|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|Our cybersecurity risk management program is integrated into our overall risk management framework. We regularly
assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities, and test those systems
pursuant to our cybersecurity policies, processes, and practices. To protect our information systems from cybersecurity threats,
we use various security tools that help us identify, escalate, investigate, resolve, and recover from security incidents in a timely
manner.
We recognize the importance of protecting information assets such as the personally identifiable information of our
employees, and proprietary business information regarding our Affiliates and their clients, and have adopted policies,
management oversight, accountability structures, and technology processes designed to safeguard this information. All of our
employees are required to attest annually to our information security policies and participate in regular security awareness
training to protect their information and the AMG data and systems to which they have access. These trainings also instruct
employees on how to report any potential privacy or data security issues.
Our information security organization comprises internal and external resources designed to identify, protect, detect,
mitigate, resolve, and recover from various threats and attacks by malicious actors. We leverage 24x7x365 monitoring tools
and services to address the confidentiality, integrity, and availability of AMG assets and data. Regular internal and third-party
reviews are performed on our processes and technologies to validate the effectiveness of our privacy and data security controls
and safeguards. We monitor industry best practices and developments in data privacy and security and have increased scrutiny
of third-party service providers with access to sensitive AMG data, including through security risk assessments at the time of
initial contract, periodically as part of our third-party risk management process, and upon detection of an increase in the
vendor’s risk profile. In addition, we require key providers to meet appropriate security requirements and controls, and we
investigate security incidents that have impacted our third-party providers, as appropriate. We also have our own fully
documented proprietary security incident response plan, with defined roles and responsibilities that address notification
obligations and incident response procedures in the event of a data security breach. We are dedicated to business continuity and
resiliency, and have documented strategies, policies, and procedures in place designed to protect employee, business, Affiliate,
and Affiliate client data in the event of an emergency or natural disaster.
Although we provide our Affiliates with operational autonomy in managing their businesses and may have limited
involvement in the design, oversight, and maintenance of their respective technology systems and networks, we offer
cybersecurity support to Affiliates through our information security program, including with respect to conducting Affiliate
program assessments and assisting, as appropriate and practicable, in their identification of, and response to, an actual or
suspected cybersecurity incident. Additionally, prior to any investment in a new Affiliate, we conduct a diligence review of its
information security program.
We work with third-party service providers to proactively assess our information security program and provide us with an
industry view of the cyberthreat landscape, in addition to monitoring and supporting our control environment and breach
notification and response processes.
As of the date of this Annual Report on Form 10-K, cybersecurity threats have not materially affected and we believe are
not reasonably likely to materially affect AMG, including our business strategy, results of operations, or financial condition.
Refer to the risk factor captioned “Failure to maintain and properly safeguard an adequate technology infrastructure may limit
our or our Affiliates’ growth, result in losses or disrupt our or our Affiliates’ businesses” in Part I, Item 1A. “Risk Factors” for
more information regarding cybersecurity risks and potential related impacts on AMG.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our cybersecurity risk management program is integrated into our overall risk management framework. We regularly
assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities, and test those systems
pursuant to our cybersecurity policies, processes, and practices. To protect our information systems from cybersecurity threats,
we use various security tools that help us identify, escalate, investigate, resolve, and recover from security incidents in a timelymanner.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|Members of the Information Security Governance Committee oversee communications with the Board of Directors regarding
material cybersecurity incidents and provide the Board with a summary of risks from current cybersecurity threats on a regular
basis, as well as updates on management’s information security program oversight and maintenance activities, and any materialchanges to AMG’s information security practices and procedures.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|This program is
governed by a committee comprising members of senior management, including our Chief Information Officer (“CIO”), which
meets regularly and reports to the Board of Directors at least annually (the “Information Security Governance Committee”).
Members of the Information Security Governance Committee oversee communications with the Board of Directors regarding
material cybersecurity incidents and provide the Board with a summary of risks from current cybersecurity threats on a regular
basis, as well as updates on management’s information security program oversight and maintenance activities, and any materialchanges to AMG’s information security practices and procedures.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|This program is
governed by a committee comprising members of senior management, including our Chief Information Officer (“CIO”), which
meets regularly and reports to the Board of Directors at least annually (the “Information Security Governance Committee”).
