Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Our comprehensive cybersecurity and risk management programs are part of our continuously evolving enterprise-wide risk management practices. Aligned and measured against the National Institute of Standards and Technology (NIST) Cybersecurity Framework, recognized best practices and standards for cybersecurity and information technology, industry and government standards and other guidelines, our cybersecurity and risk management programs utilize policies, processes, and technologies to identify, assess, manage and mitigate cybersecurity risks and threats we face. We also conduct periodic reviews and updates to uphold our security standards, including implementation of tabletop crises exercises. Our management implements ongoing and annual risk assessment processes to identify and manage risks that could affect our ability to safeguard sensitive data or provide reliable transaction processing and to minimize financial risk exposure. These risks include, but are not limited to, legal and regulatory compliance; third-party management, including risks from business partners and software providers; mergers and acquisitions; system availability and disruption of business operations; data use and security; vulnerability and configuration management; fraud and extortion; and reputational risk. The steps we take to reduce vulnerability to cyber-attacks and to mitigate and remediate the impact of cybersecurity incidents in a timely and coordinated manner include, but are not limited to: establishing information security policies and standards, implementing information protection processes, tools and technologies, monitoring information technology systems for cybersecurity threats, coordinating internal reporting, assessing cybersecurity risk profiles of key third-parties, implementing cybersecurity training and collaborating with public and private organizations on cyber threat information and best practices. In addition to our internal Information Security teams, we utilize trusted third-party auditors and recognized cybersecurity consultants and certified assessors, to assess our cybersecurity risks, related controls, and alignment to relevant regulatory and legal requirements. A third-party evaluates our information security policies, standards and control environment at least annually. Assessments and testing protocols are performed by third parties against industry best practices and widely recognized security frameworks. We face many cybersecurity risks in connection with our business. As of December 31, 2025, no known cybersecurity threats have materially affected, or are reasonably likely to materially affect, the Company, including our business strategy, cash flows, financial condition or results of operations; however, future cybersecurity incidents or threats may materially affect us, including by affecting our business strategy, results of operations or financial conditions. See Part I, Item 1A, “Risk Factors” for more information on our cybersecurity-related risks.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Our comprehensive cybersecurity and risk management programs are part of our continuously evolving enterprise-wide risk management practices. Aligned and measured against the National Institute of Standards and Technology (NIST) Cybersecurity Framework, recognized best practices and standards for cybersecurity and information technology, industry and government standards and other guidelines, our cybersecurity and risk management programs utilize policies, processes, and technologies to identify, assess, manage and mitigate cybersecurity risks and threats we face. We also conduct periodic reviews and updates to uphold our security standards, including implementation of tabletop crises exercises. Our management implements ongoing and annual risk assessment processes to identify and manage risks that could affect our ability to safeguard sensitive data or provide reliable transaction processing and to minimize financial risk exposure. These risks include, but are not limited to, legal and regulatory compliance; third-party management, including risks from business partners and software providers; mergers and acquisitions; system availability and disruption of business operations; data use and security; vulnerability and configuration management; fraud and extortion; and reputational risk.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board oversees and guides our business and oversees our exposure to major risks, including steps taken by management to monitor and mitigate cybersecurity risks. The Board receives and reviews periodic reports from management on various risks, and delegates to its Audit Committee certain oversight responsibilities. The Board monitors cybersecurity risks and receives a report at least quarterly from our CISO regarding our Information Security Program. In addition, certain cybersecurity incidents are escalated to the Board in accordance with our Plan as described above. Periodically, the Board also receives third-party assessments of our information security. The Audit Committee receives regular updates on both information security and data privacy matters, and oversees data privacy, integrity, incident and breach risks.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	To manage our cybersecurity risk, we employ a cross-organizational steering committee, the Information Security Steering Committee (“ISSC”), that supports the direction and governance of our enterprise-wide Information Security Program. The ISSC is chaired by our Chief Information Security Officer (“CISO”) and is comprised of senior business leaders including our Chief Compliance Officer (“CCO”), Chief Risk Officer (“CRO”), legal counsel, and human resources, procurement and business segment leaders.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board receives and reviews periodic reports from management on various risks, and delegates to its Audit Committee certain oversight responsibilities. The Board monitors cybersecurity risks and receives a report at least quarterly from our CISO regarding our Information Security Program. In addition, certain cybersecurity incidents are escalated to the Board in accordance with our Plan as described above. Periodically, the Board also receives third-party assessments of our information security. The Audit Committee receives regular updates on both information security and data privacy matters, and oversees data privacy, integrity, incident and breach risks.
Cybersecurity Risk Role of Management [Text Block]	To manage our cybersecurity risk, we employ a cross-organizational steering committee, the Information Security Steering Committee (“ISSC”), that supports the direction and governance of our enterprise-wide Information Security Program. The ISSC is chaired by our Chief Information Security Officer (“CISO”) and is comprised of senior business leaders including our Chief Compliance Officer (“CCO”), Chief Risk Officer (“CRO”), legal counsel, and human resources, procurement and business segment leaders. In addition to the ISSC, we have defined risk functions to cover overall enterprise risks and information technology and cybersecurity risks within our enterprise risk management framework, including, but not limited to: our IT Risk Management Program, led by our CISO; our Responsible Artificial Intelligence (“RAI”) Program, led by our Chief Digital and Information Officer; Compliance, led by our CCO; Internal Audit, led by our Chief Audit Executive (“CAE”); Enterprise Risk Management programs led by our CRO; Third-Party Risk Management, comprised of business and information security leaders; IT due diligence processes, led by business, technology and information security leaders; and our Corporate Insurance Program, including cybersecurity insurance, led by our Treasurer. To evaluate cybersecurity and privacy incidents and enable us to comply with public disclosure requirements, we have a Privacy and Security Incident Response and Reporting Policy and Procedure (the “Policy”) with defined escalation criteria (the “Plan”) in support of our incident response processes. The Plan provides a framework to our Cyber Incident Response Taskforce, comprised of our Chief Privacy Officer (“CPO”), our CISO, legal counsel and business and corporate services leaders, for responding to cybersecurity incidents. The Policy, together with the Plan, identifies applicable requirements for incident disclosure and reporting and also provides protocols for incident evaluation based on the facts and circumstances of each incident, including the use of third-party service providers and partners, processes for notification and internal escalation of information to our senior management, including to our chief legal officer and CEO, a subcommittee of our SEC disclosure committee, and, ultimately, our Board of Directors and appropriate Board committees. The Policy also addresses requirements for our external reporting obligations. The Policy is reviewed and updated, as necessary, under the leadership of our CISO and CPO.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	To manage our cybersecurity risk, we employ a cross-organizational steering committee, the Information Security Steering Committee (“ISSC”), that supports the direction and governance of our enterprise-wide Information Security Program. The ISSC is chaired by our Chief Information Security Officer (“CISO”) and is comprised of senior business leaders including our Chief Compliance Officer (“CCO”), Chief Risk Officer (“CRO”), legal counsel, and human resources, procurement and business segment leaders.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our Information Security Program is designed to minimize risk and safeguard the data of our members, customers, and associates. The program is led by our Chief Digital and Information Officer and our CISO, both of whom have extensive backgrounds in information security and technology. Our Chief Digital and Information Officer has more than 25 years of experience, including leading enterprise digital transformation initiatives at major corporations, while our CISO brings over 25 years of experience across technical, operational, and strategic security leadership roles in global organizations.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Board receives and reviews periodic reports from management on various risks, and delegates to its Audit Committee certain oversight responsibilities. The Board monitors cybersecurity risks and receives a report at least quarterly from our CISO regarding our Information Security Program. In addition, certain cybersecurity incidents are escalated to the Board in accordance with our Plan as described above. Periodically, the Board also receives third-party assessments of our information security. The Audit Committee receives regular updates on both information security and data privacy matters, and oversees data privacy, integrity, incident and breach risks. Cybersecurity Expertise
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Our comprehensive cybersecurity and risk management programs are part of our continuously evolving enterprise-wide risk management practices. Aligned and measured against the National Institute of Standards and Technology (NIST) Cybersecurity Framework, recognized best practices and standards for cybersecurity and information technology, industry and government standards and other guidelines, our cybersecurity and risk management programs utilize policies, processes, and technologies to identify, assess, manage and mitigate cybersecurity risks and threats we face. We also conduct periodic reviews and updates to uphold our security standards, including implementation of tabletop crises exercises. Our management implements ongoing and annual risk assessment processes to identify and manage risks that could affect our ability to safeguard sensitive data or provide reliable transaction processing and to minimize financial risk exposure. These risks include, but are not limited to, legal and regulatory compliance; third-party management, including risks from business partners and software providers; mergers and acquisitions; system availability and disruption of business operations; data use and security; vulnerability and configuration management; fraud and extortion; and reputational risk.

The steps we take to reduce vulnerability to cyber-attacks and to mitigate and remediate the impact of cybersecurity incidents in a timely and coordinated manner include, but are not limited to: establishing information security policies and standards, implementing information protection processes, tools and technologies, monitoring information technology systems for cybersecurity threats, coordinating internal reporting, assessing cybersecurity risk profiles of key third-parties, implementing cybersecurity training and collaborating with public and private organizations on cyber threat information and best practices.

In addition to our internal Information Security teams, we utilize trusted third-party auditors and recognized cybersecurity consultants and certified assessors, to assess our cybersecurity risks, related controls, and alignment to relevant regulatory and legal requirements. A third-party evaluates our information security policies, standards and control environment at least annually. Assessments and testing protocols are performed by third parties against industry best practices and widely recognized security frameworks.

We face many cybersecurity risks in connection with our business. As of December 31, 2025, no known cybersecurity threats have materially affected, or are reasonably likely to materially affect, the Company, including our business strategy, cash flows, financial condition or results of operations; however, future cybersecurity incidents or threats may materially affect us, including by affecting our business strategy, results of operations or financial conditions. See Part I, Item 1A, “Risk Factors” for more information on our cybersecurity-related risks.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board oversees and guides our business and oversees our exposure to major risks, including steps taken by management to monitor and mitigate cybersecurity risks. The Board receives and reviews periodic reports from management on various risks, and delegates to its Audit Committee certain oversight responsibilities. The Board monitors cybersecurity risks and receives a report at least quarterly from our CISO regarding our Information Security Program. In addition, certain cybersecurity incidents are escalated to the Board in accordance with our Plan as described above. Periodically, the Board also receives third-party assessments of our information security. The Audit Committee receives regular updates on both information security and data privacy matters, and oversees data privacy, integrity, incident and breach risks.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

To manage our cybersecurity risk, we employ a cross-organizational steering committee, the Information Security Steering Committee (“ISSC”), that supports the direction and governance of our enterprise-wide Information Security Program. The ISSC is chaired by our Chief Information Security Officer (“CISO”) and is comprised of senior business leaders including our Chief Compliance Officer (“CCO”), Chief Risk Officer (“CRO”), legal counsel, and human resources, procurement and business segment leaders.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board receives and reviews periodic reports from management on various risks, and delegates to its Audit Committee certain oversight responsibilities. The Board monitors cybersecurity risks and receives a report at least quarterly from our CISO regarding our Information Security Program. In addition, certain cybersecurity incidents are escalated to the Board in accordance with our Plan as described above. Periodically, the Board also receives third-party assessments of our information security. The Audit Committee receives regular updates on both information security and data privacy matters, and oversees data privacy, integrity, incident and breach risks.

Cybersecurity Risk Role of Management [Text Block]

In addition to the ISSC, we have defined risk functions to cover overall enterprise risks and information technology and cybersecurity risks within our enterprise risk management framework, including, but not limited to: our IT Risk Management Program, led by our CISO; our Responsible Artificial Intelligence (“RAI”) Program, led by our Chief Digital and Information Officer; Compliance, led by our CCO; Internal Audit, led by our Chief Audit Executive (“CAE”); Enterprise Risk Management programs led by our CRO; Third-Party Risk Management, comprised of business and information security leaders; IT due diligence processes, led by business, technology and information security leaders; and our Corporate Insurance Program, including cybersecurity insurance, led by our Treasurer.

To evaluate cybersecurity and privacy incidents and enable us to comply with public disclosure requirements, we have a Privacy and Security Incident Response and Reporting Policy and Procedure (the “Policy”) with defined escalation criteria (the “Plan”) in support of our incident response processes. The Plan provides a framework to our Cyber Incident Response Taskforce, comprised of our Chief Privacy Officer (“CPO”), our CISO, legal counsel and business and corporate services leaders, for responding to cybersecurity incidents. The Policy, together with the Plan, identifies applicable requirements for incident disclosure and reporting and also provides protocols for incident evaluation based on the facts and circumstances of each incident, including the use of third-party service providers and partners, processes for notification and internal escalation of information to our senior management, including to our chief legal officer and CEO, a subcommittee of our SEC disclosure committee, and, ultimately, our Board of Directors and appropriate Board committees. The Policy also addresses requirements for our external reporting obligations. The Policy is reviewed and updated, as necessary, under the leadership of our CISO and CPO.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our Information Security Program is designed to minimize risk and safeguard the data of our members, customers, and associates. The program is led by our Chief Digital and Information Officer and our CISO, both of whom have extensive backgrounds in information security and technology. Our Chief Digital and Information Officer has more than 25 years of experience, including leading enterprise digital transformation initiatives at major corporations, while our CISO brings over 25 years of experience across technical, operational, and strategic security leadership roles in global organizations.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Expertise

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true