|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
Identifying, assessing, and managing material cybersecurity risks is an important function of our enterprise risk management program. Material cybersecurity risks from cybersecurity threats are managed across Medallion Financial Corp., the Bank, Medallion Capital, and third-party vendors and monitoring such risks and threats involves coordination between us as the parent company and our two main operating subsidiaries. We continue to integrate our cybersecurity programs into our enterprise risk management program, which is led by various senior representatives of the Company and overseen by the Audit Committee of the Company’s Board of Directors.
Medallion Financial Corp., the Bank and Medallion Capital are each responsible for developing cybersecurity programs appropriate for their respective entities, including as may be required by applicable law or regulation. These programs have been guided by the National Institute of Standards and Technology Cybersecurity Framework, other industry-recognized standards, and contractual requirements, as applicable, and seek to protect each entity against cybersecurity risks and provide a foundation to respond promptly to cybersecurity events. Each entity maintains technical and organizational safeguards, including, among other things, employee testing and training, incident response programs and tabletop exercises, evaluations and assessments by third parties, vulnerability scanning, vendor management, cybersecurity insurance, and business continuity mechanisms for the protection of Company assets. Our programs also assess and manage third party risks, and we perform third-party risk management to identify and mitigate risks from third parties such as vendors and other business partners associated with our use of third-party service providers.
Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, and we currently do not expect that risks from cybersecurity threats are reasonably likely to materially affect us, but we cannot provide assurance that we will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K.
Governance
The Audit Committee of our Board of Directors is responsible for overseeing the Company’s enterprise risk management program, including overseeing the adequacy of protection of the Company’s technology, including physical security, patent and trademark program, proprietary information, and information security. The Audit Committee receives quarterly reports from our Information Security Director and third parties on cybersecurity matters. In addition, the Audit Committee receives quarterly reports addressing cybersecurity as part of our enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates. These reports include, among other things, existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents, if any, and the status of key information security initiatives. Our Audit Committee members also engage in ad hoc conversations with management on cybersecurity-related news and events, and discuss any updates, as needed, to our cybersecurity risk management and strategy programs.
Medallion Financial Corp. employs a Director of Information Security, and our main operating subsidiaries have similar functions and/or roles conducted by various individuals. Such information security leadership are responsible for developing cybersecurity programs appropriate for their respective entities, including as may be required by applicable law or regulation. These individuals’ expertise in information security and cybersecurity generally has been gained from a combination of education, including relevant degrees and/or certifications, and prior work experience. They are informed by their respective cybersecurity teams and third-party vendors about, and monitor, the prevention, detection, mitigation and remediation efforts relating to any cybersecurity incidents as part of the cybersecurity programs described above.
Information regarding cybersecurity risks may be elevated from information security leadership through a variety of different channels, including discussions between or among subsidiary and parent company management, reports to subsidiary and parent company risk committees and reports to subsidiary and parent company boards and board committees. As noted above, the Audit Committee regularly receives reports on cybersecurity matters from our Information Security Director and third parties as well as part of our enterprise risk management program.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Identifying, assessing, and managing material cybersecurity risks is an important function of our enterprise risk management program. Material cybersecurity risks from cybersecurity threats are managed across Medallion Financial Corp., the Bank, Medallion Capital, and third-party vendors and monitoring such risks and threats involves coordination between us as the parent company and our two main operating subsidiaries. We continue to integrate our cybersecurity programs into our enterprise risk management program, which is led by various senior representatives of the Company and overseen by the Audit Committee of the Company’s Board of Directors.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Audit Committee of our Board of Directors is responsible for overseeing the Company’s enterprise risk management program, including overseeing the adequacy of protection of the Company’s technology, including physical security, patent and trademark program, proprietary information, and information security. The Audit Committee receives quarterly reports from our Information Security Director and third parties on cybersecurity matters. In addition, the Audit Committee receives quarterly reports addressing cybersecurity as part of our enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates. These reports include, among other things, existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents, if any, and the status of key information security initiatives. Our Audit Committee members also engage in ad hoc conversations with management on cybersecurity-related news and events, and discuss any updates, as needed, to our cybersecurity risk management and strategy programs.
Medallion Financial Corp. employs a Director of Information Security, and our main operating subsidiaries have similar functions and/or roles conducted by various individuals. Such information security leadership are responsible for developing cybersecurity programs appropriate for their respective entities, including as may be required by applicable law or regulation. These individuals’ expertise in information security and cybersecurity generally has been gained from a combination of education, including relevant degrees and/or certifications, and prior work experience. They are informed by their respective cybersecurity teams and third-party vendors about, and monitor, the prevention, detection, mitigation and remediation efforts relating to any cybersecurity incidents as part of the cybersecurity programs described above.
Information regarding cybersecurity risks may be elevated from information security leadership through a variety of different channels, including discussions between or among subsidiary and parent company management, reports to subsidiary and parent company risk committees and reports to subsidiary and parent company boards and board committees. As noted above, the Audit Committee regularly receives reports on cybersecurity matters from our Information Security Director and third parties as well as part of our enterprise risk management program.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of our Board of Directors is responsible for overseeing the Company’s enterprise risk management program, including overseeing the adequacy of protection of the Company’s technology, including physical security, patent and trademark program, proprietary information, and information security
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee receives quarterly reports from our Information Security Director and third parties on cybersecurity matters. In addition, the Audit Committee receives quarterly reports addressing cybersecurity as part of our enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates.
|Cybersecurity Risk Role of Management [Text Block]
|
Medallion Financial Corp. employs a Director of Information Security, and our main operating subsidiaries have similar functions and/or roles conducted by various individuals. Such information security leadership are responsible for developing cybersecurity programs appropriate for their respective entities, including as may be required by applicable law or regulation. These individuals’ expertise in information security and cybersecurity generally has been gained from a combination of education, including relevant degrees and/or certifications, and prior work experience. They are informed by their respective cybersecurity teams and third-party vendors about, and monitor, the prevention, detection, mitigation and remediation efforts relating to any cybersecurity incidents as part of the cybersecurity programs described above.
Information regarding cybersecurity risks may be elevated from information security leadership through a variety of different channels, including discussions between or among subsidiary and parent company management, reports to subsidiary and parent company risk committees and reports to subsidiary and parent company boards and board committees. As noted above, the Audit Committee regularly receives reports on cybersecurity matters from our Information Security Director and third parties as well as part of our enterprise risk management program.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Medallion Financial Corp. employs a Director of Information Security, and our main operating subsidiaries have similar functions and/or roles conducted by various individuals. Such information security leadership are responsible for developing cybersecurity programs appropriate for their respective entities, including as may be required by applicable law or regulation
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|These individuals’ expertise in information security and cybersecurity generally has been gained from a combination of education, including relevant degrees and/or certifications, and prior work experience
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|They are informed by their respective cybersecurity teams and third-party vendors about, and monitor, the prevention, detection, mitigation and remediation efforts relating to any cybersecurity incidents as part of the cybersecurity programs described above
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef