of the Audit, Compensation and Leadership Development, Nominating, Governance and Public Responsibility and Risk Oversight Committees of our Board of Directors. These documents are also available in print without charge to any person who requests them by writing or telephoning our principal executive offices: Discover Financial Services, Office of the Corporate Secretary, 2500 Lake Cook Road, Riverwoods, Illinois 60015, United States of America, telephone number (224) 405-0900.

Operating Model

We manage our business activities in two segments: Digital Banking and Payment Services. Our Digital Banking segment includes consumer banking and lending products, specifically Discover-branded credit cards issued to individuals on the Discover Network and other consumer banking products and services, including private student loans, personal loans, home loans and deposit products. Our Payment Services segment includes PULSE, Diners Club and our Network Partners business, which provides payment transaction processing and settlement services on the Discover Global Network.

We are principally engaged in providing products and services to customers in the U.S. However, we also receive revenue from sources outside of the U.S., including royalty and licensee revenue from our Diners Club licensees and network assessment, discount and interchange fees from our network-to-network partners (“Network Alliances”). For quantitative information concerning our geographic distribution, see Note 4: Loan Receivables to our consolidated financial statements.

Below are descriptions of the principal products and services of each of our reportable segments. For additional financial information relating to our business and our operating segments, see Note 22: Segment Disclosures to our consolidated financial statements.

-1-

Digital Banking

Set forth below are descriptions of the credit cards, private student loans, personal loans, home loans and deposit products issued by Discover Bank.

Credit Cards

We currently offer and issue credit cards to consumers. Our credit card customers are permitted to “revolve” their balances and repay their obligations over a period of time and at an interest rate set forth in their cardmember agreements, which may be either fixed or variable. The interest that we earned on revolving credit card balances comprised approximately 83% of our total interest income for the year ended December 31, 2022. We also charge customers other fees as specified in the cardmember agreements. These may include fees for late payments, returned checks, balance transfer transactions and cash advance transactions.

Our credit card customers’ transactions in the U.S. are processed over the Discover Network. We receive discount and fee revenue from merchants with whom we have a direct relationship. Where we do not have a direct relationship with a merchant, we receive interchange and assessment fees from acquirers.

All of our cards offer rewards programs, the costs of which are generally recorded as a reduction of discount and interchange revenue. See “— Marketing — Rewards / Cashback Bonus” for further discussion of our programs offered.

The following chart* shows the Discover card transaction cycle as processed on the Discover Network:

For information on how we market our credit card loans, see “— Credit Risk Management — Account Acquisition (New Customers)” and “— Marketing.”

Private Student Loans

Our private student loans are primarily available to students attending eligible non-profit undergraduate and graduate schools. We also offer parent loans and certain post-graduate loans, including consolidation, bar study and residency loans. All of our private student loans are unsecured and have terms and conditions that vary by type of student loan. We encourage students to borrow responsibly and maximize grants, scholarships and other free financial aid before taking student loans.

Our private student loans feature fixed or variable interest rates with zero origination fees. Customers can elect to make extra payments to pay their loans off earlier than contractually scheduled without penalty. The loans can feature potential rewards, such as for earning good grades, and we also offer optional in-school payment features where students make payments while in school. The standard repayment period is 15 to 20 years, depending on the type of student loan. Private student loans may include a deferment period, during which interest continues to accrue and customers are not required to make payments while enrolled in school at least half time as determined by the school.

-2-

This period begins on the date the loan is first disbursed and ends six to nine months (depending on loan type) after the student ceases to be enrolled in school at least half time. As part of the loan approval process, all of our private student loans, except for bar study, residency and private consolidation loans, are certified by and disbursed through the school to ensure students do not borrow more than the cost of attendance less other financial aid.

We market our private student loans primarily through digital channels, direct mail, email and media advertising. We also work with schools to create awareness of our products with students and their families. Students can apply for our private student loans online or by telephone and we have dedicated staff within our call centers to service private student loans. We invite applicants who qualify to apply with a creditworthy cosigner, which may improve the likelihood of loan approval and a lower interest rate.

Personal Loans

Our personal loans are primarily intended to help customers consolidate existing debt, although they can be used for other purposes. These loans are unsecured with fixed interest rates, terms and payments, and have zero origination fees. The repayment period for personal loans is 3 to 7 years and there is no penalty for prepaying any portion of a personal loan balance. Customers may be subject to late fees if they have not made a minimum payment by the contractual due date.

We market personal loans primarily through direct mail, digital channels and email. Prospective applicants can obtain information regarding Discover Personal Loans and complete an application either online or by telephone.

Home Loans

Our home loans are intended for multiple purposes, including mortgage refinance, debt consolidation, home improvement and other major expenses. These loans are closed-end with fixed interest rates, terms and payments, and are secured by a first or second lien on a customer’s home. These loans require monthly payment over a 10 to 30-year term. Customers may elect to make larger than minimum payments without being subject to a prepayment penalty. Customers do not pay origination fees or third-party costs during the application process or at closing, but they may be required to reimburse certain third-party costs if the loan is repaid in full within three years. Customers may also be subject to additional charges, including late fees and returned payment charges.

We market home loans primarily through direct mail, digital channels and email. Prospective applicants can obtain information and apply online or by telephone.

Deposits

We obtain deposits from consumers directly or through affinity relationships (“direct-to-consumer deposits”). Additionally, we obtain deposits through third-party securities brokerage firms that offer our deposits to their customers (“brokered deposits”). Our direct-to-consumer deposit products include savings accounts, certificates of deposit, money market accounts, IRA savings accounts, IRA certificates of deposit and checking accounts, while our brokered deposit products include certificates of deposit and sweep accounts. All of our deposits are insured by the Federal Deposit Insurance Corporation (the “FDIC”) to the maximum permitted by law. We do not pay interest on checking account balances and instead offer cashback rewards for certain debit card purchases. Certificates of deposit are offered on a range of tenors from three months through ten years with interest rates that are fixed for the full period. There are minimum balance requirements to open certificates of deposit and penalties for early withdrawals. There are no minimum balance requirements to open money market accounts and savings accounts. Money market accounts and savings accounts have limitations on withdrawal frequency and interest rates on these accounts are subject to change at any time. Service charges apply to outgoing wire transfers only and availability of funds varies based on type and method of deposit and other factors.

We market our direct-to-consumer deposit products through the use of digital channels, direct mail, print materials, email and arrangements with third parties. Customers can generally apply for deposit accounts online or by telephone. Cashback Debit checking account applications can only be initiated online. For more information regarding our deposit products, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Liquidity and Capital Resources — Funding Sources — Deposits.”

-3-

Payment Services

Set forth below are descriptions of PULSE, Diners Club and our Network Partners business, which provides payment transaction processing and settlement services, among other services.

PULSE

Our PULSE network is a leader in debit payments, cash access and account transfers. PULSE links cardholders served by financial institutions to ATMs and point-of-sale (“POS”) terminals located throughout the U.S., including cardholders at financial institutions that PULSE has direct relationships and through agreements PULSE has with other debit networks. PULSE also provides cash access at ATMs internationally.

PULSE’s primary source of revenue is transaction fees charged for switching and settling ATM and debit transactions initiated through the use of debit cards issued by participating financial institutions. In addition, PULSE offers a variety of optional products and services that produce income for the network, including signature debit transaction processing, debit card fraud detection and risk mitigation services and connections to other regional and national electronic funds transfer networks.

When a financial institution joins the PULSE network, debit cards issued by that institution are eligible to be used at all of the ATMs and POS debit terminals that participate in the PULSE network and the PULSE mark can be used on that institution’s debit cards and ATMs. In addition, financial institution participants may sponsor merchants, direct processors and independent sales organizations to participate in the PULSE POS and ATM debit service. A participating financial institution assumes liability for transactions initiated through the use of debit cards issued by that institution, as well as for ensuring compliance with PULSE’s operating rules and policies applicable to that institution’s debit cards, ATMs and, if applicable, sponsored merchants, direct processors and independent sales organizations.

When PULSE enters into a network-to-network agreement with another debit network, the other network’s participating financial institutions’ debit cards can be used at terminals in the PULSE network. PULSE does not have a direct relationship with these financial institutions and the other network bears the financial responsibility for transactions of those financial institutions’ cardholders and for ensuring compliance with PULSE’s operating rules.

Diners Club

Our Diners Club business maintains a global acceptance network through its relationships with licensees, which are generally financial institutions. We do not directly issue Diners Club cards to consumers, but grant our licensees the right to issue Diners Club-branded cards and/or provide card acceptance services. Our licensees pay us royalties for the right to use the Diners Club brand, which is our primary source of Diners Club revenues. We also earn revenue from providing various support services to our Diners Club licensees, including processing and settlement of cross-border transactions. We also provide a centralized service center and technological services to our licensees.

When Diners Club cardholders use their cards outside the host country or territory of the issuing licensee, transactions are routed and settled over the Diners Club network through its centralized service center. In order to increase merchant acceptance in certain targeted countries and territories, we work with merchant acquirers to offer Diners Club and Discover acceptance to their merchants. These acquirers are granted licenses to market the Diners Club and Discover brands to existing and new merchants. Diners Club cardholders with cards issued by licensees outside of North America continue to use their cards on the Discover Network in North America and on the PULSE and Diners Club networks in their card-issuing territory and abroad.

Network Partners Business

We have agreements with a number of financial institutions including financial technology firms, networks or Network Alliances and commercial service providers for issuance of products or processing of payments on the Discover Global Network (i.e., Discover Network, PULSE and Diners Club). We refer to these financial institutions, networks and commercial service providers as “Network Partners.” We may earn merchant discount and acquirer assessments net of issuer fees paid, in addition to other fees, for processing transactions for Network Partners. We also leverage our payments infrastructure in other ways, such as business-to-business payment processing.

Our Network Partners business is composed of Network Alliances, technology-enabled partners and our commercial payments network. Network Alliances allow Discover-enabled cards to be used at other networks’ participating merchants and allow other networks’ participating issuers’ cards to be used at Discover Network

-4-

merchants. Our commercial payments network facilitates transactions and business-to-business payments between buyers and suppliers using the existing payment infrastructure of Discover Network.

The following chart* shows an example of a Network Partners transaction cycle:

* * *

The discussion below provides additional detail concerning the supporting functions of our two segments. The credit card, private student loan, personal loan, home loan and deposit products issued through our Digital Banking segment require significant investments in consumer portfolio risk management, marketing, customer service and related technology. The operation of our Payment Services segment requires that we invest in the technology to manage risk and service network partners, merchants and merchant acquirer relationships. We also make strategic investments in payment services entities to support our Payment Services segment.

Credit Risk Management

Credit risk refers to the risk of loss arising from borrower default when borrowers are unable or unwilling to meet their financial obligations to us. For all loan types, we have established a credit policy and limits that are designed to manage our exposure to credit risk. Our credit risk arising from consumer lending products is generally highly diversified across millions of accounts without significant individual exposures. We manage credit risk primarily based on customer segments and product types. See “— Risk Management” for more information regarding how we define and manage our credit and other risks.

Account Acquisition (New Customers)

We acquire new credit card customers through direct mail, internet, media advertising, merchant or partner relationships, or through unsolicited individual applications. We also acquire new private student loan, personal loan and home loan customers through similar channels. In all cases we have a rigorous process for screening applicants.

Our credit risk management and marketing teams use proprietary analytical tools to match our product offerings with customer needs and identify creditworthy prospective customers. We consider the prospective customer’s financial condition and stability, as well as ability and willingness to pay.

We assess the creditworthiness of each consumer loan applicant by evaluating an applicant’s credit information provided by credit bureaus and information from other sources. The assessment is performed using our credit scoring systems, both externally developed and proprietary. For our unsecured lending products, we also use experienced credit underwriters to supplement our automated decision-making processes. For our home loan products, experienced credit underwriters must review and approve each application.

-5-

Upon approval of a customer’s application for one of our lending products, we assign a specific annual percentage rate using an analytically driven pricing framework that simultaneously provides competitive pricing for customers and seeks to maximize revenue on a risk-adjusted basis. For our credit card loans, we also assign a credit line based on risk level and expected return.

Portfolio Management (Existing Customers)

The revolving nature of our credit card loans requires that we regularly assess the credit risk exposure of such accounts. This assessment uses the individual’s Discover account performance information as well as information from credit bureaus. We utilize statistical evaluation models to support the measurement and management of credit risk. At the individual customer level, we use custom risk models together with more generally available industry models as an integral part of the credit decision-making process. Depending on the duration of the customer’s account, risk profile and other performance metrics, the account may be subject to a range of account management treatments, including transaction authorization limits and increases or decreases on credit limits.

Customer Assistance

We provide our customers with a variety of tools to proactively manage their accounts, including email, text message, push reminders and publicly accessible web pages dedicated to customer education, as further discussed under the heading “— Customer Service.” These tools are designed to limit a customer’s risk of becoming delinquent. When a customer’s account becomes delinquent or is at risk of becoming delinquent, we employ a variety of strategies to assist customers in preventing delinquency or returning delinquent accounts to current status.

All monthly billing statements of accounts with past due amounts include a request for payment of such amounts. Customer assistance personnel generally initiate contact with customers within 30 days after any portion of their balance becomes past due. The nature and the timing of the initial contact are determined by a review of the customer’s prior account activity and payment habits.

We reevaluate our collection efforts and consider the implementation of other techniques as a customer becomes increasingly delinquent. We limit our exposure to delinquencies through controls within our process for authorizing transactions and credit limits and criteria-based account suspension and revocation. In situations involving customers with financial difficulties, we may enter into arrangements to extend or otherwise change payment schedules, lower interest rates and/or waive fees to aid customers in returning to current status on their obligations to us. For more information see Note 4: Loan Receivables to our consolidated financial statements.

Marketing

Our marketing group works closely with credit risk management to provide key functions to acquire new customers and enhance our relationships with existing customers. These key functions include product development, Cashback Bonus and other rewards programs management, protection product management, and brand and advertising management.

Product Development

To attract and retain customers and merchants, we continue to develop new programs, features and benefits and market them through various channels, including television, radio, mail and digital. Marketing efforts may promote various features including, but not limited to, no annual fee, Cashback Bonus and promotional offers, as well as various free benefits such as Online Privacy Protection, FICO Credit Score, Freeze it, Spend Analyzer and Social Security Number Alerts. By developing an extensive prospect database, using credit bureau data and using a customer contact strategy and management system, we continuously develop our modeling and customer engagement capabilities that helps optimize the product, pricing and channel selection.

Rewards / Cashback Bonus

Our cardmembers use several card products, all with no annual fee, that allow them to earn their rewards based on their purchases, which can be redeemed in any amount at any time, in general as set forth below.

•Discover it card offers a 5% Cashback Bonus in categories that change each quarter, which customers must activate each quarter, up to a quarterly maximum and a 1% Cashback Bonus on all other purchases.

-6-

•Discover it Chrome card offers a 2% Cashback Bonus at gas stations and restaurants on up to $1,000 in combined purchases each quarter and a 1% Cashback Bonus on all other purchases.

•Discover it Miles card offers 1.5 miles for every dollar spent on purchases.

•Discover it Business card, which we no longer offer for new accounts, offers a 1.5% Cashback Bonus on all purchases.

•Discover More card, which we no longer offer for new accounts, offers a 5% Cashback Bonus in categories that change each quarter, which customers must activate each quarter, up to a quarterly maximum. Customers earn a full 1% after they make $3,000 in purchases annually, based on their anniversary date, and 0.25% on their first $3,000 and all wholesale and discount store purchases.

Protection Products

We currently sell Identity Theft Protection and we service and maintain existing enrollments of the Payment and Wallet Protection products detailed below for our credit card customers.

•Identity Theft Protection includes an initial credit report, credit bureau report monitoring at the three major credit bureaus, alerts to customers when key changes to their credit bureau files are made, monitoring that notifies a customer if their personal identifying information is illegally shared on the dark web, identity theft insurance of up to $1,000,000 to cover certain expenses due to identity theft and access to knowledgeable professionals who can help resolve issues.

•Payment Protection allows customers to suspend their minimum payments due for up to two years, depending on the qualifying event and product level, when certain qualifying life events occur. While on this benefit, customers have no minimum monthly payment and are not charged interest, late fees or other product fees. This product covers various events, such as unemployment, disability, Federal or State disasters and other life events, such as marriage or the birth of a child. Depending on the product level and availability under state laws, outstanding balances up to $10,000 or $25,000, are cancelled in the event of death.

•Wallet Protection offers convenience if a customer’s wallet is lost or stolen, including requesting cancellation and replacement of the customer’s credit and debit cards, monitoring the customer’s credit bureau reports at the three major credit bureaus for 180 days and alerting them to key changes to their credit files, and providing up to $100 to replace the customer’s wallet or purse.

Brand and Advertising Management

We maintain a full-service marketing department charged with delivering integrated mass and direct communications to foster customer engagement with our products and services. We also leverage strategic partnerships and sponsorship properties such as the NHL and the Big Ten Conference to help drive loan growth. Our brand team utilizes consumer insights and market intelligence to define our mass communication strategy, create multi-channel advertising messages and develop marketing partnerships with sponsorship properties. This work is performed in-house as well as with a variety of external agencies and vendors.

Customer Service

Our credit card customers have the option to manage their accounts online via Discover.com, through Discover Mobile applications and by calling our U.S.-based customer service personnel. Our digital solutions offer a range of benefits, which includes, but is not limited to, the following:

•Access to overall credit health tools such as Credit Scorecard, Freeze it, Social Security Number Alerts and New Account Alerts;

•Customer service via multiple communication channels, including 24/7 customer service by telephone and messaging; and

•Proactive notifications via email, text messaging and in-app messaging for monitoring transaction activity and account security.

Our private student loan, personal loan, home loan and deposit product customers can utilize our online account services to manage their accounts and to use interactive tools and calculators.

-7-

Processing Services

Our processing services cover four functional areas: card personalization, print/mail, remittance processing and item processing. Card personalization is responsible for the mailing of credit and debit cards for new accounts, replacements and reissues. Print/mail specializes in statement and letter printing and mailing. Remittance processing handles account payments and physical check processing. Item processing handles hard-copy forms and electronic documents received through fax and mobile channels, including bank deposits, credit disputes and general correspondence, among other items.

Fraud Prevention

We monitor our customers’ accounts to help prevent, detect, investigate and resolve fraud. Our fraud prevention processes are designed to protect the security of cards, applications and accounts in a manner consistent with our customers’ needs to easily acquire and use our products. Prevention systems monitor the authorization of application information, verification of customer identity, sales, processing of convenience and balance transfer checks and electronic transactions.

Each credit and debit card transaction is subject to screening, authorization and approval through externally developed and proprietary POS decision systems. We use a variety of techniques that help identify and halt fraudulent transactions, including machine-learning models, rules-based decision-making logic, report analysis, data integrity checks and manual account reviews. We manage accounts identified by the fraud detection system through technology that integrates fraud prevention and customer service. Strategies are subject to regular review and enhancement to enable us to respond quickly to changing conditions as well as to protect our customers and our business from emerging fraud activity.

Discover Global Network Operations

We support our merchants through a merchant acquiring model that includes direct relationships with large merchants in the U.S. and arrangements with merchant acquirers generally for small- and mid-size merchants. Additionally, Discover Network cards are widely accepted and acceptance continues to grow in a number of countries around the world on the Diners Club network, or through reciprocal acceptance arrangements made with international payment networks (i.e., Network Alliances).

We maintain direct relationships with most of our large merchant accounts, which enables us to benefit from joint marketing programs and opportunities and to retain the entire discount revenue from the merchants. The terms of our direct merchant relationships are governed by merchant services agreements. These agreements are also accompanied by additional program documents that further define our network functionality and requirements, including operating regulations, technical specifications and dispute rules. To enable ongoing improvements in our network’s functionality and in accordance with industry convention, we publish updates to our program documents on a semi-annual basis.

Discover Global Network services the majority of its small- and mid-size merchant portfolios through third-party merchant acquirers to allow such acquirers to offer a comprehensive payments processing package to such merchants. Merchants also can apply to our merchant acquirer partners directly to accept Discover Global Network cards through the acquirers’ integrated payments solutions. Merchant acquirers provide merchants with consolidated servicing for Discover, Visa and MasterCard transactions, resulting in streamlined statements and customer service for merchants and reduced costs for us. These acquirer partners also perform credit evaluations and screen applications against unacceptable business types and the Office of Foreign Asset Control Specifically Designated Nationals list.

The Discover Global Network operates systems and processes that seek to ensure data integrity, prevent fraud and ensure compliance with our operating regulations. Our systems evaluate incoming transaction activity to identify abnormalities that require investigation and fraud mitigation. Designated Discover Global Network personnel are responsible for validating compliance with our operating regulations and law, including enforcing our data security standards and prohibitions against illegal or otherwise unacceptable activities. Discover Global Network is a founding and current member of the Payment Card Industry Security Standards Council, LLC (the “Council”) and is working to expand the adoption of the Council’s security standards globally for merchants and service providers that store, transmit or process cardholder data.

-8-

Technology

We provide technology systems processing through a combination of owned and hosted data centers and the use of third-party vendors. These data centers support our payment networks, provide customers with access to their accounts and manage transaction authorization and settlement, among other functions. The Discover Global Network works with a number of vendors to maintain our connectivity in support of POS authorizations. This connectivity also enables merchants to receive timely payment for their Discover Global Network card transactions.

Our approach to technology development and management involves both third-party and in-house resources. We use third-party vendors for technology services (e.g., cloud, telecommunications, hardware and operating systems) as well as for processing and other services for our digital banking and payment services businesses. We subject each vendor to a formal approval process, which includes, among other things, a security assessment, to ensure that the vendor can assist us in maintaining a cost-effective, reliable and secure technology platform. We use our in-house resources to build, maintain and oversee some of our technology systems. We believe this approach enhances our operations and improves cost efficiencies.

Seasonality

In our credit card business, we experience fluctuations in transaction volumes and the level of loan receivables as a result of higher seasonal consumer spending and payment patterns around the winter holidays, summer vacations and back-to-school periods. In our private student loan business, our loan disbursements peak at the beginning of a school’s academic semester or quarter. Although there is a seasonal impact on transaction volumes and the levels of credit card and private student loan receivables, seasonal trends have not caused significant fluctuations in our results of operations or credit quality metrics between quarterly and annual periods.

Revenues in our Diners Club business are generally higher in the first half of the year as a result of Diners Club’s tiered pricing system where licensees qualify for lower royalty rate tiers as cumulative volume grows during the course of the year.

Competition

The consumer financial services business is highly competitive. We compete with other consumer financial services providers, including non-traditional providers such as financial technology firms and payment networks, based on several factors, including brand, reputation, customer service, product and service offerings, incentives, pricing, e-commerce and digital wallet participation, and other terms. Our credit card business also competes on the basis of reward programs and merchant acceptance. We compete for accounts and utilization with cards issued by other financial institutions (including American Express, Bank of America, JPMorgan Chase, Capital One and Citibank) and, to a lesser extent, businesses that issue their own private label cards or otherwise extend credit to their customers. In comparison to our largest credit card competitors, our strengths include no annual fees, cash rewards, conservative portfolio management and strong, 100% U.S.-based customer service. Competition based on rewards and other card features and benefits continues to be strong. Our private student loan product competes for customers with Sallie Mae and Citizens Bank, as well as other lenders that offer private student loans. Our personal loan product competes for customers primarily with financial institutions (including Citibank and American Express) and non-traditional lenders (including Lending Club and Upstart). Our home loan product faces competition primarily from national and regional mortgage lenders.

Our credit card receivables continue to represent a majority of our receivables. The credit card business is highly competitive. Some of our competitors offer a wider variety of financial products than we do, which may position them better among customers who prefer to use a single financial institution to meet all of their financial needs. Some of our competitors enjoy greater financial resources, diversification and scale than we do and are therefore able to invest more in initiatives and technology to attract and retain customers, such as advertising, targeted marketing, account acquisitions and pricing offerings in interest rates, annual fees, reward programs and low-priced balance transfer programs. In addition, some of our competitors have assets such as branch locations and co-brand relationships that may help them compete more effectively. Another competitive factor in the credit card business is the increasing use of debit cards as an alternative to credit cards for purchases.

Because most domestically-issued credit cards, other than those issued on the American Express network, are issued on the Visa and MasterCard networks, most other card issuers benefit from the dominant market share of Visa and MasterCard. The former exclusionary rules of Visa and MasterCard limited our ability to attract merchants and credit and debit card issuers, contributing to Discover not being as widely accepted in the U.S. as Visa and

-9-

MasterCard. Merchant acceptance of the Discover card has increased in the past several years, both in the number of merchants enabled for acceptance and the number of merchants actively accepting Discover. We continue to make investments in expanding Discover and Diners Club acceptance in key international markets where an acceptance gap exists.

In our payment services business, we compete with other networks for volume and to attract network partners to issue credit, debit and prepaid cards on the Discover, PULSE and Diners Club networks. We generally compete on the basis of customization of services and various pricing strategies, including incentives and rebates. We also compete on the basis of issuer fees, fees paid to networks (including switch fees), merchant acceptance, network functionality, customer perception of service quality, brand image, reputation and market share. The Discover and Diners Club networks’ primary competitors are Visa, MasterCard and American Express. PULSE’s network competitors include Visa’s Interlink, MasterCard’s Maestro and First Data’s STAR. American Express is a particularly strong competitor to Diners Club as both cards target international business travelers. As the payments industry continues to evolve, we are also facing ongoing competition from financial technology firms and alternative payment solutions, which leverage new technologies and a customer’s existing deposit and credit card accounts and bank relationships to create payment or other fee-based solutions.

In our direct-to-consumer deposits business, we have acquisition and servicing capabilities similar to other large banks, including Ally, American Express, Barclays, Capital One, Goldman Sachs, Synchrony and USAA. We compete with banks and credit unions that source deposits through branch locations and direct channels. We seek to differentiate our deposit product offerings on the basis of brand reputation, digital experience, customer service and value.

For more information regarding the nature of the risks we face in connection with the competitive environment for our products and services, see “Risk Factors — Strategic Business Risk.”

Intellectual Property

We use a variety of methods, such as trademarks, patents, copyrights and trade secrets, to protect our intellectual property. We also place appropriate restrictions on our proprietary information to control access and prevent unauthorized disclosures. Our Discover, PULSE and Diners Club brands are important assets and we take steps to protect the value of these assets and our reputation.

Human Capital

The success of our business is highly dependent on attracting, retaining and developing employees with the necessary skills and experience to support our customers, our business and our strategy. We employed approximately 20,200 individuals at December 31, 2022, which consisted primarily of full-time employees in the U.S. Additionally, we employ 100% of our customer service agents within the U.S., which we believe offers a distinct competitive advantage.

Our purpose-driven, people-first culture and human capital management strategy is built on a foundational set of core values and Discover Behaviors and powered by significant investments in employee learning and development, market-competitive compensation and benefits and diversity, equity and inclusion (“DE&I”). One place we see the results from our human capital strategy is in our consistently high levels of employee engagement, which we measure through employee surveys.

Employee Learning and Development

Career and skill development are important components of our talent management system. In addition to on-the-job coaching and training, we provide a range of internal professional and leadership development programs that help our employees build better teams and develop the skills to advance their careers. For example, employees can access continuing education courses that cover a variety of subjects through our training and development platform. Additionally, we support our employees’ educational goals through programs that can reimburse up to 100% of tuition at certain schools.

Market-Competitive Compensation and Benefits

We offer a market-competitive compensation and benefits package to attract, retain and motivate highly qualified and diverse talent. We designed our compensation and benefits package using a pay-for-performance

-10-

philosophy to reward the achievement of our financial and strategic performance goals as well as individual performance. Our total compensation and benefits package for U.S. employees includes competitive holiday and flexible paid-time-off; a 401(k) retirement savings plan with matching and company contributions that can total up to 8% of an employee’s wages per year; subsidized medical, dental, vision, disability and supplemental life insurance; paid parental and caregiver leave; adoption and surrogacy assistance; and an employee assistance program, among other benefits.

Diversity, Equity and Inclusion

DE&I is a competitive differentiator for companies and something that we continue to advance at Discover. At December 31, 2022, our U.S.-based employee population was composed of 64% Women and 44% People of Color, including 12% who self-identify as Asian, 13% as Hispanic and 15% as Black. Our workforce diversity either meets or exceeds the workforce availability in each of the metropolitan areas where we have locations.

Our Executive Committee and Board of Directors regularly review our DE&I strategy and progress. Our VP, Chief Diversity Officer leads our DE&I office, which manages the development, implementation and monitoring of our enterprise-wide DE&I strategies, programs, initiatives and policies. We strive to incorporate our DE&I principles throughout our human capital management processes, including talent acquisition, learning and development, employee relations, performance management and total rewards (including pay equity).

Pay Equity

We seek to pay our employees fairly for their work and we regularly monitor our performance, addressing pay-equity discrepancies or issues as appropriate. We regularly benchmark roles and compensation data to help ensure internal pay equity. We partner with an independent, third-party consultant to conduct a company-wide pay equity analysis that considers race, ethnicity and gender. We use this analysis to identify groups with pay discrepancies, understand the underlying drivers and implement best practices to address inequity. Based on our most recent review using this approach, women and minorities at Discover earn, on average, between $0.99 and $1.03 for every $1 earned by men and non-minorities after accounting for factors such as role, tenure and geography.

Employee Engagement

Discover has consistently been recognized as a top place to work for its inclusivity and quality of the workplace, including the 100 Best Large Workplaces for Women as recognized by Fortune in 2022. We believe that a key to our employee strategy is establishing and maintaining employee engagement. We create, drive, and improve engagement through our actions and policies. In our most recent employee survey conducted in the fourth quarter of 2022, 87% of employees recommended Discover as a great place to work, which places Discover among the top 10% of all companies surveyed by Glint.

Risk Management

Our business exposes us to strategic, credit, market, liquidity, operational, compliance and legal risks. We use an enterprise-wide risk management framework to identify, measure, monitor, manage and report risks that affect or could affect the achievement of our strategic, financial and other objectives.

Enterprise Risk Management Principles

Our enterprise risk management philosophy is expressed through five key principles that guide our approach to risk management: Comprehensiveness, Accountability, Independence, Defined Risk Appetite and Transparency.

Comprehensiveness

We seek to maintain a comprehensive risk management framework for managing risk enterprise-wide, including policies, standards, risk management processes, monitoring and testing and reporting. Our framework is designed to be comprehensive with respect to our business units and their control and support functions, and across all risk types.

Accountability

We structure accountability across three lines of defense along the principles of risk management execution, oversight and independent validation. As the first line of defense, our business units seek to achieve business objectives

-11-

while identifying and managing risks that arise from day-to-day operations as well as those driven by change. The principles apply across all businesses and risk types and guide the definition of specific roles and responsibilities.

Independence

Our second and third lines of defense operate independently of the business units. The second line of defense includes our corporate risk management (“CRM”) department, which is led by our Chief Risk Officer (“CRO”), who is appointed by our Board of Directors. The CRM department (i) oversees the establishment of enterprise-level risk management standards and policies; (ii) oversees the processes that are designed to be consistent with the size and complexity of our business, industry practices and applicable legal and regulatory requirements; and (iii) independently test business units’ compliance with applicable regulatory requirements. The CRO is accountable for providing our Board of Directors and executive management with an independent perspective on: the risks to which we are exposed; how well management is identifying, assessing and managing risk; and the capabilities we have in place to manage risks across the enterprise. Our internal audit department, as the third line of defense, performs periodic, independent reviews and tests compliance with risk management policies, procedures and standards across our Company. It also periodically reviews the design and operating effectiveness of our risk management program and processes, including the independence and effectiveness of our CRM function, and reports the results to our Audit Committee of the Board of the Directors (“Audit Committee”) and, where appropriate, the Risk Oversight Committee of the Board of Directors (“Risk Oversight Committee”).

Defined Risk Appetite

We operate within a risk appetite framework approved by our Board of Directors, which guides an acceptable level of risk-taking relative to desired financial returns, strategic goals and other stakeholder objectives. To that end, limits and escalation thresholds are set consistent with the risk appetite approved by our Board of Directors.

Transparency

We seek to provide transparency of exposures and outcomes, which is core to our risk culture. We provide this risk transparency through our risk committee structure and standardized processes for escalating issues and reporting. This is accomplished at several levels within the organization, including quarterly meetings held by our Risk Committee and quarterly reports to the Risk Oversight and Audit Committees of the Board of Directors, as well as regular reporting to our Risk sub-committees commensurate with the needs of our businesses. Further, our CRO is a member of our Executive Committee.

Enterprise Risk Management Governance Structure

Our governance structure is based on the principle that each line of business is responsible for managing risks inherent in its business with appropriate oversight from our senior management and Board of Directors. Various committees are in place to oversee the management of risks across our business. We seek to apply operating principles consistently to each committee. These operating principles are detailed in committee charters, which are approved by its parent committee. Our bank subsidiary has its own risk governance, compliance, auditing and other requirements. Our risk governance framework is designed such that bank-level risk governance requirements are satisfied as well.

Board of Directors

Our Board of Directors (i) approves certain risk management policies; (ii) approves our capital targets and goals; (iii) approves our risk appetite framework; (iv) monitors our strategic plan; (v) appoints our CRO and other risk governance function leaders, as appropriate; (vi) receives reports on any exceptions to the Enterprise Risk Management policy; and (vii) receives and reviews regulatory examination reports. The Board of Directors receives reports from the Audit Committee and Risk Oversight Committee on risk management matters and from the Compensation and Leadership Development Committee (“CLDC”) on risks associated with compensation and leadership development.

Risk Oversight Committee of our Board of Directors

Our Risk Oversight Committee is responsible for overseeing our risk management policies and the operations of our enterprise-wide risk management framework and our capital planning and liquidity risk management activities. The Committee is responsible for, among other things, (i) approving and periodically reviewing our risk management policies; (ii) overseeing the operation of our policies, standards and procedures for establishing our risk management governance, risk management procedures and risk-control infrastructure; (iii) overseeing the operation of processes and

-12-

systems for implementing and monitoring compliance with such policies and procedures; (iv) reviewing and making recommendations to the Board of Directors, as appropriate, regarding our risk management framework, key risk management policies and our risk appetite and tolerance; (v) receiving and reviewing regular reports from our CRO on risk management deficiencies and significant risks, the status of and changes to risk exposures, policies, procedures and practices and the steps management has taken to monitor and control risk exposures; (vi) receiving reports on compliance with our risk appetite and limit structure and risk management policies, procedures and controls; and (vii) sharing information, liaising and meeting in joint session with the Audit Committee (which it may do through the Chairs of the Committees) as necessary or desirable to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk management matters.

Audit Committee of our Board of Directors

With respect to the enterprise risk management framework, our Audit Committee’s responsibilities include the following: (i) discussing policies with respect to risk assessment and management; (ii) receiving and reviewing reports from our CRO and other members of management as the Committee deems appropriate on the guidelines and policies for assessing and managing our exposure to risks, the corporation’s major financial risk exposures and the steps management has taken to monitor and control such exposures; (iii) receiving and reviewing reports from management with respect to the Company’s compliance with applicable legal and regulatory requirements; and (iv) sharing information and liaising with the Risk Oversight Committee as necessary or desirable to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk management matters.

Compensation and Leadership Development Committee of our Board of Directors

Our CLDC is responsible for overseeing risk management associated with our compensation and leadership development practices. The Committee receives reporting regarding our compensation practices and evaluates whether these practices encourage excessive risk-taking. As a part of its reviews, the Committee considers input from our CRO and takes into account risk outcomes. The CLDC receives reporting regarding talent management practices and evaluates risks associated with leadership development and succession planning.

Risk Committee

Our Risk Committee is an executive management-level committee that establishes and oversees a comprehensive enterprise risk management program, which includes (i) providing a regular forum for representatives of our different functional groups to identify and discuss key risk issues and to recommend to senior management actions that should be taken to manage the level of risk taken by the business lines; (ii) establishing and overseeing an enterprise-wide approach to risk management through the development of our Enterprise Risk Management Policy and the associated oversight framework for the identification, measurement, monitoring, management and reporting of enterprise risk; (iii) communicating our risk appetite and philosophy, including establishing limits and thresholds for managing enterprise-wide risks; and (iv) reviewing, on a periodic basis, our aggregate enterprise-wide risk exposures and the effectiveness of risk identification, measurement, monitoring, management and reporting policies and procedures and related controls within the lines of business.

Our Risk Committee has formed and designated a number of sub-committees to assist it in carrying out its responsibilities. These sub-committees, made up of representatives from senior levels of management, escalate issues to our Risk Committee as guided by escalation thresholds. These risk management sub-committees include the Discover Bank Credit Committee, Asset/Liability Management Committees (Discover Financial Services and Discover Bank), the Counterparty Credit Committee, the New Initiatives Committee, the Operational Risk Committee, the Capital Planning Committee, the Compliance Committee, the Technology and Information Risk Committee, the Challenge Committee, the Resolution Planning Committee and the Human Resources Risk Committee.

Chief Executive Officer

The Chief Executive Officer (“CEO”) is ultimately responsible for risk management within our Company. In that capacity, the CEO establishes a risk management culture throughout our Company and ensures that businesses operate in accordance with this risk culture.

-13-

Business Unit Heads

Our business unit heads are responsible for managing risk associated with pursuit of their strategic, financial and other business objectives. Business unit heads are responsible for (i) complying with all risk limits and risk policies; (ii) identifying and documenting risks and implementing appropriate controls; (iii) understanding and managing the overall level of risk in their organization, including the impact of the risks being accepted; (iv) explicitly considering risk when developing strategic plans, budgets and new products, (v) implementing appropriate controls when pursuing business strategies and objectives; (vi) ensuring business units test and implement business unit processes, controls and monitoring to support corporate model risk management standards such as documentation standards and reporting standards; (vii) coordinating with CRM to produce relevant, sufficient, accurate and timely risk reporting that is consistent with the processes and methodology established by CRM; (viii) ensuring sufficient financial resources and qualified personnel are deployed to control the risks inherent in the business activities; and (ix) designating, in consultation with the CRO, a Business Risk Officer to assist with the above.

Chief Risk Officer

As a member of our senior management team, the CRO chairs our Risk Committee. In addition, the CRO has oversight responsibility to establish the CRM function with capabilities to exercise its mandate across all risk categories. Our CRO reports directly to our Risk Oversight Committee and administratively to the CEO. Our CRO provides our Board of Directors and executive management with an independent perspective on (i) the risks to which our Company is exposed; (ii) how well management is identifying, assessing and managing risk; and (iii) the capabilities our Company has in place to manage risks across the enterprise.

Corporate Risk Management

The CRM department is led by the CRO and supports business units by providing objective oversight of our risk profile to help ensure that risks are managed, aggregated and reported to our Risk Committee, our Risk Oversight Committee and our Audit Committee. The CRM department participates in our Risk Committee and sub-committee meetings to provide an enterprise-wide perspective on risk, governance matters, policies and risk thresholds. The CRM department includes, but is not limited to, teams that are responsible for oversight of enterprise, operational, consumer credit, counterparty credit, market, liquidity, compliance, Bank Secrecy Act/anti-money laundering, third-party and business technology and information security risk, as well as model validation and risk testing functions.

Credit Risk Management

Credit Risk Management is responsible for (i) developing, validating and implementing credit policy criteria and predictive loan origination and servicing models in order to optimize the profitability of our lending activities; (ii) ensuring adherence to our credit risk policies and approval limits, and that departmental policies, procedures and internal controls are consistent with our defined standards; (iii) ensuring that we manage credit risk within approved limits; and (iv) monitoring performance for both new and existing consumer loan products and portfolios.

Legal Organization

The legal organization plays a significant role in managing our legal risk by, among other things, identifying, interpreting and advising on legal and regulatory risks. The CRM department collaborates and coordinates closely with the legal organization. Our legal organization participates in meetings of the Risk Committee and the sub-committees of the Risk Committee in order to advise on legal and compliance risks and to inform the committees of any relevant legislative and regulatory developments. Further, our Chief Legal Officer is a member of our Executive Committee.

Internal Audit Department

Our internal audit department performs periodic, independent reviews and testing of compliance with risk management policies and standards across our Company, as well as assessments of the design and operating effectiveness of these policies and standards. The internal audit department also validates that risk management controls are functioning as intended by reviewing and evaluating the design and operating effectiveness of the CRM program and processes, including the effectiveness of the CRM function. The results of such reviews are reported to our Audit Committee and Risk Oversight Committee.

-14-

Risk Categories

We are exposed to a broad set of risks in the course of our business activities due to both internal and external factors, which we segment into seven major risk categories. The first six are defined to be broadly consistent with guidance published by the Federal Reserve and the Basel Committee on Banking Supervision (“BCBS”): credit (consumer and counterparty), market, liquidity, operational, compliance and legal risk. We recognize the seventh, strategic risk, as a separate risk category. We evaluate the potential impact of a risk event on our Company by assessing the financial impact, the impact to our reputation, the legal and regulatory impact and the client/customer impact. In addition, we have established various policies to help govern these risks.

Credit Risk

Our credit risk arises from the potential that a borrower or counterparty will fail to perform on an obligation. Our credit risk includes consumer credit risk and counterparty credit risk. Consumer credit risk is primarily incurred by Discover Bank through the issuance of (i) unsecured credit including credit cards, private student loans and personal loans and (ii) secured credit including deposit secured credit cards and home loans. Counterparty credit risk is incurred through a number of business-facing activities including payment network settlement, certain marketing and incentive programs, asset/liability management, guarantor and insurance relationships and strategic investments.

Market Risk

Market risk is the risk to our financial condition resulting from adverse movements in market rates or prices, such as interest rates, foreign exchange rates, credit spreads or equity prices. Given the nature of our business activities, we are exposed to various types of market risk; in particular interest rate risk, foreign exchange risk and other risks that arise through the management of our investment portfolio. Interest rate risk is more significant relative to other market risk exposures and results from potential mismatches in the repricing term of assets and liabilities (yield curve risk) and volatility in reference rates used to reprice floating-rate structures (basis risk). Foreign exchange risk is primarily incurred through exposure to currency movements across a variety of business activities and is derived, specifically, from the timing differences between transaction authorizations and settlement.

Liquidity Risk

Liquidity risk is the risk that we will be unable to meet our obligations as they become due because of an inability to liquidate assets or obtain adequate funding, or an inability to easily unwind or offset specific exposures without significantly lowering market prices because of inadequate market depth or market disruptions.

Operational Risk

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Operational risk is inherent in all our businesses. Operational risk categories incorporate all of the operational loss event-type categories set forth by the BCBS, which include the following: (i) internal fraud; (ii) external fraud; (iii) employment practices and workplace safety; (iv) clients, products and business practices; (v) damage to physical assets; (vi) business disruption and system failures; and (vii) execution, delivery and process management.

One of our key operational risks is information security, which includes cybersecurity. Our information security program is led by our Chief Information Security Officer and overseen by our Technology and Information Risk Committee. The program is designed to safeguard the confidentiality, integrity and availability of information assets. We continuously monitor the cyber threat landscape, internal threats and technological changes to ensure controls are in place to mitigate risks to the organization and our customers. In concert with our lines of business and corporate functions, our enterprise-wide incident management framework enables us to manage risk mitigation activities that stem from incidents - including governance structure and organization, an incident management program, incident management and escalation principles, requirements for testing and exercising the program, risk management principles and external reporting guidance.

Compliance Risk

Compliance risk is the risk of material financial loss, damage to reputation or negative impact on business strategies that Discover Financial Services and its subsidiaries may suffer as a result of its failure to comply with laws, regulations, rules and key internal policies applicable to the activities of our Company. Compliance risk exposures are

-15-

actively and primarily managed by our business units in conjunction with our Compliance department. Our compliance program governs the management of compliance risk and includes oversight by our Risk Committee and Compliance Committee.

Legal Risk

Legal risk arises from the potential that unenforceable contracts, lawsuits or adverse judgments can disrupt or otherwise negatively affect our operations or condition. These risks are inherent in all of our businesses. Legal risk exposures are primarily managed by our business units in conjunction with our legal organization. Our Risk Committee and Compliance Committee oversee our legal risk management. Specifically, the legal organization is responsible for providing advice, interpreting and identifying developments regarding laws, regulations, regulatory guidance and litigation and setting standards for communicating relevant changes to corporate compliance, the business and internal audit. The legal organization also identifies and communicates legal risk associated with new products and business practices.

Strategic Risk

Strategic risk is the risk that our strategies and the execution of those strategies do not produce the desired outcome, resulting in a negative impact on our enterprise value. This risk can be driven by internal and external factors, including (i) our business model, market position, selection of strategies and execution of those strategies and (ii) competitor strategies, emergence of new competitors, emergence of new technologies, changing consumer preferences or other market factors.

Our Risk Committee actively manages strategic risk by monitoring our risk appetite and key risk indicators (“KRIs”), identifying and providing oversight of key risks associated with our business strategies, and working with our Risk Oversight Committee and Board of Directors to identify and manage top strategic risks. Our business units take on and are accountable for managing strategic risk in pursuit of their objectives.

Enterprise Risk Management Framework

Our enterprise risk management principles are executed through a risk management framework that is based upon industry standards for managing risk and controls. While the detailed activities vary by risk type, there are common process elements that apply across risk types. We seek to apply these elements consistently in the interest of effective and efficient risk management. This framework seeks to link risk processes and infrastructure with the appropriate risk oversight to create a risk management structure that raises risk awareness, reduces impact of potential risk events, improves business decision-making and increases operational efficiency.

Risk Identification

We seek to identify potential exposures that could adversely affect our ability to successfully implement strategies and achieve objectives. To ensure that the full scale and scope of risk exposures from firm-wide activities are identified, we seek to identify risk exposures based on (i) significant enterprise-level risks that are strategic, systemic, or emerging in nature, including Company-specific risks that span across multiple lines of business; (ii) granular risk exposures from on-balance sheet and off-balance sheet positions, including concentrations; and (iii) risk exposures from initiatives focused on new, expanded, customized, or modified products, services and processes.

Risk exposures identified through these three approaches are consolidated to create a comprehensive risk inventory. This inventory is leveraged by a number of processes within our Company including stress scenario design and stress testing, capital planning, risk appetite setting and risk modeling. The risk inventory is reviewed and approved at least annually by the Risk Committee while the sub-committees review the risks mapped to the relevant risk categories for transparency and comprehensive coverage of risk exposures.

Risk Measurement

Our risk measurement process seeks to ensure that the identified risk exposures are appropriately assessed. Risk measurement techniques appropriate to the risk category, including econometric modeling, statistical analysis, peer benchmarking and qualitative assessments, are employed to measure our material risk exposures.

-16-

Risk Monitoring

Our risks are monitored through an integrated monitoring framework consisting of risk appetite metrics and KRIs. These metrics are established to monitor changes in our risk exposures and external environment. Risk appetite metrics are used to monitor the overall risk profile of our Company by setting risk boundaries and expectations through quantitative limits and qualitative expressions. We use KRIs to monitor our risk profile through direct or indirect alignment with the risk appetite limits.

These metrics enable monitoring of risk by business management and by measuring risk and performance data against risk appetite and KRI escalation thresholds that are updated periodically. Escalation procedures are in place to notify the appropriate governance committees in the event of any actual risk limit breaches or potential upcoming breaches. In addition to metrics, independent CRM testing also informs how well risks are managed.

Risk Management

We have policies and a defined governance structure in place to manage risks. In the event of a risk exposure exceeding established thresholds, management determines appropriate response actions. Responses, which may be taken by the Board of Directors, the Risk Oversight Committee, the Audit Committee, the Risk Committee, sub-committees or the CRO, or business units, may include (i) actions to directly mitigate or resolve risk; (ii) actions to terminate any activities resulting in an undesired or unintended risk position; or (iii) actions to prevent, avoid, modify, share or accept a risk position (or activity prior to its occurrence).

Risk Reporting

As the constituents primarily responsible for proactively managing the risks to which they are exposed, our business units and risk and control functions periodically report to the governance committees. The CRM function is responsible for independent reporting on risk matters to various constituencies across our Company on a regular basis. The CRM department periodically provides risk management reporting to the Risk Committee, the Audit Committee, the Risk Oversight Committee and the Board of Directors.

Stress Testing

We use stress testing to better understand the range of potential risks and their impacts to which our Company is exposed. A stress testing framework is employed to provide a comprehensive, integrated and forward-looking assessment of material risks and vulnerabilities. Stress test results provide information for business strategy, risk appetite setting and decisions related to capital actions, contingency capital plans, liquidity buffer, contingency funding plans and balance sheet positioning. Our stress testing framework utilizes a risk inventory, which covers our risk exposures across our defined risk categories. The risk inventory provides a comprehensive view of our vulnerabilities capturing significant risks from the Board of Directors’ and management’s view, granular risks relevant to business units and emerging risks associated with new initiatives.

Risk Management Review of Compensation

Our compensation program is grounded in a pay-for-performance philosophy, which considers performance across our Company, business segments and individual performance, as appropriate, as well as the long-term interests of our shareholders and the safety and soundness of our Company. We strive to deliver compensation that is competitive relative to our peers, and have designed our program to attract, retain and motivate our employees. In addition to being competitive in the markets that we compete for talent and encouraging employees to achieve objectives set out by our management, our compensation programs are designed to balance an appropriate mix of compensation components to align the interests of employees with the long-term interests of shareholders and the safety and soundness of our business.

The design and administration of our compensation programs provide incentives that seek to appropriately balance risk and financial results in a manner that does not incentivize employees to take imprudent risks, is compatible with effective controls and enterprise-wide risk management and is supported by strong corporate governance, including oversight by our Board of Directors and the CLDC of our Board of Directors. At least annually, the CLDC meets with the CRO to review and discuss the results of the assessment of whether our compensation plans encourage imprudent risk-taking that could threaten the value of, or have a material adverse effect on, our Company or result in a failure to comply with regulatory requirements.

-17-

Risk Appetite and Strategic Limit Structure

Risk appetite is defined as the aggregate level and the type of risks we are willing to accept or avoid in order to achieve our strategic objectives. Risk appetite expressions are consistent with our aspirations, mission statement and core values and also serve as tools to preclude business activities that could have a negative impact on our reputation.

Risk appetite is expressed through both quantitative limits and qualitative expressions to recognize a range of possible outcomes and to help set boundaries for proactive management of risks. Risk appetite measures take into account the risk profile of the businesses, the external macroeconomic environment and stakeholder views, including those of shareholders, regulators, ratings agencies and customers. These limits and expressions are revised at least annually or as warranted by changes in business strategy, risk profile and external environment.

Management and our CRM department monitor approved limits and escalation triggers to ensure that the business is operating within the approved risk appetite. Risk limits are monitored and reported on to various risk sub-committees, the Risk Committee and our Board of Directors, as appropriate. Through ongoing monitoring of risk exposures, management seeks to be able to identify appropriate risk response and mitigation strategies in order to react dynamically to changing conditions.

Capital Planning

Risk exposures identified through the risk identification process across risk categories and risk types are consolidated to create a comprehensive risk inventory. This inventory is leveraged by a number of processes within our Company including stress scenario design, capital planning, risk appetite setting and risk modeling. The risk inventory is reviewed and approved at least annually by the Capital Planning Committee along with the Risk Committee and sub-committees to ensure transparency and comprehensive coverage of risk exposures. Our capital planning and management framework encompasses forecasting capital levels, establishing capital targets, monitoring capital adequacy against targets, maintaining appropriate contingency capital plans and identifying strategic options to deploy excess capital.

Supervision and Regulation

General

Our operations are subject to extensive regulation, supervision and examination under U.S. federal and state laws and regulations, and under the legal or regulatory frameworks of certain foreign jurisdictions. As a bank holding company under the Bank Holding Company Act of 1956 and a financial holding company under the Gramm-Leach-Bliley Act, we are subject to supervision, examination and regulation by the Federal Reserve. As a large provider of consumer financial services, we are subject to supervision, examination and regulation of the Consumer Financial Protection Bureau (“CFPB”).

Our bank subsidiary, Discover Bank, is located in the U.S. and is chartered and regulated by the Office of the Delaware State Bank Commissioner (“Delaware Commissioner”) and is also regulated by the FDIC, which insures its deposits up to applicable limits and serves as the bank’s primary federal banking regulator. Discover Bank is also a member of the Federal Home Loan Bank (“FHLB”) of Chicago. Discover Bank offers credit card loans, private student loans, personal loans and home loans as well as certificates of deposit, savings and checking accounts and other types of deposit accounts.

Bank Holding Company Regulation

Permissible activities for a bank holding company include owning a bank as well as those activities that are so closely related to banking as to be a proper incident thereto, such as consumer lending and other activities that have been approved by the Federal Reserve by regulation or order. Certain servicing activities are also permissible for a bank holding company if conducted for or on behalf of the bank holding company or any of its affiliates. Impermissible activities for bank holding companies include non-financial activities that are related to commerce such as manufacturing or retail sales of non-financial products.

A financial holding company and the non-bank companies under its control are permitted to engage in activities considered financial in nature, incidental to financial activities, or complementary to financial activities, if the Federal Reserve determines that such activities pose no risk to the safety or soundness of depository institutions or the financial system in general. Being a financial holding company under the Gramm-Leach-Bliley Act requires that the depository institution we control meets certain criteria, including capital, management and Community Reinvestment Act

-18-

requirements. In addition, under the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) we are required to meet certain capital and management criteria to maintain our status as a financial holding company. Failure to meet the criteria for financial holding company status results in restrictions on new financial activities or acquisitions and could require discontinuance of existing activities that are not otherwise generally permissible for bank holding companies.

Federal Reserve regulations and the Federal Deposit Insurance Act (“FDIA”) require a bank holding company to serve as a source of strength to its subsidiary bank(s) and commit resources to support each subsidiary bank. This support may be required at times when a bank holding company may not be able to provide such support without adversely affecting its ability to meet other obligations.

The Dodd-Frank Act addresses risks to the economy and the payments system, especially those posed by large systemically important financial institutions. When the Dodd-Frank Act was first signed into law, all bank holding companies with $250 billion or more in total consolidated assets became subject to enhanced prudential standards. The Dodd-Frank Act was subsequently amended by the Economic Growth, Regulatory Relief, and Consumer Protection Act (“EGRRCPA”) to provide the Federal Reserve with the authority to impose certain enhanced prudential standards on bank holding companies with total consolidated assets between $100 billion and $250 billion, including DFS, only after issuing a new regulation or order based on a risk-based determination. In October 2019, the federal banking agencies issued final rules that tailored the regulatory requirements in effect at that time related to capital, liquidity and enhanced prudential standards to align with the risk and complexity profiles of banking institutions with total consolidated assets of $100 billion or more. Under the final rules, which became effective in December 2019, DFS is considered a Category IV institution and therefore subject to the least stringent category of enhanced prudential standards for bank holding companies with at least $100 billion in total assets. Among other things, DFS is required to submit to supervisory stress tests every other year rather than annually, is no longer subject to regulations requiring DFS to submit the results of company-run capital stress tests and is no longer subject to the liquidity coverage ratio. However, DFS is still required to submit annual capital plans to the Federal Reserve and remains subject to other core components of enhanced prudential standards, such as risk-management and risk committee requirements and liquidity risk management regulations.

In January 2021, the Federal Reserve finalized regulatory amendments that made targeted changes to the capital planning, regulatory reporting and stress capital buffer (“SCB”) requirements for firms subject to Category IV standards, including DFS, to be consistent with the Federal Reserve’s regulatory tailoring framework that became effective in December 2019. Among other things, the amended rules provide Category IV institutions with the option to submit to supervisory stress tests during off years if they wish for the Federal Reserve to reset the stress test portion of their SCB requirement.

In 2021, DFS was required to submit a capital plan to the Federal Reserve, but was not required to and did not elect to voluntarily participate in the Federal Reserve’s 2021 Comprehensive Capital Analysis and Review (“CCAR”) stress tests. DFS’ capital plan was submitted to the Federal Reserve on April 5, 2021. The Federal Reserve used our 2021 capital plan submission to assess its capital planning process and positions, and in August 2021, announced DFS’ adjusted SCB requirement of 3.6% to reflect our planned common stock dividends. This adjusted SCB was effective through October 1, 2022. DFS was a full participant in the CCAR process and submitted the 2022 Capital Plan to the Federal Reserve by the April 5, 2022, due date.

On June 23, 2022, the Federal Reserve released results of the 2022 CCAR exercise. Discover’s results showed strong capital levels under stress, well above regulatory minimums. These results were used to set the new SCB effective October 1, 2022. On August 4, 2022, the Federal Reserve disclosed the new SCB for DFS is 2.5%, the lowest possible requirement.

DFS is subject to the Federal Reserve’s supervisory rating system for large financial institutions (“LFI Rating System”). The LFI Rating System is intended to align more closely with the Federal Reserve’s current supervisory programs for large financial institutions, enhance the clarity and consistency of supervisory assessments and provide greater transparency regarding the consequences of a given rating. Under the LFI Rating System, the Federal Reserve does not provide an institution with an overall composite rating but instead evaluates and assigns ratings for each of the following three components: capital planning and positions; liquidity risk management and positions; and governance and controls. An institution subject to the LFI Rating System, such as DFS, will not be considered “well managed” under applicable regulations if it is assigned a deficient rating in any one component, which could be a barrier for seeking the Federal Reserve’s approval to engage in new or expansionary activities.

-19-

Regulatory and supervisory developments, findings and ratings could negatively impact our business strategies or require us to: limit or change our business practices, restructure our products in ways that we may not currently anticipate, limit our product offerings, invest more management time and resources in compliance efforts, limit the fees we can charge for services or limit our ability to pursue certain business opportunities and obtain related required regulatory approvals. For additional information regarding bank regulatory limitations on acquisitions and investments, see “— Acquisitions and Investments.” See Note 19: Litigation and Regulatory Matters to our consolidated financial statements for more information on recent matters affecting us. Regulatory developments could also influence our strategies, impact the value of our assets, or otherwise adversely affect our businesses. For more information regarding the regulatory environment and developments under the Dodd-Frank Act, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Regulatory Environment and Developments” and “Risk Factors.”

Capital, Dividends and Share Repurchases

DFS and Discover Bank are subject to capital adequacy guidelines adopted by federal banking regulators, which include maintaining minimum capital and leverage ratios for capital adequacy and higher ratios to be deemed “well-capitalized” for other regulatory purposes. DFS and Discover Bank are required to maintain Tier 1 and total capital equal to at least 6% and 8% of our total risk-weighted assets, respectively. DFS and Discover Bank are also required to maintain a minimum “leverage ratio” (Tier 1 capital to adjusted total assets) of 4% and a common equity Tier 1 capital ratio (common equity Tier 1 capital to total risk-weighted assets) of 4.5%. Further, under the Federal Reserve’s current capital plan requirements, DFS is required to demonstrate that under stress scenarios we will maintain each of the minimum capital ratios on a pro-forma basis throughout the nine-quarter planning horizon.

In addition to the supervisory minimum levels of capital described above, Federal Reserve rules applicable to DFS require maintenance of the following minimum capital ratios to be considered “well-capitalized” for certain purposes under Regulation Y (12 CFR 225): (i) a Tier 1 risk-based capital ratio of 6% and (ii) a total risk-based capital ratio of 10%. Our bank subsidiary is required by the FDIC’s Prompt Corrective Action rules to maintain the following minimum capital ratios to be considered “well-capitalized”: (i) a common equity Tier 1 capital ratio of 6.5%; (ii) a Tier 1 risk-based capital ratio of 8%; (iii) a total risk-based capital ratio of 10%; and (iv) a Tier 1 leverage ratio of 5%. At December 31, 2022, DFS met all requirements to be deemed “well-capitalized” pursuant to the applicable regulations. For related information regarding our bank subsidiary see “— FDIA” below.

There are various federal and state law limitations on the extent to which our bank subsidiary can provide funds to us through dividends, loans or otherwise. These limitations include minimum regulatory capital requirements, federal and state banking law requirements concerning the payment of dividends out of net profits or surplus, affiliate transaction limits and general federal and state regulatory oversight to prevent unsafe or unsound practices. In general, federal and applicable state banking laws prohibit, without first obtaining regulatory approval, insured depository institutions, such as Discover Bank, from making dividend distributions if such distributions are not paid out of available earnings or would cause the institution to fail to meet applicable capital adequacy standards. For more information, see “— FDIA” below.

Additionally, we are subject to regulatory requirements imposed by the Federal Reserve as part of its stress testing framework and its CCAR program. For the third and fourth quarters of 2020, the Federal Reserve limited covered firms’ capital distributions, including common stock dividends and repurchases, based on a formula that restricts most share repurchases and limits dividends based on average net income during the preceding four quarters. The Federal Reserve extended these restrictions, with modifications, for all covered firms through the second quarter of 2021. In March 2021, the Federal Reserve extended the right to recalculate our SCB through June 30, 2021. In June 2021, the Federal Reserve announced that our SCB requirement would not be recalculated and, effective June 30, 2021, we were authorized to make capital distributions that are consistent with the Federal Reserve’s capital rule, inclusive of our final SCB requirement of 3.5% that was previously announced by the Federal Reserve in August 2020.

For more information on capital planning, including additional conditions and limits on our ability to pay dividends and repurchase our stock, see “— Bank Holding Company Regulation,” “Risk Factors — Operational and Other Risks — We may be limited in our ability to pay dividends on and repurchase our stock,” “Risk Factors — Operational and Other Risks — We are a holding company and depend on payments from our subsidiaries,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Regulatory Environment and Developments,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Liquidity and Capital Resources — Capital” and Note 17: Capital Adequacy to our consolidated financial statements.

-20-

FDIA

The FDIA imposes various requirements on insured depository institutions. For example, the FDIA requires, among other things, the federal banking agencies to take “prompt corrective action” in respect of depository institutions that do not meet minimum capital requirements. The FDIA sets forth the following five capital tiers: “well-capitalized,” “adequately capitalized,” “undercapitalized,” “significantly undercapitalized” and “critically undercapitalized.” A depository institution’s capital tier will depend upon how its capital levels compare with various relevant capital measures and certain other factors that are established by regulation. At December 31, 2022, Discover Bank met all applicable requirements to be deemed “well-capitalized.”

The FDIA also prohibits any depository institution from making any capital distributions (including payment of a dividend) or paying any management fee to its parent holding company if the depository institution would thereafter be “undercapitalized.” “Undercapitalized” institutions are subject to growth limitations and are required to submit a capital restoration plan. For a capital restoration plan to be acceptable, among other things, the depository institution’s parent holding company must guarantee that the institution will comply with the capital restoration plan.

If a depository institution fails to submit an acceptable capital restoration plan, it is treated as if it is “significantly undercapitalized.” “Significantly undercapitalized” depository institutions may be subject to a number of requirements and restrictions, including orders to sell sufficient voting stock to become “adequately capitalized,” requirements to reduce total assets and cessation of receipt of deposits from correspondent banks. “Critically undercapitalized” institutions are subject to the appointment of a receiver or conservator.

The FDIA prohibits insured banks from accepting brokered deposits or offering interest rates on any deposits significantly higher than the prevailing rate in the bank’s normal market area or nationally (depending upon where the deposits are solicited), unless it is “well-capitalized,” or it is “adequately capitalized” and receives a waiver from the FDIC. Under current FDIC regulations, a bank that is less than “well-capitalized” is generally prohibited from soliciting deposits by offering an interest rate that exceeds 75 basis points over the national market average or 120 percent of the current yield on a similar maturity U.S. Treasury obligation plus 75 basis points, whichever is higher. There are no such restrictions under the FDIA on a bank that is “well-capitalized.” As of December 31, 2022, Discover Bank met the FDIC’s definition of a “well-capitalized” institution for purposes of accepting brokered deposits. An inability to accept brokered deposits in the future could materially adversely impact our funding costs and liquidity. For more information, see “Risk Factors — Credit, Market and Liquidity Risk — An inability to accept or maintain deposits in the future could materially adversely affect our liquidity position and our ability to fund our business.”

The FDIA also affords FDIC insured depository institutions, such as Discover Bank, the ability to “export” interest rates permitted under the laws of the state where the bank is located. Discover Bank is located in Delaware and, therefore, can charge interest on loans to out-of-state borrowers at rates permitted under Delaware law, regardless of the usury limitations imposed by the state laws of the borrower’s residence. Delaware law does not limit the amount of interest that may be charged on loans of the type offered by Discover Bank. This flexibility facilitates the current nationwide lending activities of Discover Bank.

The FDIA subjects Discover Bank to deposit insurance assessments. In an effort to bolster the reserves of the Deposit Insurance Fund, the Dodd-Frank Act raised the statutory minimum reserve ratio for the Fund to 1.35% and removed the statutory cap for the designated reserve ratio (“DRR”). The FDIA requires the FDIC to designate and publish a DRR annually. For 2022, the DRR was 2.00%. The FDIC also recently amended its deposit insurance regulations to increase initial base deposit insurance assessment rate schedules, beginning with the first quarterly assessment period of 2023, which will raise Discover Bank’s cost of deposit insurance. Further increases may occur in the future.

Discover Bank is subject to the FDIC’s final rule requiring periodic submission of a resolution plan to the FDIC. In June 2021, the FDIC announced a modified approach to its implementation of certain aspects of its resolution plan rule as it relates to insured depository institutions with $100 billion or more in total assets. Discover Bank is required to submit a resolution plan to the FDIC on a three-year cycle, with its first filing due on December 1, 2022, under the FDIC’s modified approach. Discover Bank submitted its most recent resolution plan to the FDIC in November 2022.

Acquisitions and Investments

Since we are a bank holding company, and Discover Bank is an insured depository institution, we are subject to banking laws and regulations that limit the types of acquisitions and investments that we can make. In addition, certain permitted acquisitions and investments that we seek to make are subject to the prior review and approval of our banking regulators, including the Federal Reserve and FDIC. Our banking regulators have broad discretion on whether

-21-

to approve proposed acquisitions and investments. In deciding whether to approve a proposed acquisition, federal bank regulators will consider, among other factors, the effect of the acquisition on competition; our financial condition and our future prospects, including current and projected capital ratios and levels; the competence, experience and integrity of our management and our record of compliance with laws and regulations; the convenience and needs of the communities to be served, including our record of compliance under the Community Reinvestment Act; and our effectiveness in combating money laundering. Therefore, results of supervisory activities of the banking regulators, including examination results and ratings, can impact whether regulators approve proposed acquisitions and investments. For more information on recent matters affecting us, see Note 19: Litigation and Regulatory Matters to our consolidated financial statements. For information on the regulatory environment, see “Risk Factors.”

In addition, certain acquisitions of our voting stock may be subject to regulatory approval or notice under federal or Delaware state law. Investors are responsible for ensuring that they do not, directly or indirectly, acquire shares of our stock in excess of the amount that can be acquired without regulatory approval under the Change in Bank Control Act, the Bank Holding Company Act and the Delaware Change in Bank Control provisions, which prohibit any person or company from acquiring control of us without, in most cases, the prior written approval of each of the FDIC, the Federal Reserve and the Delaware Commissioner.

Consumer Financial Services

The relationship between us and our U.S. customers is regulated extensively under federal and state consumer protection laws. Federal laws include the Truth in Lending Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Credit Card Accountability Responsibility and Disclosure Act, the Servicemembers Civil Relief Act, the Military Lending Act, the Truth in Savings Act, the Electronic Fund Transfer Act and the Dodd-Frank Act. These and other federal laws, among other things, prohibit unfair, deceptive and abusive trade practices, require disclosures of the cost of credit and other terms of credit and deposit accounts, provide substantive consumer rights, prohibit discrimination in credit transactions, regulate the use of credit report information, provide privacy protections, require safe and sound banking operations, restrict our ability to raise interest rates, protect customers serving in the military and their dependents and subject us to substantial regulatory oversight. The CFPB has rulemaking and interpretive authority under the Dodd-Frank Act and other federal consumer financial services laws, as well as broad supervisory, examination and enforcement authority over large providers of consumer financial products and services, such as DFS. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Regulatory Environment and Developments — Consumer Financial Services.” State and, in some cases, local laws also may regulate in these areas, as well as in the areas of collection practices, and may provide other additional consumer protections.

Violations of applicable consumer protection laws can result in significant potential liability in litigation by customers, including civil monetary penalties, actual damages, restitution and attorneys’ fees. Federal banking regulators, as well as state attorneys general and other state and local consumer protection agencies, also may seek to enforce consumer protection requirements and obtain these and other remedies. Further violations may cause federal banking regulators to deny, or delay approval of, potential acquisitions and investments. See “— Acquisitions and Investments.”

We are subject to additional laws and regulations affecting mortgage lenders. Federal, state and, in some instances, local laws apply to mortgage lending activities. These laws generally regulate the manner that mortgage lending and lending-related activities are conducted, including advertising and other consumer disclosures, payments for services and recordkeeping requirements. These laws include the Real Estate Settlement Procedures Act, the Fair Credit Reporting Act, the Truth in Lending Act, the Equal Credit Opportunity Act, the Fair Housing Act, the Home Mortgage Disclosure Act and various state laws. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Regulatory Environment and Developments — Consumer Financial Services.”

Payment Networks

We operate the Discover and PULSE networks, which deliver switching and settlement services to financial institutions and other program participants for a variety of ATM, POS and other electronic banking transactions. These operations are regulated by certain federal and state banking, privacy and data security laws. Moreover, the Discover and PULSE networks are subject to examination under the oversight of the Federal Financial Institutions Examination Council, an interagency body composed of the federal bank regulators and the National Credit Union Administration. In addition, as our payments business has expanded globally through Diners Club, we are subject to government

-22-

regulation in countries in which our networks operate or our cards are used, either directly or indirectly through regulation affecting Diners Club network licensees. Changes in existing federal, state or international regulation could increase the cost or risk of providing network services, change the competitive environment, or otherwise materially adversely affect our operations. The legal environment regarding privacy and data security is particularly dynamic and any unpermitted disclosure of confidential customer information could have a material adverse impact on our business, including loss of consumer confidence.

The Dodd-Frank Act contains several provisions that are relevant to the business practices, network transaction volume, revenue and prospects for future growth of PULSE, our debit card network business. The Dodd-Frank Act requires that merchants control the routing of debit transactions and that interchange fees received by certain payment card issuers on debit card transactions be “reasonable and proportional” to the issuer’s cost in connection with such transactions, as determined by the Federal Reserve. The Dodd-Frank Act also requires the Federal Reserve to restrict debit card networks and issuers from requiring debit card transactions to be processed solely on a single payment network or two or more affiliated networks, or from requiring that transactions be routed over certain networks.

Money Laundering & Terrorist Financing Prevention Program

We maintain an enterprise-wide program designed to comply with all applicable anti-money laundering and anti-terrorism laws and regulations, including the Bank Secrecy Act and the USA PATRIOT Act of 2001. This program includes policies, procedures, training and other internal controls designed to mitigate the risk of money laundering or terrorist financing posed by our products, services, customers and geographic locale. These controls include procedures and processes to detect and report suspicious transactions, perform customer due diligence and meet all recordkeeping and reporting requirements related to particular transactions involving currency or monetary instruments. The program is coordinated by our anti-money laundering compliance and sanctions officer and undergoes regular independent audits to assess its effectiveness. Our program is typically reviewed on an annual basis by federal banking regulators. For additional information regarding bank regulatory limitations on acquisitions and investments, see “— Acquisitions and Investments.”

Sanctions Programs

We have a program designed to comply with applicable economic and trade sanctions programs, including those administered and enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control. These sanctions are usually targeted against foreign countries, terrorists, international narcotics traffickers and those believed to be involved in the proliferation of weapons of mass destruction. These regulations generally require either the blocking of accounts or other property of specified entities or individuals, but they may also require the rejection of certain transactions involving specified entities or individuals. We maintain policies, procedures and other internal controls designed to comply with these sanctions programs.

-23-

Information About Our Executive Officers

Set forth below is information concerning our executive officers, each of whom is a member of our Executive Committee.

Name	Age	Position
Roger C. Hochschild	58	Chief Executive Officer and President
John T. Greene	57	Executive Vice President, Chief Financial Officer
Amir S. Arooni	58	Executive Vice President, Chief Information Officer
Daniel P. Capozzi	51	Executive Vice President, President - U.S. Cards
R. Andrew Eichfeld	53	Executive Vice President, Chief Human Resources and Administrative Officer
Hope D. Mehlman	58	Executive Vice President, Chief Legal Officer and General Counsel
Carlos M. Minetti	60	Executive Vice President, President - Consumer Banking
Diane E. Offereins	65	Executive Vice President, President - Payment Services
Michael E. Roemer	60	Executive Vice President, Chief Risk Officer
Keith E. Toney	51	Executive Vice President, Data and Analytics

Roger C. Hochschild is our Chief Executive Officer and President, a position he has held since October 2018. Mr. Hochschild was also elected to the Discover Board of Directors in August 2018. From 2004 to 2018, Mr. Hochschild served as President and Chief Operating Officer. Prior to that, he was Executive Vice President, Chief Administrative and Strategic Officer (2001 to 2004) and Executive Vice President, Chief Marketing Officer - Discover (1998 to 2001) of our former parent company Morgan Stanley. Mr. Hochschild holds a Bachelor’s degree in Economics from Georgetown University and an M.B.A. from the Amos Tuck School at Dartmouth College.

John T. Greene is our Executive Vice President, Chief Financial Officer. He has held this role since September 2019. Prior to joining Discover, Mr. Greene served as Executive Vice President, Chief Financial Officer and Treasurer at Bioverativ, a global biopharmaceutical company. From 2014 to 2016, he was Chief Financial Officer for Willis Group Holdings, which was preceded by more than eight years at HSBC Holdings where he held CFO positions for several divisions, including retail bank and wealth management, insurance and consumer and mortgage lending. He also held various CFO roles in his 12-year tenure with General Electric from 1993 to 2005. Mr. Greene holds a Bachelor’s degree in Accounting from the State University of New York and an M.B.A. from the Kellogg School of Management at Northwestern University.

Amir S. Arooni is our Executive Vice President, Chief Information Officer. He has held this role since March 2020. Prior to joining Discover, Mr. Arooni served as Chief Information Officer for NN Group in the Netherlands, a spin-off of ING. From 2001 to 2015, he held various executive roles across ING. Mr. Arooni holds Master of Science degrees from IE University in Madrid, Spain, the HEC School of Management, Paris and Oxford University, England. He also holds an M.B.A. from Erasmus University Rotterdam, the Netherlands and the University of North Carolina, Chapel Hill.

Daniel P. Capozzi is our Executive Vice President, President - U.S. Cards. He has held this role since December 2020. In October 2018, he was appointed to the role of Executive Vice President, President - Credit Operations and Decision Management and also previously served as Senior Vice President, Credit and Decision Management beginning in June 2017. Since joining Discover in 2007, Mr. Capozzi has held leadership positions in the Deposits business and Corporate Finance. Prior to joining Discover, he held various leadership positions in Finance at Citibank and Bank of America. Mr. Capozzi holds a Bachelor’s degree in Business Administration from Northeastern University.

R. Andrew Eichfeld is our Executive Vice President, Chief Human Resources and Administrative Officer. He has held this role since September 2018. Prior to joining Discover, Mr. Eichfeld was an independent advisor from 2017 to 2018 and held various positions at McKinsey & Company from 1995 to 2017, where he was elected a senior partner in 2009. Mr. Eichfeld holds a Bachelor’s degree in Government from Oberlin College, as well as a Master’s degree in Middle Eastern studies and an M.B.A. in Marketing, both from the University of Chicago.

-24-

Hope D. Mehlman is our Executive Vice President, Chief Legal Officer and General Counsel. She has held this role since January 2023. Prior to joining Discover, Ms. Mehlman was Executive Vice President, General Counsel and Corporate Secretary of Bank of the West and Corporate Secretary of BNP Paribas USA, Inc. From 2006 to 2020, she held multiple leadership roles at Regions Financial Corp., where she last served as Executive Vice President, Deputy General Counsel, Chief Governance Officer and Corporate Secretary. Ms. Mehlman holds a Bachelor’s degree in Near Eastern Studies from Cornell University and a Juris Doctor from Seton Hall University Law School.

Carlos M. Minetti is our Executive Vice President, President - Consumer Banking. He has held this role since February 2014. Previously, he served as Executive Vice President, President - Consumer Banking and Operations (2010 to 2014), Executive Vice President, Cardmember Services and Consumer Banking (2007 to 2010) and Executive Vice President for Cardmember Services and Chief Risk Officer (2001 to 2007). Prior to joining us, Mr. Minetti worked in card operations and risk management for American Express from 1987 to 2000, where he last served as Senior Vice President. Mr. Minetti holds a Bachelor’s degree in Industrial Engineering from Texas A & M University and an M.B.A. from the Booth School of Business at The University of Chicago.

Diane E. Offereins is our Executive Vice President, President - Payment Services. She has held this role since April 2010. Previously, she served as Executive Vice President, Payment Services (2008 to 2010) and Executive Vice President and Chief Technology Officer (1998 to 2008). In 2006, she assumed leadership of the PULSE network. Prior to joining us, Ms. Offereins worked at MBNA America Bank from 1993 to 1998, where she last served as Senior Executive Vice President. Ms. Offereins holds a Bachelor’s degree in Accounting from Loyola University New Orleans.

Michael E. Roemer is our Executive Vice President, Chief Risk Officer. He has held this role since July 2021 and previously served as Chief Compliance Officer beginning in March 2021 through December 2021. Prior to joining Discover, Mr. Roemer served as Chief Compliance Officer at Wells Fargo from 2018 to 2020, where he oversaw the transformation of its enterprise compliance function, focusing on regulatory remediation and improvement of compliance risk management. Before that, he was Head of Compliance at Barclays from 2014 to 2017, where he led the compliance transformation program and served as Chief Internal Auditor from 2012 to 2014. Mr. Roemer holds a Bachelor’s degree from St. John’s University and completed the Tuck Executive Program at Dartmouth College.

Keith E. Toney is our Executive Vice President, Data and Analytics. He has held this role since October 2020 and previously served as Senior Vice President, Chief Data Officer beginning in December 2019. From 2017 to 2019, Mr. Toney held leadership positions with The Hartford Financial Services Group, where he last served as Senior Vice President – Product, Data Science and Analytics. Mr. Toney, who also served as Chief Data Scientist at Connexion Point from 2015 to 2017, has more than 20 years of information technology experience in financial services and analytics. Mr. Toney holds a Bachelor’s degree and a Master’s degree in Mathematics from Ohio State University.

-25-

Item 1A.    Risk Factors

You should carefully consider each of the following risks described below and all of the other information in this annual report on Form 10-K in evaluating us. Our business, financial condition, cash flows and/or results of operations could be materially adversely affected by any of these risks. The trading price of our common stock could decline due to any of these risks. This annual report on Form 10-K also contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those anticipated in these forward-looking statements as a result of certain factors, including the risks faced by us described below and elsewhere in this annual report on Form 10-K. See “Special Note Regarding Forward-Looking Statements,” which immediately follows the risks below.

Summary

The following is a summary of the most important risks that could materially adversely affect our business, financial condition, cash flows and/or results of operations, and should be read together with the more detailed description of risks that follow:

•Economic and Regulatory: As a consumer financial services and payment services company, we are subject to risks stemming from new laws and regulations and an uncertain economic environment.

•Strategic: We must successfully compete against firms that are larger than we are and have more resources than we do as well as firms that are smaller and potentially disruptive to our industry as we manage the unique risks associated with each of our product offerings.

•Credit, Market and Liquidity: We must effectively manage our desire to grow our loan portfolio against the risk that those loans will not be repaid, while ensuring that we manage the underlying cost of the funds we use to make those loans and sources of funding we rely on to fund those loans.

•Operational and Other Risks: We must remain operationally effective and manage operational and reputational risks such as fraud and cybersecurity, while continuing to monitor and effectively respond to an external environment that may negatively impact the utilization or desirability of our products and services.

Current Economic and Regulatory Environment

Economic conditions could have a material adverse effect on our business, results of operations and financial condition.

As a provider of consumer financial services, our business, results of operations and financial condition are subject to the U.S. and global economic environment. A customer’s ability and willingness to repay us can be impacted by not only economic conditions but also a customer’s other payment obligations.

Economic conditions also can reduce the usage of credit cards in general and the average purchase amount of transactions industry-wide, including our cards, which reduces interest income and transaction fees. We rely heavily on interest income from our credit card business to generate earnings. Our interest income from credit card loans was $10.6 billion for the year ended December 31, 2022, which was 80% of net revenues (defined as net interest income plus other income), compared to $8.7 billion for the year ended December 31, 2021, which was 72% of net revenues. Economic conditions combined with a competitive marketplace could slow loan growth, resulting in reduced revenue growth from our core digital banking business.

Financial regulatory developments have had an impact and will continue to significantly impact the environment for the financial services industry, which could adversely impact our business, results of operations and financial condition.

The final rules implementing the tailoring requirements of 2018’s EGRRCPA became effective in December 2019. Under the final rules, DFS is considered a Category IV institution and therefore subject to the least stringent category of enhanced prudential standards for domestic bank holding companies with at least $100 billion in total assets. However, many of the core components of the regulations implementing enhanced prudential standards remain in place. Since 2020, DFS has been subject to slightly more tailored requirements for capital stress testing, liquidity risk management and resolution planning.

Meanwhile, the majority of the provisions of the Dodd-Frank Act were unchanged by the EGRRCPA and remain in effect, including provisions governing the practices and oversight of institutions engaged in financial services activities. The impact of the evolving regulatory environment on our business and operations depends upon a number of

-26-

factors, including (i) the legislative priorities of the U.S. Congress, (ii) priorities and actions of the Federal Reserve, FDIC and Consumer Financial Protection Bureau (“CFPB”), (iii) implications resulting from our competitors and other marketplace participants and (iv) changing consumer behavior. For additional information regarding bank regulatory matters impacting us, see “Business — Supervision and Regulation.”

Regulatory and legislative developments, findings and actions have had and could continue to have a negative impact on our business strategies or require us to: limit, exit or modify our business practices and product offerings; restructure our products in unanticipated ways; invest more management time and resources in compliance efforts; limit the fees we charge for services; impact the value of our assets; or limit our ability to pursue certain innovations and business opportunities and obtain related required regulatory approvals. For additional information regarding bank regulatory limitations on acquisitions and investments, see “Business — Supervision and Regulation — Acquisitions and Investments.” Furthermore, see Note 19: Litigation and Regulatory Matters to our consolidated financial statements for more information on recent matters affecting us. It is possible that any new regulatory measures or legislation may disproportionately affect us due to our size, structure or product offerings, among other things.

Compliance expectations and expenditures have steadily and significantly increased for us and the same is true for other financial services firms, and we expect this trend to continue as regulators escalate their focus on adequacy of controls to support business operations. We may face compliance and regulatory risks if we introduce new or changed products and services or enter into new business arrangements with third-party service providers, alternative payment providers, or other industry participants. Heightened regulatory expectations and increased volume of regulatory changes may generate additional expenses or require significant time and resources to maintain compliance.

For more information regarding the regulatory environment and developments potentially impacting us, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Regulatory Environment and Developments.”

Strategic Business Risk

We face competition in the credit card market from other consumer financial services providers and we may not be able to compete effectively, which could result in fewer customers and lower account balances and could materially adversely affect our financial condition, cash flows and results of operations.

The consumer financial services business is highly competitive. We compete with other consumer financial services providers, including non-traditional providers of financing and payment services such as financial technology firms, based on several factors, including brand, reputation, customer service, product offerings, incentives, pricing, e-commerce and digital wallet participation and other terms. Competition in credit cards is also based on merchant acceptance and the value provided to the customer by rewards programs and other innovations. Many credit card issuers have instituted rewards programs that are similar to ours and, in some cases, could be viewed as more attractive to customers than our programs. These competitive factors affect our ability to attract and retain customers, increase usage of our products and maximize the revenue generated by our products. In addition, because most domestically-issued credit cards, other than those issued by American Express, are issued on the Visa and MasterCard networks, most other card issuers benefit from the dominant position and marketing and pricing power of Visa and MasterCard. The competitive marketplace could result in slower loan growth, resulting in reduced revenue growth from our core digital banking business. If we are unable to compete successfully, or if competing successfully requires us to take aggressive actions in response to competitors’ actions, our financial condition, cash flows and results of operations could be materially adversely affected.

We incur considerable costs in competing with other consumer financial services providers and many of our competitors have greater financial resources than we do, which may place us at a competitive disadvantage and negatively affect our financial results.

We incur considerable costs in competing with other consumer financial services providers to attract and retain customers and increase usage of our products. A substantial portion of this cost relates to marketing expenditures and rewards programs. Since 2013 our rewards rate, which represents rewards cost divided by Discover Card sales volume, has increased from less than 1% to 1.41% in 2022. We expect the competitive intensity in the rewards space to continue, which could result in a continued increase in the cost of our rewards programs. Our consumer financial services products compete primarily based on pricing, terms and service. Because of the highly competitive nature of the credit card-issuing business, a primary method of competition among credit card issuers, including us, has been to offer rewards programs, low introductory interest rates, attractive standard purchase rates and balance transfer programs

-27-

that offer a favorable annual percentage rate or other financial incentives for a specified length of time on account balances transferred from another credit card.

Competition is intense in the credit card industry and customers may frequently switch credit cards or transfer their balances to another card. We expect to continue to invest in initiatives to remain competitive in the consumer financial services industry, including the launch of new cards and features, brand awareness initiatives, targeted marketing, online and mobile enhancements, e-wallet participation, customer service improvements, credit risk management and operations enhancements and infrastructure efficiencies. However, there can be no assurance that any of the costs we incur or incentives we offer to attempt to acquire and maintain accounts and increase usage of our products will be effective. In addition, to the extent that we offer new products, features or services to remain competitive, we may be subject to increased operational or other risks.

Furthermore, many of our competitors are larger than we are, have greater financial resources than we do, have more breadth in banking products, have lower funding costs than we have and expect to have and have assets, such as branch locations and co-brand relationships, that may be appealing to certain customers. For example, larger credit card issuers, which have greater resources than we do, may be better positioned to fund appealing rewards, marketing and advertising programs. We may be at a competitive disadvantage as a result of the greater financial resources, diversification and scale of many of our competitors.

Our costs directly affect our earnings results. Many factors can influence the amount of our costs, as well as how quickly it may increase. Our ongoing investments in infrastructure, which may be necessary to maintain a competitive business, integrate newly-acquired businesses and establish scalable operations, increase our costs. In addition, as our business develops, changes or expands, additional costs can arise as a result of a reevaluation of business strategies, management of outsourced services, asset purchases, structural reorganization, compliance with new laws or regulations or the acquisition of new businesses. If we are unable to manage our costs successfully, our financial results will be negatively affected.

The inability to compete against other operators of payment networks and alternative payment providers could result in reduced transaction volume, limited merchant acceptance of our cards, limited issuance of cards on our networks by third parties and materially reduced earnings from our payment services business.

We face substantial and increasingly intense competition in the payments industry, both from traditional players and new, emerging alternative payment providers. For example, we compete with other payment networks to attract network partners to issue credit and debit cards and other card products on the Discover, PULSE and Diners Club networks, collectively the Discover Global Network. Competition with other operators of payment networks is generally based on issuer fees, fees paid to networks (including switch fees), merchant acceptance, network size and functionality, technological capabilities and other economic terms. Competition is also based on customer perception of service quality, brand image, reputation and market share. Further, we are facing ongoing competition from alternative payment providers, who may create innovative network or other arrangements with our primary competitors, large merchants or other industry participants, which could adversely impact our costs, transaction volume and ability to grow our business.

Many of our competitors are well established, larger than we are and/or have greater financial resources or scale than we do. These competitors have provided financial incentives to card issuers, such as large cash signing bonuses for new programs, funding for and sponsorship of marketing programs and other bonuses. Visa and MasterCard each enjoy greater merchant acceptance and broader global brand recognition than we do. Although we have made progress in merchant acceptance, we have not achieved global market parity with Visa and MasterCard. In addition, Visa and MasterCard have entered into long-term arrangements with many financial institutions that may have the effect of discouraging those institutions from issuing cards on the Discover Network or issuing debit cards on the PULSE network. Some of these arrangements are exclusive, or nearly exclusive, which further limits our ability to conduct material amounts of business with these institutions. If we are unable to remain competitive on issuer fees and other incentives, we may be unable to offer adequate pricing to network partners while maintaining sufficient net revenues.

We also face competition as merchants put pressure on transaction fees. Increasing merchant fees or acquirer fees could adversely affect our effort to increase merchant acceptance of credit cards issued on the Discover Global Network and may cause merchant acceptance to decrease. This, in turn, could adversely affect our ability to attract and retain network partners who may seek out more cost-effective alternatives from both traditional and non-traditional payment services providers, which may limit our ability to maintain or grow revenues from our proprietary network. In

-28-

addition, competitors’ settlements with merchants and related actions, including pricing pressures and/or surcharging, could negatively impact our business practices. Competitor actions related to the structure of merchant and acquirer fees and merchant and acquirer transaction routing strategies have adversely affected and are expected to continue to adversely affect our PULSE network’s business practices, network transaction volume, revenue and prospects for future growth and entry into new product markets. Visa has entered into arrangements with some merchants and acquirers that have, and are expected to continue to have, the effect of discouraging those merchants and acquirers from routing debit transactions to PULSE. In addition, the Dodd-Frank Act’s network participation requirements and competitor actions negatively impact PULSE’s ability to enter into exclusivity arrangements, which affects PULSE’s business practices and may materially adversely affect its network transaction volume and revenue. PULSE has a pending lawsuit against Visa with respect to these competitive concerns. PULSE’s transaction processing revenue was $249 million and $227 million for the years ended December 31, 2022 and 2021, respectively.

American Express is also a strong competitor, with international acceptance, high transaction fees and an upscale brand image. Internationally, American Express competes in the same market segments as Diners Club. We may face challenges in increasing international acceptance on our networks, particularly if third parties that we rely on to issue Diners Club cards, increase card acceptance and market our brands do not perform to our expectations.

In addition, if we are unable to maintain sufficient network functionality to be competitive with other networks, or if our competitors develop better data security solutions or more innovative products and services than we do, our ability to retain and attract network partners and maintain or increase the revenues generated by our proprietary card-issuing business or our PULSE business may be materially adversely affected. Additionally, competitors may develop data security solutions, which as a consequence of the competitors’ market power, we may be forced to use. In that case, our business may be adversely affected as they may be better positioned to absorb the costs over higher volumes or a larger customer base.

Our business depends upon relationships with issuers, merchant acquirers, other payment enablers and licensees, many of whom are financial institutions. The economic and regulatory environment and increased consolidation in the financial services industry decrease our opportunities for new business and may result in the termination of existing business relationships if a business partner is acquired or goes out of business. In addition, as a result of this environment, financial institutions may have decreased interest in engaging in new card issuance opportunities or expanding existing card issuance relationships, which would inhibit our ability to grow our payment services business. We continue to face substantial and intense competition in the payments industry, which impacts our revenue margins, transaction volume and business strategies.

If we are unsuccessful in maintaining our international network business and achieving meaningful global card acceptance, we may be unable to grow our international network business.

We continue to make progress toward, but have not completed, achieving global card acceptance for the Discover Global Network since we acquired the Diners Club network and related assets in 2008. Achieving global card acceptance would allow our customers, including third-party issuers leveraging the network, to use their cards at merchant and ATM locations around the world.

Our international network business depends upon the cooperation, support and continuous operation of the network licensees that issue Diners Club cards and that maintain a merchant acceptance network. As is the case for other card payment networks, our Diners Club network does not issue cards or determine the terms and conditions of cards issued by the network licensees. If we are unable to continue our relationships with network licensees or if the network licensees are unable to continue their relationships with merchants, our ability to maintain or increase revenues and to remain competitive would be adversely affected due to the potential deterioration in customer relationships and related demand that could result. If one or more licensees were to experience a significant impairment of their business or were to cease doing business for economic, regulatory or other reasons, we would face the adverse effects of business interruption in a particular market, including loss of volume, acceptance and revenue and exposure to potential reputational risk. If such conditions arise in the future, we may deploy resources and incur expenses in order to sustain network acceptance. Additionally, interruption of network licensee relationships could have an adverse effect on the acceptance of Discover cards when they are used on the Diners Club network outside of North America.

The long-term success of our international network business depends upon achieving meaningful global card acceptance, which has included and may continue to include higher overall costs or longer timeframes than anticipated.

-29-

The failure to manage the risks of our student loan portfolio and the student lending environment could result in our inability to sustain and grow our student loan portfolio.

The long-term success of our student loan strategy depends upon our ability to manage the credit risk, pricing, funding, operations, including the transition away from London Interbank Offered Rate (“LIBOR”), and expenses of our student loan portfolio, as well as the growth of our student loan originations. Our student loan strategy is also impacted by external factors such as the overall economic environment, a competitive marketplace and a challenging regulatory environment for private student loans and student loans generally. For more information on the regulatory environment, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Regulatory Environment and Developments” and Note 19: Litigation and Regulatory Matters to our consolidated financial statements.

There are several challenges to managing and growing our private student loan business in the future, including (i) economic weakness, (ii) new changes from federal and state legislation or prudential regulations, or other government and regulatory focus on higher education costs, student lending and student loan servicing; and (iii) competitive factors, such as competition from non-traditional lenders including financial technology firms. Examples of these challenges include the recent legislative focus on federal student loan debt forgiveness in bankruptcy and legislative proposals in a number of states and the District of Columbia imposing new requirements on student loan servicing. These challenges may require us to restructure our private student loan products in ways we may not currently anticipate. In addition, changes that adversely affect the private student loan market generally may negatively impact the profitability and growth of our student loan portfolio.

Acquisitions or strategic investments that we pursue may not be successful and could disrupt our business, harm our financial condition or reduce our earnings.

We may consider or undertake strategic acquisitions of, or material investments in, businesses, products, portfolios of loans or technologies in the future. We may not be able to identify suitable acquisition or investment candidates, or even if we do identify suitable candidates, they may be difficult to finance, expensive to fund and there is no guarantee that we can obtain any necessary regulatory approvals or complete the transactions on terms that are favorable to us. We generally must receive federal regulatory approvals before we can acquire a bank, bank holding company, deposits or certain assets or businesses. For additional information regarding bank regulatory limitations on acquisitions and investments, see “Business — Supervision and Regulation — Acquisitions and Investments.”

To the extent we pay the purchase price of any strategic acquisition or investment in cash, it may have an adverse effect on our financial condition. Similarly, if the purchase price is paid with our stock, it may be dilutive to our stockholders. In addition, we may assume liabilities associated with a business acquisition or investment, including unrecorded liabilities that are not discovered at the time of the transaction. The repayment or settlement of those liabilities may have an adverse effect on our financial condition.

We may not be able to successfully integrate the personnel, operations, businesses, products, or technologies of an acquisition or investment. Integration may be particularly challenging if we enter into a line of business that we have limited experience and the business operates in a difficult legal, regulatory or competitive environment. We may find that we do not have adequate operations or expertise to manage the new business. The integration of any acquisition or investment may divert management’s time and resources from our core business, which could impair our relationships with our current employees, customers and strategic partners and disrupt our operations. Additionally, any acquisition or investment may expose us to increased information security risk as we integrate new systems that we may not be as familiar with or bring them in line with the requirements of our information security and business continuity programs. Acquisitions and investments also may not perform to our expectations for various reasons, including the loss of key personnel, customers or vendors. If we fail to integrate acquisitions or investments or realize the expected benefits, we may lose the return on these acquisitions or investments or incur additional transaction costs. As a result, our business, reputation and financial condition may be harmed.

Credit, Market and Liquidity Risk

The failure to successfully manage credit risk, which may result in high delinquency and charge-off rates, could materially adversely affect our business, profitability and financial condition.

As a lender, we are exposed to the risk that our borrowers will be unable or unwilling to repay the principal of, or interest on, loans in accordance with their terms. We seek to grow our loan receivables while maintaining quality credit performance. Our success depends on our ability to manage credit risk while attracting new customers with

-30-

profitable usage patterns. We select customers, manage their accounts and establish terms and credit limits using externally developed and proprietary scoring models and other analytical techniques designed to set terms and credit limits to appropriately compensate us for the credit risk we accept, while encouraging customers to use their available credit. The models and approaches we use may not accurately predict future charge-offs due to, among other things, inaccurate assumptions. While we continually seek to improve our assumptions and models, we may make modifications that unintentionally cause them to be less predictive or incorrectly interpret the data produced by these models in setting our credit policies.

At December 31, 2022 and 2021, $1.3 billion, or 1.14%, and $800 million, or 0.85%, of our loan receivables were non-performing (defined as loans over 90 days delinquent and accruing interest, plus loans not accruing interest). Our ability to manage credit risk and avoid high charge-off rates may be adversely affected by household, business, economic and market conditions that may be difficult to predict. When these conditions deteriorate, we may experience reduced demand for credit and increased delinquencies or defaults, including loans which we have securitized and in which we retain a residual interest. The level of nonperforming loans, charge-offs and delinquencies could rise and require additional provision for credit losses. There can be no assurance that our underwriting and portfolio management strategies will permit us to avoid high charge-off levels or that our allowance for credit losses will be sufficient to cover actual losses.

A customer’s ability and willingness to repay us can be impacted by changes in their employment status, increases in their payment obligations to other lenders and by restricted availability of credit to consumers generally. Our collection operations may not compete effectively to secure more of customers’ diminished cash flow than our competitors. In addition, we may fail to quickly identify customers who are likely to default on their payment obligations and reduce our exposure by closing credit lines and restricting authorizations, which could adversely impact our financial condition and results of operations. Our ability to manage credit risk also may be adversely affected by legal or regulatory changes (such as restrictions on collections, bankruptcy laws, minimum payment regulations and re-age guidance), competitors’ actions and consumer behavior, as well as inadequate collections staffing, resources, techniques and models. There can be no assurance that we will be able to grow the loan receivables portfolio in accordance with our strategies or manage credit and other risks associated with the loan products. Our failure to manage credit and other risks may materially adversely affect profitability and the ability to grow the loan receivables portfolio and further diversify the business.

Adverse market conditions or an inability to effectively manage our liquidity risk could negatively impact our ability to meet our liquidity and funding needs, which could materially adversely impact our business, results of operations and overall financial condition.

We must effectively manage the liquidity risk to which we are exposed. We require liquidity in order to meet cash requirements such as day-to-day operating expenses, extensions of credit on our consumer loans and required payments of principal and interest on our borrowings. Our primary sources of liquidity and funding are payments on our loan receivables, deposits and proceeds from securitization transactions and securities offerings. We may maintain too much liquidity, which can be costly, or we may be too illiquid, which could limit financial flexibility and result in financial distress during a liquidity stress event. Our liquidity portfolio had a balance of approximately $19.8 billion as of December 31, 2022, compared to $15.0 billion as of December 31, 2021. Our total contingent liquidity sources amounted to $67.3 billion as of December 31, 2022, compared to $52.9 billion as of December 31, 2021. As of December 31, 2022, our total contingent liquidity sources consisted of $19.8 billion in our liquidity portfolio, $3.5 billion of undrawn capacity in private securitizations, $1.7 billion in borrowing capacity with the FHLB of Chicago and $42.3 billion in incremental Federal Reserve discount window capacity.

In the event that our current sources of liquidity do not satisfy our needs, we would be required to seek additional financing. The availability of additional financing will depend on a variety of factors such as market conditions, the general availability of credit to the financial services industry, new regulatory restrictions and requirements and our credit ratings. Disruptions, uncertainty or volatility in the capital, credit or deposit markets may limit our ability to repay or replace maturing liabilities in a timely manner. As such, we may be forced to delay the acquisition of additional funding or be forced to issue or raise funding at undesirable terms and/or costs, which could decrease profitability and significantly reduce financial flexibility. Further, in disorderly financial markets or for other reasons, it may be difficult or impossible to liquidate some of our investments to meet our liquidity needs.

There can be no assurance that significant disruption and volatility in the financial markets will not occur in the future. Likewise, adverse developments with respect to financial institutions and other third parties with whom we maintain important financial relationships could negatively impact our funding and liquidity. If we are unable to

-31-

continue to fund our assets through deposits or access capital markets on favorable terms, or if we experience an increase in our borrowing costs or otherwise fail to manage our liquidity effectively, our liquidity, results of operations and financial condition may be materially adversely affected.

An inability to accept or maintain deposits in the future could materially adversely affect our liquidity position and our ability to fund our business.

A major source of our funds is customer deposits, primarily in the form of savings accounts, certificates of deposits, money market accounts and checking accounts. We obtain deposits from consumers either directly or through affinity relationships and through third-party securities brokerage firms that offer our deposits to their customers. We had $70.5 billion in deposits acquired directly or through affinity relationships and $21.1 billion in deposits originated through securities brokerage firms as of December 31, 2022, compared to $61.9 billion and $10.5 billion, respectively, as of December 31, 2021. Our ability to attract and maintain deposits, as well as our cost of funds, has been, and will continue to be, significantly affected by general economic conditions. Competition from other financial services firms that use deposit funding, the rates and services we offer on our deposit products and our ability to maintain a high-quality customer experience may affect deposit renewal rates, costs or availability. Changes we make to the rates offered on our deposit products may affect our profitability (through funding costs) and our liquidity (through volumes raised). In addition, our ability to maintain existing or obtain additional deposits may be impacted by various factors, including factors beyond our control, such as perceptions about our reputation, brand, or financial strength; quality of deposit servicing or branchless banking generally, which could reduce the number of consumers choosing to place deposits with us; third parties continuing or entering into affinity relationships or marketing arrangements with us; disruptions in technology services or the internet, generally; or third-party securities brokerage firms continuing to offer our deposit products. Furthermore, while there are limitations on withdrawal frequency on certain deposit accounts, customers may withdraw deposits to ensure that their deposits are fully insured or make investments that have a higher yield. If our customers withdraw their deposits, our funding costs may increase, which may reduce our net interest income and net income.

Our ability to obtain deposit funding and offer competitive interest rates on deposits is also dependent on capital levels of our bank subsidiary. In certain circumstances, the FDIA prohibits insured banks from accepting brokered deposits (as defined in the FDIA) and applies other restrictions, such as a cap on interest rates we may pay. See “Business — Supervision and Regulation” and Note 17: Capital Adequacy to our consolidated financial statements for more information. While our subsidiary, Discover Bank, met the FDIC’s definition of “well-capitalized” as of December 31, 2022 and has no restrictions regarding acceptance of brokered deposits or setting of interest rates, there can be no assurance that it will continue to meet this definition. Additionally, our regulators can adjust the requirements to be “well-capitalized” at any time and have authority to place limitations on our deposit businesses, including the interest rate we pay on deposits.

If we are unable to securitize our credit card receivables, it may have a material adverse effect on our liquidity, cost of funds and overall financial condition.

We use the securitization of credit card receivables as a significant source of funding as well as for contingent liquidity. The securitization of credit card receivables involves the transfer of credit card receivables to a trust, the transfer of the beneficial interest in those credit card receivables to a second trust through a special purpose entity and the issuance by the second trust of notes to third-party investors collateralized by the beneficial interest in the transferred credit card receivables. Our average level of credit card securitized borrowings from third parties was $9.0 billion and $9.5 billion for the years ended December 31, 2022 and 2021, respectively. There can be no assurance that we will be able to complete additional credit card securitization transactions if the credit card securitization market experiences significant and prolonged disruption or volatility.

Our ability to raise funding through the securitization market also depends, in part, on the credit ratings of the securities we issue from our securitization trusts. If we are not able to satisfy rating agency requirements to confirm the ratings of asset-backed securities issued by our trusts at the time of a new issuance of securities, it could limit our ability to access the securitization markets. Additional factors affecting the extent to which we may securitize our credit card receivables in the future include the overall credit quality of our credit card receivables, the costs of securitizing our credit card receivables, the demand for credit card asset-backed securities and the legal, regulatory, accounting or tax rules affecting securitization transactions and asset-backed securities, generally.

A prolonged inability to securitize our credit card receivables, or an increase in the costs of such issuances that would make such activities economically infeasible, may require us to seek alternative funding sources, which may be

-32-

less efficient and more expensive than raising capital via securitization transactions and may have a material adverse effect on our liquidity, cost of funds and overall financial condition.

The occurrence of events that result in the early amortization of our existing credit card securitization transactions or an inability to delay the accumulation of principal collections for our existing credit card securitization transactions would materially adversely affect our liquidity.

Our liquidity and cost of funds would be materially adversely affected by the occurrence of events that could result in the early amortization of our existing credit card securitization transactions. Our credit card securitization transactions are structured as “revolving transactions” that do not distribute to securitization investors their share of monthly principal payments received on the underlying receivables during the revolving period and instead use those principal payments to fund the purchase of new credit card receivables. The occurrence of an “early amortization event” may result in termination of the revolving periods of one or more of our securitization transactions, which would require us to repay the affected outstanding securitized borrowings out of principal collections without regard to the original payment schedule. Early amortization events include, for example, insufficient cash flows in the securitized pool of credit card receivables to meet contractual requirements (i.e., excess spread less than zero) and certain breaches of representations, warranties or covenants in the agreements relating to the securitization transactions. For more information on excess spread, see Note 5: Credit Card and Private Student Loan Securitization Activities to our consolidated financial statements. An early amortization event would negatively impact our liquidity and require us to rely on alternative funding sources, which may or may not be available at the time or may be less efficient and more expensive. An early amortization event also could impact our ability to access the undrawn secured credit facilities that we maintain for contingent liquidity purposes. Additionally, the occurrence of an early amortization event with respect to any of our securitization transactions may adversely impact investor demand for notes issued in our future credit card securitization transactions.

Our credit card securitization structure includes a requirement that we accumulate principal collections into a restricted account in the amount of scheduled maturities on a pro rata basis over the 12 months prior to a security’s maturity date. We have the option under our credit card securitization documents to shorten this accumulation period, subject to the satisfaction of certain conditions. Historically, we have exercised this option to shorten the accumulation period to a few months prior to maturity. If we were to determine that the payment rate on the underlying credit card receivables would not support a short accumulation period, we would need to begin accumulating principal cash flows earlier than we have historically. A lengthening of the accumulation period could negatively impact our liquidity, requiring management to implement mitigating measures. During periods of significant maturity levels, absent management actions, the lengthening of the accumulation period could materially adversely affect our financial condition.

A downgrade in the credit ratings of our or our subsidiaries’ securities could materially adversely affect our liquidity, results of operations and financial condition.

We, along with Discover Bank, are regularly evaluated by the ratings agencies. Their ratings for our long-term debt and other securities, including asset-backed securities issued by our securitization trusts, are based on a number of factors that may change from time to time, including our financial strength as well as factors that may not be within our control. Factors that affect our unsecured credit ratings include, but are not limited to, the macroeconomic environment in which we operate and the credit ratings of the U.S. government, the credit quality and performance of our assets, the amount and quality of our capital, the level and stability of our earnings and the structure and amount of our liquidity. In addition to these factors, the ratings of our asset-backed securities are also based on the quality of the underlying receivables and the credit enhancement structure of the trusts. Downgrades in our ratings, those of Discover Bank or our asset-backed securities could occur at any time and without notice by any of the rating agencies, which could, among other things, materially adversely affect our cost of funds, access to capital and funding and overall financial condition. There can be no assurance that we will be able to maintain our current credit ratings or that our credit ratings will not be lowered or withdrawn.

We may not be successful in managing the investments in our liquidity investment portfolio and investment performance may deteriorate due to market fluctuations, which would adversely affect our business and financial condition.

We must effectively manage the risks of the investments in our liquidity investment portfolio, which is composed of cash and cash equivalents and high-quality liquid investments. The value of our investments may be adversely affected by market fluctuations including changes in interest rates, prices, prepayment rates, credit risk premiums and overall

-33-

market liquidity. Also, investments backed by collateral could be adversely impacted by changes in the value of the underlying collateral. In addition, economic conditions may cause certain of the obligors, counterparties and underlying collateral on our investments to incur losses of their own or default on their obligations to us due to bankruptcy, lack of liquidity, operational failure or other reasons, thereby increasing our credit risk exposure to these investments. These risks could result in a decrease in the value of our investments, which could negatively impact our financial condition. These risks could also restrict our access to funding. While the securities in our investment portfolio are currently limited to obligations of high-quality sovereign and government-sponsored issuers, we may choose to expand the range of our investments over time, which may result in greater fluctuations in market value. While we expect these investments to be readily convertible into cash and do not believe they present a material increase to our risk profile or will have a material impact on our risk-based capital ratios, they are subject to certain market fluctuations that may reduce the ability to fully convert them into cash.

Changes in the level of interest rates could materially adversely affect our earnings.

Changes in interest rates cause our net interest income to increase or decrease, as some of our assets and liabilities carry interest rates that fluctuate with market benchmarks. Benchmark interest rates rose materially during 2022 as the Federal Reserve raised its federal funds target rate range in an effort to combat high inflation. Financial market participants expect 2023 will be a transitional year for monetary policy and U.S. economic growth, thus raising uncertainty as to the direction of benchmark interest rates during 2023. Higher interest rates could negatively impact our customers as total debt service payments would increase, impede our ability to grow our consumer lending businesses and increase the cost of our funding, which would put us at a disadvantage as compared to some of our competitors that have less expensive funding sources.

Some of our consumer loan receivables bear interest at a fixed rate or do not earn interest and we are not able to increase the rate on those loans to offset any higher cost of funds, which could materially reduce earnings. At the same time, some of our variable-rate loan receivables may be subject to a cap, exposing us to interest-rate risk. In addition, we utilize a combination of fixed- and variable-rate funding from various sources, and we may use derivative instruments to hedge the liabilities. However, timing mismatches between loan receivable growth and funding procurement could expose us to interest-rate risk.

Additionally, we have a number of variable-rate student loans, interest rate swaps and capital markets securities with attributes that are either directly or indirectly dependent on LIBOR. In July 2017, the UK Financial Conduct Authority (“FCA”) announced that it would no longer encourage or compel banks to continue to contribute quotes and maintain LIBOR after 2021. In March 2021, the FCA announced the future cessation and loss of representativeness for all LIBOR benchmark settings. While non-U.S. dollar (“USD”) and several less frequently referenced USD LIBOR settings ceased publication immediately after December 31, 2021, commonly referenced USD LIBOR settings will cease publication immediately after June 30, 2023. This future cessation event will trigger fallback provisions in many financial contracts to convert their benchmark index from LIBOR to an alternative rate. In July 2021, the Alternative Reference Rates Committee (“ARRC”) announced its recommendation of forward-looking term rates based on Secured Overnight Financing Rate (“SOFR”) as additional alternative reference rate options. For more information regarding our transition from LIBOR to SOFR, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Regulatory Environment and Developments — Banking — London Interbank Offered Rate.”

Interest rates may also adversely impact our delinquency and charge-off rates. Many consumer lending products bear interest rates that fluctuate with certain base lending rates published in the market, such as the prime rate and LIBOR. As a result, higher interest rates often lead to higher payment requirements by consumers under obligations to us and other lenders, which may reduce their ability to remain current on their obligations to us and thereby lead to loan delinquencies and additions to our credit loss provision, which could materially adversely affect our earnings.

We continually monitor interest rates and have a number of tools, including the composition of our loans and investments, liability terms and interest rate derivatives, to manage our interest rate risk exposure. Changes in market assumptions regarding future interest rates could significantly impact our interest rate risk strategy, our financial position and results of operations. If our interest rate risk management strategies are not appropriately monitored or executed, these activities may not effectively mitigate our interest rate sensitivity or have the desired impact on our results of operations or financial condition. For information related to interest rate risk sensitivities, see “Item 7A — Quantitative and Qualitative Disclosures About Market Risk.”

-34-

Operational and Other Risk

Our risk management framework and models for managing risks may not be effective in mitigating our risk of loss.

Our risk management framework seeks to identify and mitigate risk and appropriately balance risk and return. We have established processes and procedures intended to identify, measure, manage, monitor and report the types of risk to which we are subject, including credit risk, market risk, liquidity risk, operational risk, compliance and legal risk and strategic risk. We seek to monitor and control our risk exposure through a framework of policies, procedures, limits and reporting requirements.

Management of our risks in some cases depends upon the use of analytical and/or forecasting models. We use a variety of models to manage and inform decision-making with respect to customers and for the measurement of risk including credit, market and operational risks and for our finance and treasury functions. Models used by Discover can vary in their complexity and are designed to identify, measure and mitigate risks at various levels such as loan-level, portfolio segments, entire portfolios and products. These models use a set of computational rules to generate numerical estimates of uncertain values to be used for assessment of price, financial forecasts and estimates of credit, interest rate, market and operational risk. These models and the quality of their outputs are dependent on the quality and accuracy of the data loaded into the models. To the extent that the quality and integrity of that data is compromised, the models could result in inaccurate forecasts, ineffective risk management practices or inaccurate risk reporting. All models carry some level of uncertainty that introduces risks in the estimates.

If the models that we use to mitigate risks are inadequate or do not accurately predict future outcomes, we may incur increased losses. In addition, there may be risks that exist, or that develop in the future, that we have not appropriately anticipated, identified or mitigated. If our risk management framework and models do not effectively identify or mitigate our risks, we could suffer unexpected losses and our financial condition and results of operations could be materially adversely affected.

If the security of our systems, or the systems of third parties we rely upon, is compromised, our business could be disrupted and we may be subject to significant financial exposure, liability and damage to our reputation.

Our digital banking and network operations rely heavily on the secure processing, storage and transmission of confidential or sensitive information about us, our customers and third parties with whom we do business. Information security risks for financial institutions have increased and continue to increase in part because of the proliferation of new technologies, the use of the internet and cloud, mobile and telecommunications technologies to conduct financial transactions and the increased sophistication and activities of organized crime, activists, hackers, terrorist organizations, nation state actors and other external parties. Those parties may also attempt to fraudulently induce employees, customers or other users of our systems (including third parties) to disclose confidential or sensitive information in order to gain access to our data or that of our customers.

Our technologies, systems, networks and software, those of other financial institutions and other firms (such as hardware vendors, cloud providers and others), have been, and are likely to continue to be, the target of increasingly frequent cyber-attacks, malicious code, ransomware, denial of service attacks, phishing and other social engineering, other remote access attacks and physical attacks that could result in unauthorized access, misuse, loss, unavailability or destruction of data (including confidential customer information), account takeovers, identity theft and fraud, unavailability of service or other events. These types of threats may derive from human error, fraud or malice on the part of external or internal parties or may result from technological failure or otherwise. Further, our vulnerability to these types of threats may be increased to the extent employees may continue to work remotely on a more frequent basis with the current trend toward hybrid work arrangements.

Despite our efforts to ensure the integrity of our systems through our information security and business continuity programs, we may not be able to anticipate or to implement effective preventive measures against all known and unknown security threats, attacks or breaches or events of these types, especially because the techniques used change frequently and are becoming increasingly more sophisticated or are not recognized until launched or vulnerabilities in software or hardware are unknown or are unable to be entirely addressed even after becoming known, and because:

•Security attacks can originate from a wide variety of sources and geographic locations and may be undetected for a period of time.

•We rely on many third-party service providers and network participants, including merchants, and, as such, a security breach or cyber-attack affecting one of these third parties could impact us. For example, the financial services industry continues to see attacks against the environments where personal and identifiable

-35-

information is handled. For additional information see the risk factor “— Failure to manage our relationships with third-party service providers could result in our revenue or results of operations being materially adversely affected.”

•Our customers may use computers and mobile devices that are beyond our security control systems to access our products and services.

We are subject to increasing risk related to information and data security as we increase acceptance of the Discover card internationally, expand our suite of online digital banking products, enhance our mobile payment technologies, acquire new or outsource some of our business operations, expand our internal usage of web-based products and applications, and otherwise attempt to keep pace with rapid technological changes in the financial services industry. Our efforts to mitigate this risk increase our expenses. While we continue to invest in our information security defenses (including cybersecurity defenses), if our security systems or those of third parties are penetrated or circumvented such that the confidentiality, integrity or availability of information about us, our customers, transactions processed on our networks or on third-party networks on our behalf or third parties with which we do business is compromised, we could be subject to significant liability that may not be covered by insurance, including significant legal and financial exposure, actions by our regulators, damage to our reputation, or a loss of confidence in the security of our systems, products and services that could materially adversely affect our business.

Cyber-attacks that are successful, or are perceived to be successful, in compromising the data or disrupting the services of other peer financial institutions, whether or not we are impacted, could lead to a general loss of customer confidence, which could negatively impact market perception of our products and services. Media reports of attempted cyber-attacks, service disruptions or vulnerabilities in our information systems or security procedures or those of any of the third-party service providers we engage, could cause significant legal and financial exposure, lead to regulatory and legislative intervention and cause an overall negative effect in our business. For additional information on risks in this area, see the risk factors below regarding fraudulent activity, the introduction of new products and services, the use of third parties for outsourcing, technology generally, and laws and regulations addressing consumer privacy and data use and security.

If we cannot remain organizationally effective, we will be unable to address the opportunities and challenges presented by our strategy and the increasingly dynamic and competitive economic and regulatory environment.

To remain organizationally effective, we must effectively empower, integrate and deploy our management and operational resources and incorporate global and local business, regulatory and consumer perspectives into our decisions and processes. In order to execute on our objective to be the leading consumer bank and payments partner, we must develop and implement innovative and efficient technology solutions and marketing initiatives while effectively managing legal, regulatory, compliance, security, operational and other risks as well as expenses. Examples include the implementation of a broader rollout of our checking product and a structure for a more competitive global network business. If we fail to develop and implement these solutions, we may be unable to expand quickly and the results of our expansion may be unsatisfactory. In addition, if we are unable to make decisions quickly, assess our opportunities and risks, execute our strategy and implement new governance, managerial and organizational processes as needed in this increasingly dynamic and competitive economic and regulatory environment, our financial condition, results of operations, relationships with our business partners, banking regulators, customers and shareholders, and ultimately our prospects for achieving our long-term strategies, may be negatively impacted.

We may be unable to increase or sustain Discover credit card usage, which could impair growth in, or lead to diminishing, average balances and total revenue.

A key element of our business strategy is to increase the usage of the Discover credit card by our customers, including making it their primary credit card, and thereby increase our revenue from transaction and service fees and interest income. However, our customers’ use and payment patterns may change because of social, legal and economic factors, and customers may decide to use debit cards or other payment products instead of credit cards, not increase credit card usage, or pay their balances within the grace period to avoid finance charges. We face challenges from competing card products in our attempts to increase credit card usage by our existing customers. Our ability to increase credit card usage also is dependent on customer satisfaction, which may be adversely affected by factors outside of our control, including competitors’ actions and legislative/regulatory changes. Existing legal and regulatory restrictions limit pricing changes that may impact an account throughout its lifecycle, which may reduce our capability to offer lower price promotions to drive account usage and customer engagement. As part of our strategy to increase usage, we have been increasing the number of merchants who accept credit cards issued on the Discover Network. If we are unable to continue increasing merchant acceptance or fail to improve awareness of existing merchant acceptance of our credit

-36-

cards, our ability to grow usage of Discover credit cards may be hampered. As a result of these factors, we may be unable to increase or sustain credit card usage, which could impair growth in or lead to diminishing average balances and total revenue.

A reduction in the number of large merchants that accept cards on the Discover Network or PULSE network or the rates they pay could materially adversely affect our business, financial condition, results of operations and cash flows.

Discover card net transaction dollar volume was concentrated among our top 100 merchants in 2022, with our largest merchant accounting for approximately 5% of that net transaction volume. Transaction volume on the PULSE network was also concentrated among the top 100 merchants in 2022, with our largest merchant accounting for approximately 19% of PULSE transaction volume. These merchants could seek to negotiate better pricing or other financial incentives by conditioning their continued participation in the Discover Network and/or PULSE network on a change in the terms of their economic participation. Loss of acceptance at our largest merchants would decrease transaction volume, negatively impact our brand and could cause customer attrition. In addition, some of our merchants, primarily our remaining small- and mid-size merchants, are not contractually committed to us for any period of time and may cease to participate in the Discover Network at any time on short notice.

Actual or perceived limitations on acceptance of credit cards issued on the Discover Network or debit cards issued on the PULSE network could adversely affect the use of Discover cards by existing customers and the attractiveness of Discover cards to prospective customers. Also, we may have difficulty attracting and retaining network partners if we are unable to add or retain acquirers or merchants who accept cards issued on the Discover or PULSE networks. As a result of these factors, a reduction in the number of our merchants or the rates they pay could materially adversely affect our business, financial condition, results of operations and cash flows.

Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit card and debit card networks.

Merchant acceptance and fees are critical to the success of both our card-issuing and payment processing businesses. Merchants are concerned with the fees charged by credit card and debit card networks. They seek to negotiate better pricing or other financial incentives as a condition of continued participation in the Discover Network and PULSE network. During the past few years, merchants and their trade groups have filed numerous lawsuits against Visa, MasterCard, American Express and their card-issuing banks, claiming that their practices toward merchants, including issuer fees, violate federal antitrust laws. There can be no assurance that they will not in the future bring legal proceedings against other credit card and debit card issuers and networks, including us. Merchants also may promote forms of payment with lower fees, such as ACH-based payments, or seek to impose surcharges at the point of sale for use of credit or debit cards. Merchant groups have also promoted federal and state legislation that would restrict issuer practices or enhance the ability of merchants, individually or collectively, to negotiate more favorable fees. The heightened focus by merchants on the fees charged by credit card and debit card networks, together with the Dodd-Frank Act and recent industry litigation, which would allow merchants to encourage customers to use other payment methods or cards and may increase merchant surcharging, could lead to reduced transactions on, or merchant acceptance of, Discover Network or PULSE network cards or reduced fees, any of which could adversely affect our business, financial condition and results of operations.

Political, economic or other instability in a country or geographic region, or other unforeseen or catastrophic events, could adversely affect our business activities and reduce our revenue.

Geopolitical events, natural disasters, extreme weather-related events or other catastrophic events, including terrorist attacks and pandemics, may have a negative effect on our business and infrastructure, including our information technology systems. Climate change may exacerbate certain of these threats, including the frequency and severity of weather-related events and other natural disasters. Our Diners Club network, concentrated primarily on serving the global travel industry, could be adversely affected by a number of factors including international conditions, travel restrictions, pandemics or negative perceptions about the safety of travel that may result in an indefinite decline in consumer or business travel activity. Armed conflict, public health emergencies, natural disasters, political instability or terrorism may have a significant and prolonged negative effect on travel activity and related revenue. Although a regionalized event or condition may primarily affect one of our network participants, it may also affect our overall network and card activity and our resulting revenue. Overall network and card transaction activity may decline as a result of concerns about safety or disease or may be limited because of economic conditions that result in spending,

-37-

including on travel, to decline. The impact of such events and other catastrophes on the overall economy may also adversely affect our financial condition or results of operations.

Fraudulent activity associated with our products or our networks could cause our brands to suffer reputational damage, the use of our products to decrease and our fraud losses to be materially adversely affected.

We are subject to the risk of fraudulent activity associated with merchants, customers and other third parties handling customer information. The risk of fraud continues to increase for the financial services industry in general. Credit and debit card fraud, identity theft and electronic-transaction related crimes are prevalent and perpetrators are growing ever more sophisticated. While we have policies and procedures designed to address such risk, there can be no assurance that losses will not occur. Our resources, customer authentication methods and fraud prevention tools may be insufficient to accurately predict, prevent or detect fraud. We incurred fraud losses and other charges of $149 million and $92 million during the years ended December 31, 2022 and 2021, respectively.

Our risk of fraud continues to increase as third parties that handle confidential consumer information suffer security breaches, acceptance of the Discover card grows internationally and we expand our digital banking business and introduce new products and features. Our financial condition, the level of our fraud charge-offs and other results of operations could be materially adversely affected if fraudulent activity were to significantly increase. Furthermore, high-profile fraudulent activity could negatively impact our brand and reputation. In addition, significant increases in fraudulent activity could lead to regulatory intervention (such as mandatory card reissuance) and reputational and financial damage to our brands, which could negatively impact the use of our deposit accounts, cards and networks and thereby have a material adverse effect on our business. Further, fraudulent activity may result in lower license fee revenue from our Diners Club licensees.

The financial services and payment services industries are rapidly evolving and we may be unsuccessful in introducing new products or services on a large scale in response to these changes.

Technological changes continue to significantly impact the financial services and payment services industries. For example, we may be unsuccessful in deploying new technologies to strengthen our credit underwriting capabilities, enhance the effectiveness of our marketing efforts, ensure acceptance with new payment technologies, enhance customer service, drive efficiencies in back-office functions or reduce fraud. The increasingly competitive mobile, e-wallet and tokenization spaces are expected to continue to bring risks and opportunities to both our digital banking and payment services businesses.

The effect of technological changes on our business is both rapid and unpredictable. We depend, in part, on third parties for the development of and access to new technologies. We expect that new services and technologies relating to the payments business will continue to appear in the market and these new services and technologies may be superior to, or render obsolete, the technologies that we currently use in our products and services. Rapidly evolving technologies and new entrants in mobile and emerging payments pose a risk to us both as a card issuer and as a payments business. As a result, our future success may be dependent on our ability to identify and adapt to technological changes and evolving industry standards and to provide payment solutions for our customers, merchants and financial institution customers.

The process of developing new products and services or enhancing our existing products and services is complex, costly and uncertain. Difficulties or delays in the development, production, testing and marketing of new products or services may be caused by a number of factors including, among other things, operational, capital and regulatory constraints. The occurrence of such difficulties may affect the success of our products or services. Developing unsuccessful products and services could result in financial losses as well as decreased capital availability. In addition, the new products and services offered may not be adopted by consumers, merchants or financial institution customers. Also, the success of a new product or service may depend upon our ability to deliver it on a large scale, which may require a significant capital investment that we may not be in a position to make. If we are unable to successfully introduce and support new income-generating products and services while also managing our expenses, it may impact our ability to compete effectively and materially adversely affect our business, financial condition and results of operations.

Failure to manage our relationships with third-party service providers could result in our revenue or results of operations being materially adversely affected.

We depend on third-party service providers for many aspects of the operation of our business. For example, we depend on third parties for software and systems development, the timely transmission of information across our data

-38-

transportation network and for other telecommunications, processing, remittance, technology-related and other services in connection with our digital banking and payment services businesses. If a service provider fails to provide the services that we require or expect, or fails to meet contractual requirements, such as service levels, security requirements or compliance with applicable laws, the failure could negatively impact our business by adversely affecting our ability to process customers’ transactions in a secure, consistent, timely and accurate manner, otherwise hampering our ability to serve our customers, or subjecting us to litigation and regulatory risk for poor vendor oversight. Such a failure could adversely affect the perception of the reliability of our networks and services, and the quality of our brands, and could have a materially adverse effect on our reputation, revenues and/or our results of operations.

With the current trend toward hybrid work arrangements, we have become increasingly dependent on third-party service providers, including those with which we have no direct relationship, such as our employees’ internet service providers. If these third-parties experience service disruptions, our operations may be interrupted or negatively impacted.

If our key technology platforms become obsolete, or if we experience disruptions, including difficulties in our ability to process transactions, our revenue or results of operations could be materially adversely affected.

Our ability to deliver services to our customers and run our business in compliance with applicable laws and regulations may be affected by the functionality of our technology systems. The implementation of technology changes as well as patches and upgrades to maintain current and integrated systems may result in compliance issues and may, at least temporarily, cause disruptions to our business, including, but not limited to, systems interruptions, transaction processing errors and system conversion delays, all of which could have a negative impact on us. In addition, our transaction processing systems and other operational systems may encounter service interruptions at any time due to system or software failure, natural disaster or other reasons. Such services could be disrupted at any of our primary or back-up facilities or our other owned or leased facilities. Third parties to whom we outsource the maintenance and development of certain technological functionality may experience errors or disruptions th