Members of the Information Security Governance Committee oversee communications with the Board of Directors regarding
material cybersecurity incidents and provide the Board with a summary of risks from current cybersecurity threats on a regular
basis, as well as updates on management’s information security program oversight and maintenance activities, and any material
changes to AMG’s information security practices and procedures. The Board of Directors is also regularly provided with
cybersecurity educational sessions, including perspectives from external advisors that are invited to present on currentcybersecurity topics.
|Cybersecurity Risk Role of Management [Text Block]
|We have a formal information security program, designed to develop and maintain privacy and data security practices to
protect AMG assets and sensitive third-party information, including personal and Affiliate information. This program is
governed by a committee comprising members of senior management, including our Chief Information Officer (“CIO”), which
meets regularly and reports to the Board of Directors at least annually (the “Information Security Governance Committee”).
Members of the Information Security Governance Committee oversee communications with the Board of Directors regarding
material cybersecurity incidents and provide the Board with a summary of risks from current cybersecurity threats on a regular
basis, as well as updates on management’s information security program oversight and maintenance activities, and any material
changes to AMG’s information security practices and procedures. The Board of Directors is also regularly provided with
cybersecurity educational sessions, including perspectives from external advisors that are invited to present on current
cybersecurity topics.
We take a risk-based approach to cybersecurity and have implemented policies throughout our operations that are designed
to address cybersecurity threats and our response to actual or suspected incidents. In particular, the Information Security
Governance Committee is responsible for the ongoing identification and assessment of reasonably foreseeable cybersecurity
threats and based on these assessments, evaluating and overseeing the implementation of safeguards for limiting such risks,
including employee training and compliance, and detection and prevention mechanisms. If a cybersecurity incident occurs, the
Information Security Governance Committee will assemble an incident response team responsible for the identification,
remediation, and post-incident review of such incident, engage outside advisors and notify third parties as appropriate, and
assess the materiality of the nature, scope, and timing of a given incident and whether public disclosure is required.
The CIO, in coordination with the Information Security Governance Committee, is responsible for leading the assessment
and management of cybersecurity risks. The current CIO has over 25 years of experience in information security, including
serving as our CIO since 2016, and holds a B.A. in Business with a focus in Computer Science. The CIO reports to the Board
of Directors as part of the Information Security Governance Committee’s updates discussed above and regularly communicates
with the other members of the Information Security Governance Committee and senior management regarding cybersecurity
risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|We have a formal information security program, designed to develop and maintain privacy and data security practices to
protect AMG assets and sensitive third-party information, including personal and Affiliate information. This program is
governed by a committee comprising members of senior management, including our Chief Information Officer (“CIO”), which
meets regularly and reports to the Board of Directors at least annually (the “Information Security Governance Committee”).
Members of the Information Security Governance Committee oversee communications with the Board of Directors regarding
material cybersecurity incidents and provide the Board with a summary of risks from current cybersecurity threats on a regular
basis, as well as updates on management’s information security program oversight and maintenance activities, and any material
changes to AMG’s information security practices and procedures. The Board of Directors is also regularly provided with
cybersecurity educational sessions, including perspectives from external advisors that are invited to present on current
cybersecurity topics.
We take a risk-based approach to cybersecurity and have implemented policies throughout our operations that are designed
to address cybersecurity threats and our response to actual or suspected incidents. In particular, the Information Security
Governance Committee is responsible for the ongoing identification and assessment of reasonably foreseeable cybersecurity
threats and based on these assessments, evaluating and overseeing the implementation of safeguards for limiting such risks,
including employee training and compliance, and detection and prevention mechanisms. If a cybersecurity incident occurs, the
Information Security Governance Committee will assemble an incident response team responsible for the identification,
remediation, and post-incident review of such incident, engage outside advisors and notify third parties as appropriate, and
assess the materiality of the nature, scope, and timing of a given incident and whether public disclosure is required.
The CIO, in coordination with the Information Security Governance Committee, is responsible for leading the assessment
and management of cybersecurity risks. The current CIO has over 25 years of experience in information security, including
serving as our CIO since 2016, and holds a B.A. in Business with a focus in Computer Science. The CIO reports to the Board
of Directors as part of the Information Security Governance Committee’s updates discussed above and regularly communicates
with the other members of the Information Security Governance Committee and senior management regarding cybersecurity
risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The current CIO has over 25 years of experience in information security, including serving as our CIO since 2016, and holds a B.A. in Business with a focus in Computer Science.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The CIO reports to the Board
of Directors as part of the Information Security Governance Committee’s updates discussed above and regularly communicates
with the other members of the Information Security Governance Committee and senior management regarding cybersecurity
risks.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef