Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Overall Process We have developed and implemented a comprehensive multi-layered cybersecurity risk management program, consisting of a dedicated cybersecurity function, risk assessments, policies and procedures managed by internal and external resources, that we believe is reasonably designed to prevent, detect and respond to cyber risks and incidents. We utilize a set of tools and services, including regular network, endpoint and cloud monitoring, vulnerability assessments, penetration testing, a Security Information and Event Management system, and tabletop exercises to identify and assess material risks from cybersecurity threats and to evaluate our cyber defense capabilities. Internal security controls are designed to align with standards set by the National Institute of Standard and Technology. We monitor emerging data protection laws, conduct background checks of our employees in specific technology and cybersecurity roles, apply least privilege access to users, test the maturity and readiness of our cybersecurity program, conduct table top exercises based on current threat scenarios to increase awareness, conduct phishing testing, provide cybersecurity training to our Board and employees, and provide cybersecurity alerts to our customers on ongoing threats. We monitor notifications and alerts from the Financial Services Information and Analysis Center and other industry cybersecurity sites to stay abreast of the most recent cybersecurity alerts. Enterprise Risk Management Process Integration The Company has implemented layered security approaches for all electronic delivery channels to detect, prevent and respond to rising cybersecurity risks. Management utilizes a combination of third-party information security assessments, key technologies, and ongoing internal and external evaluations to provide a level of protection of non-public personal information, to continually monitor and attempt to safeguard information on its operating systems, in cloud-based solutions, and those of third-party service providers, and to prevent, quickly detect and respond to attacks. The Company also utilizes firewall technology, multi-factor authentication, complex password construction, and a combination of software and third-party monitoring to detect and prevent intrusion, and cybersecurity threats, guard against unauthorized access, and continuously identify and prevent computer viruses on the Company's information solutions. To minimize debit card losses, the Company works with a third-party provider to establish parameters for allowable transaction activity, monitor transactions, and alert customers of potentially fraudulent activity. The Bank maintains a written Information Security Program based on a collection of information security policies, regulatory requirements, standards, guidelines, processes, procedures, third-party recommendations, and industry best practices. The purpose of this Program is to establish a company-wide approach for assessing and protecting the integrity, availability, and confidentiality of the Bank’s information assets. Third-party Access The Company has a fully integrated third-party risk management program to identify, assess, monitor and mitigate risks associated with third-party relationships, including cybersecurity risks. Under the program, risk ratings are assigned to each of the vendors based on an assessment of the vendor, for a variety of factors, including its access to networks, systems, and confidential information. An assessment is conducted on each vendor to identify and measure the risks from cybersecurity threats that could impact our customer’s data and our environment. Third parties that have access to our systems or customer data must have appropriate technical and organizational security measures and security control principles based on commercially acceptable security standards, and we require third parties in this class to agree by contract to manage their cybersecurity risks. In our Risk Factors, we describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Material Incidents We are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. Although we have a robust cybersecurity program that is designed to assess, identify, and manage material risks from cybersecurity threats, we cannot provide absolute surety that we have properly identified or mitigated all vulnerabilities or risks of incidents. We, and the third parties that we engage, are subject to constant and evolving threats of attack and cybersecurity incidents may be difficult to detect for periods of time. A cybersecurity incident could harm our business strategy, results of operations, financial condition, reputation, and/or subject us to regulatory actions or litigation which may result in fines, judgments or indictments. Incidents and Risks The Company has developed an Incident Response Plan to guide its actions in responding to real and suspected information security incidents. This includes unlawful, unauthorized, or unacceptable actions that involve a computer system or a computer network such as Distributed Denial of Service attacks, Corporate Account Takeover schemes, or ransomware. Additionally, an event that disrupts one of the Bank's service channels, whether from a security incident or not, is also considered an incident requiring a response under this program. These disclosure controls and procedures compel the Company to make accurate and timely disclosures of material events and incidents to both customers and regulatory authorities. The reaction to an incident aims to reduce potential damage and loss and to protect and restore confidence through timely communication and the restoration of normal operating conditions for computers, services, and information. Management will work closely with its cybersecurity insurance provider, cybersecurity legal counsel, and forensic experts when investigating and responding to cyber or ransomware attacks.