|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We depend heavily on various information systems and electronic resources to conduct our business operations. Additionally, a majority of our clients, service providers, and other business partners on whom we rely, including providers of our online banking, mobile banking, and accounting systems, utilize their own electronic information systems. Any of these systems are susceptible to compromise, whether by employees, clients, or other authorized individuals, as well as by malicious actors employing sophisticated and continuously evolving software, tools, and strategies. Given our status as a financial services provider and our relative size, we and our business partners are considered high-value targets for
such malicious actors. For further details, please refer to the "Risks Related to Information Security and Business Interruption" section of the Risk Factors outlined in Item 1A of this Form 10-K.
As a result, we have devoted significant resources to assessing, identifying, and managing cybersecurity risks and threats, including:
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
As a result, we have devoted significant resources to assessing, identifying, and managing cybersecurity risks and threats, including:
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Information Security Program, overseen by our Executive Project and Technology Risk Committee (“EPTRC”), plays a vital role in our overall risk management system.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|We also have an Incident Response Plan which is continually updated in response to an ever-changing threat landscape to provide long-term strategies for remediation, prevention of future incidents and resiliency to all types of threats.
|Cybersecurity Risk Role of Management [Text Block]
|
The Information Security Program, overseen by our Executive Project and Technology Risk Committee (“EPTRC”), plays a vital role in our overall risk management system. It encompasses administrative, technical, and physical measures aimed at safeguarding the security and confidentiality of client records and information. We also have an Incident Response Plan which is continually updated in response to an ever-changing threat landscape to provide long-term strategies for remediation, prevention of future incidents and resiliency to all types of threats. The incident response team (i) includes subject matter experts to address cyber threats and (ii) includes members of management responsible to monitor threat escalation and identify events that may warrant Board notification and a Form 8-K cybersecurity notice.
Occasionally, we have encountered cybersecurity threats necessitating adjustments to our procedures and the integration of extra safeguards. Although these specific threats or incidents haven't significantly impacted us thus far, it is possible that future threats and incidents we detect could potentially have a material adverse effect on our business strategy, results of operations, and financial condition.
Our management team is tasked with the daily management of the cybersecurity risks we encounter and supervises the EPTRC. Our EPTRC, in turn, oversees the assessment of information security, the creation of policies, standards, and procedures, as well as testing, training, and security reporting processes for our Company. The EPTRC is comprised of management with the appropriate expertise and authority to ensure effective oversight of the Information Security Program.
Furthermore, our Board of Directors, both collectively and through its Risk Committee, holds responsibility for overseeing risk management, including cybersecurity risks. In this capacity, the Board and the Risk Committee, supported by management and third-party cybersecurity advisors, ensure that the risk management processes devised and executed by management are adequate and operational as intended. Annually, the Board reviews and approves our information security program, vendor management policy (including third-party service providers), acceptable use policy, incident response policy, and business continuity planning policy. These policies are developed and implemented by our management team. To fulfill their duties, the Board receives regular updates from the Risk Committee regarding cybersecurity risks and management’s endeavors to prevent, detect, mitigate, and address any cybersecurity incidents, at least quarterly.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Furthermore, our Board of Directors, both collectively and through its Risk Committee, holds responsibility for overseeing risk management, including cybersecurity risks. In this capacity, the Board and the Risk Committee, supported by management and third-party cybersecurity advisors, ensure that the risk management processes devised and executed by management are adequate and operational as intended. Annually, the Board reviews and approves our information security program, vendor management policy (including third-party service providers), acceptable use policy, incident response policy, and business continuity planning policy. These policies are developed and implemented by our management team. To fulfill their duties, the Board receives regular updates from the Risk Committee regarding cybersecurity risks and management’s endeavors to prevent, detect, mitigate, and address any cybersecurity incidents, at least quarterly.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef