Item 9A. Controls and Procedures
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”)) as of the end of the period covered by this Annual Report on Form 10-K. Based on that evaluation, our Chief Executive Officer and Chief Financial Officer concluded that such disclosure controls and procedures were effective as of the end of the period covered by this Annual Report on Form 10-K and designed to ensure that information required to be disclosed in our reports filed or submitted under the Exchange Act is recorded, processed, summarized and reported within the requisite time periods specified in the applicable rules and forms, and that it is accumulated and communicated to our management, including our Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosure. Management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving their objectives and management necessarily applies its judgment in evaluating the cost-benefit relationship of possible controls and procedures.
Management’s Annual Report on Internal Control over Financial Reporting
The management of SoFi Technologies, Inc. (the “Company” or “SoFi”) is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Rule 13a-15(f) under the Exchange Act. SoFi’s internal control over financial reporting is designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of the financial statements for external purposes in accordance with U.S. generally accepted accounting principles (“U.S. GAAP”).
The internal control over financial reporting includes those policies and procedures that:
•Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the Company;
•Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with U.S. GAAP and that receipts and expenditures are being made only in accordance with authorizations of the Company’s management and directors; and
•Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of Company assets that could have a material effect on the Company’s financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Management conducted an assessment of the effectiveness of the Company’s internal control over financial reporting as of December 31, 2023, based on the framework in “Internal Control—Integrated Framework (2013)” issued by the Committee of Sponsoring Organizations of the Treadway Commission, commonly referred to as the “2013 Framework”. Based on this assessment, as noted below, management, with the participation of our Chief Executive Officer and Chief Financial Officer, concluded that the Company’s internal control over financial reporting was effective as of December 31, 2023.
The effectiveness of the Company’s internal control over financial reporting as of December 31, 2023, has been audited by Deloitte & Touche LLP, an independent registered public accounting firm, as stated in their report, which appears in this Form 10-K.
Attestation
Our independent registered public accounting firm has issued an attestation report on the effectiveness of the Company’s internal control over financial reporting included herein.
SoFi Technologies, Inc.
TABLE OF CONTENTS

Changes in Internal Control over Financial Reporting
There have not been any changes in our internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) during the quarter ended December 31, 2023, that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the shareholders and the Board of Directors of SoFi Technologies, Inc.
Opinion on Internal Control over Financial Reporting
We have audited the internal control over financial reporting of SoFi Technologies, Inc. and subsidiaries (the “Company”) as of December 31, 2023, based on criteria established in Internal Control — Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2023, based on criteria established in Internal Control — Integrated Framework (2013) issued by COSO.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated financial statements as of and for the year ended December 31, 2023, of the Company and our report dated February 27, 2024, expressed an unqualified opinion on those financial statements.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Annual Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.