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Enterprise Risk Management Process Integration The Company has implemented layered security approaches for all electronic delivery channels to detect, prevent and respond to rising cybersecurity risks. Management utilizes a combination of third-party information security assessments, key technologies, and ongoing internal and external evaluations to provide a level of protection of non-public personal information, to continually monitor and attempt to safeguard information on its operating systems, in cloud-based solutions, and those of third-party service providers, and to prevent, quickly detect and respond to attacks. The Company also utilizes firewall technology, multi-factor authentication, complex password construction, and a combination of software and third-party monitoring to detect and prevent intrusion, and cybersecurity threats, guard against unauthorized access, and continuously identify and prevent computer viruses on the Company's information solutions. To minimize debit card losses, the Company works with a third-party provider to establish parameters for allowable transaction activity, monitor transactions, and alert customers of potentially fraudulent activity. The Bank maintains a written Information Security Program based on a collection of information security policies, regulatory requirements, standards, guidelines, processes, procedures, third-party recommendations, and industry best practices. The purpose of this Program is to establish a company-wide approach for assessing and protecting the integrity, availability, and confidentiality of the Bank’s information assets.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Cybersecurity Governance Cybersecurity risk management processes are an integral part of our enterprise risk management which is overseen by the Board and the Technology & Information Security Committee of the Board. The Board oversees the risk management policies of the Company and is responsible for the periodic review and approval of the risk management policies of the company and provides general oversight over the information security and technology programs. The TISC oversees the technology and cybersecurity strategies and their alignment with business strategies, the effectiveness of the information security program, monitors the results of third-party testing and risk assessments and responses to breaches of customer data, among other project management, cybersecurity, and business continuity oversight functions. The Committee meets five times during the year, or more as needed. An information security advisor participates in the meetings and is available to provide additional insights into cybersecurity methodologies, best practices, threat trends, and resource planning.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Cybersecurity risk management processes are an integral part of our enterprise risk management which is overseen by the Board and the Technology & Information Security Committee of the Board. The Board oversees the risk management policies of the Company and is responsible for the periodic review and approval of the risk management policies of the company and provides general oversight over the information security and technology programs. The TISC oversees the technology and cybersecurity strategies and their alignment with business strategies, the effectiveness of the information security program, monitors the results of third-party testing and risk assessments and responses to breaches of customer data, among other project management, cybersecurity, and business continuity oversight functions.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Committee meets five times during the year, or more as needed. An information security advisor participates in the meetings and is available to provide additional insights into cybersecurity methodologies, best practices, threat trends, and resource planning.
Cybersecurity Risk Role of Management [Text Block]	In October 2024, the Company hired a new CISO who is a Certified Information Systems Security Professional with over 12 years in banking experience with a background in cybersecurity, information security, and network administration. The former CISO, who has over 18 years of banking experience, is a Certified Information Systems Security Professional, and has been involved with the management of information and cybersecurity for over ten years, was promoted to the Chief Risk Officer role in October 2024. The CISO regularly reports to the Board Technology & Information Security Committee on information and cybersecurity strategy, testing, training, policies, procedures, cybersecurity insurance, and overall effectiveness of the Information Security Program and would report and discuss material incidents, and ongoing mitigation status, if any should occur. The CISO is the chair of Management’s Information Security Committee that meets on a monthly basis to evaluate threats, incidents, defense system effectiveness, accepted risks, results of third-party cyber assessments and engagements, and the overall adequacy of the cybersecurity program. In addition, the Chief Information Officer has over 15 years of experience in managing bank technologies, information security, and risk management, and collaborates in supporting the Information Security Program. The CISO reports directly to the Chief Risk Officer and meets on a monthly basis with the Executive Management team to discuss cybersecurity risk management matters.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The CISO is the chair of Management’s Information Security Committee that meets on a monthly basis to evaluate threats, incidents, defense system effectiveness, accepted risks, results of third-party cyber assessments and engagements, and the overall adequacy of the cybersecurity program.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	In October 2024, the Company hired a new CISO who is a Certified Information Systems Security Professional with over 12 years in banking experience with a background in cybersecurity, information security, and network administration. The former CISO, who has over 18 years of banking experience, is a Certified Information Systems Security Professional, and has been involved with the management of information and cybersecurity for over ten years, was promoted to the Chief Risk Officer role in October 2024.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The CISO regularly reports to the Board Technology & Information Security Committee on information and cybersecurity strategy, testing, training, policies, procedures, cybersecurity insurance, and overall effectiveness of the Information Security Program and would report and discuss material incidents, and ongoing mitigation status, if any should occur. The CISO is the chair of Management’s Information Security Committee that meets on a monthly basis to evaluate threats, incidents, defense system effectiveness, accepted risks, results of third-party cyber assessments and engagements, and the overall adequacy of the cybersecurity program
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Overall Process

We have developed and implemented a comprehensive multi-layered cybersecurity risk management program, consisting of a dedicated cybersecurity function, risk assessments, policies and procedures managed by internal and external resources, that we believe is reasonably designed to prevent, detect and respond to cyber risks and incidents. We utilize a set of tools and services, including regular network, endpoint and cloud monitoring, vulnerability assessments, penetration testing, a Security Information and Event Management system, and tabletop exercises to identify and assess material risks from cybersecurity threats and to evaluate our cyber defense capabilities.

Internal security controls are designed to align with standards set by the National Institute of Standard and Technology. We monitor emerging data protection laws, conduct background checks of our employees in specific technology and cybersecurity roles, apply least privilege access to users, test the maturity and readiness of our cybersecurity program, conduct table top exercises based on current threat scenarios to increase awareness, conduct phishing testing, provide cybersecurity training to our Board and employees, and provide cybersecurity alerts to our customers on ongoing threats. We monitor notifications and alerts from the Financial Services Information and Analysis Center and other industry cybersecurity sites to stay abreast of the most recent cybersecurity alerts.

Enterprise Risk Management Process Integration

The Company has implemented layered security approaches for all electronic delivery channels to detect, prevent and respond to rising cybersecurity risks. Management utilizes a combination of third-party information security assessments, key technologies, and ongoing internal and external evaluations to provide a level of protection of non-public personal information, to continually monitor and attempt to safeguard information on its operating systems, in cloud-based solutions, and those of third-party service providers, and to prevent, quickly detect and respond to attacks. The Company also utilizes firewall technology, multi-factor authentication, complex password construction, and a combination of software and third-party monitoring to detect and prevent intrusion, and cybersecurity threats, guard against unauthorized access, and continuously identify and prevent computer viruses on the Company's information solutions. To minimize debit card losses, the Company works with a third-party provider to establish parameters for allowable transaction activity, monitor transactions, and alert customers of potentially fraudulent activity.

The Bank maintains a written Information Security Program based on a collection of information security policies, regulatory requirements, standards, guidelines, processes, procedures, third-party recommendations, and industry best practices. The purpose of this Program is to establish a company-wide approach for assessing and protecting the integrity, availability, and confidentiality of the Bank’s information assets.

Third-party Access

The Company has a fully integrated third-party risk management program to identify, assess, monitor and mitigate risks associated with third-party relationships, including cybersecurity risks. Under the program, risk ratings are assigned to each of the vendors based on an assessment of the vendor, for a variety of factors, including its access to networks, systems, and confidential information. An assessment is conducted on each vendor to identify and measure the risks from cybersecurity threats that could impact our customer’s data and our environment. Third parties that have access to our systems or customer data must have appropriate technical and organizational security measures and security control principles based on commercially acceptable security standards, and we require third parties in this class to agree by contract to manage their cybersecurity risks.

In our Risk Factors, we describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.

Material Incidents

We are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. Although we have a robust cybersecurity program that is designed to assess, identify, and manage material risks from cybersecurity threats, we cannot provide absolute surety that we have properly identified or mitigated all vulnerabilities or risks of incidents. We, and the third parties that we engage, are subject to constant and evolving threats of attack and cybersecurity incidents may be difficult to detect for periods of time. A cybersecurity incident could harm our business strategy, results of operations, financial condition, reputation, and/or subject us to regulatory actions or litigation which may result in fines, judgments or indictments.

Incidents and Risks

The Company has developed an Incident Response Plan to guide its actions in responding to real and suspected information security incidents. This includes unlawful, unauthorized, or unacceptable actions that involve a computer system or a computer network such as Distributed Denial of Service attacks, Corporate Account Takeover schemes, or ransomware. Additionally, an event that disrupts one of the Bank's service channels, whether from a security incident or not, is also considered an incident requiring a response under this program. These disclosure controls and procedures compel the Company to make accurate and timely disclosures of material events and incidents to both customers and regulatory authorities. The reaction to an incident aims to reduce potential damage and loss and to protect and restore confidence through timely communication and the restoration of normal operating conditions for computers, services, and information. Management will work closely with its cybersecurity insurance provider, cybersecurity legal counsel, and forensic experts when investigating and responding to cyber or ransomware attacks.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Enterprise Risk Management Process Integration

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance

Cybersecurity risk management processes are an integral part of our enterprise risk management which is overseen by the Board and the Technology & Information Security Committee of the Board. The Board oversees the risk management policies of the Company and is responsible for the periodic review and approval of the risk management policies of the company and

provides general oversight over the information security and technology programs. The TISC oversees the technology and cybersecurity strategies and their alignment with business strategies, the effectiveness of the information security program, monitors the results of third-party testing and risk assessments and responses to breaches of customer data, among other project management, cybersecurity, and business continuity oversight functions. The Committee meets five times during the year, or more as needed. An information security advisor participates in the meetings and is available to provide additional insights into cybersecurity methodologies, best practices, threat trends, and resource planning.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Committee meets five times during the year, or more as needed. An information security advisor participates in the meetings and is available to provide additional insights into cybersecurity methodologies, best practices, threat trends, and resource planning.

Cybersecurity Risk Role of Management [Text Block]

In October 2024, the Company hired a new CISO who is a Certified Information Systems Security Professional with over 12 years in banking experience with a background in cybersecurity, information security, and network administration. The former CISO, who has over 18 years of banking experience, is a Certified Information Systems Security Professional, and has been involved with the management of information and cybersecurity for over ten years, was promoted to the Chief Risk Officer role in October 2024. The CISO regularly reports to the Board Technology & Information Security Committee on information and cybersecurity strategy, testing, training, policies, procedures, cybersecurity insurance, and overall effectiveness of the Information Security Program and would report and discuss material incidents, and ongoing mitigation status, if any should occur. The CISO is the chair of Management’s Information Security Committee that meets on a monthly basis to evaluate threats, incidents, defense system effectiveness, accepted risks, results of third-party cyber assessments and engagements, and the overall adequacy of the cybersecurity program. In addition, the Chief Information Officer has over 15 years of experience in managing bank technologies, information security, and risk management, and collaborates in supporting the Information Security Program. The CISO reports directly to the Chief Risk Officer and meets on a monthly basis with the Executive Management team to discuss cybersecurity risk management matters.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The CISO is the chair of Management’s Information Security Committee that meets on a monthly basis to evaluate threats, incidents, defense system effectiveness, accepted risks, results of third-party cyber assessments and engagements, and the overall adequacy of the cybersecurity program.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The CISO regularly reports to the Board Technology & Information Security Committee on information and cybersecurity strategy, testing, training, policies, procedures, cybersecurity insurance, and overall effectiveness of the Information Security Program and would report and discuss material incidents, and ongoing mitigation status, if any should occur. The CISO is the chair of Management’s Information Security Committee that meets on a monthly basis to evaluate threats, incidents, defense system effectiveness, accepted risks, results of third-party cyber assessments and engagements, and the overall adequacy of the cybersecurity program

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true