|
Governance.
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Governance.
|
Governance.
The Finance and Risk Management Committee is a standing committee of the Board formed in January 2014 to assist the Board and the Executive Committee of the Board in fulfilling their responsibility with respect to the oversight of the Company’s (1) enterprise risk management and financial framework, including all risks associated therewith, including risks related to cyber incidents and (2) policies and practices relating to financial matters, including but not limited to, capital, liquidity and financing, as well as to merger, acquisition and divestiture activity. The Finance and Risk Management Committee reports to the Board regarding the Company’s risk profile, as well as its enterprise risk management framework, including the significant policies and practices employed to manage such risks, as well as the overall adequacy of the enterprise risk management function.
Material risks and results from any industry standard risk assessments parties, including any recommendations to further mitigate, transfer or eliminate risks, if applicable, are reported annually to the TOC, as well as to the Board’s Finance and Risk Management Committee, who then reports the results to the Bank’s Board. Further, these results are included in the Board’s annual Information Security Program Report.
Technology and cybersecurity risk metrics are two of the Bank’s primary categorical risks defined in the Bank’s enterprise risk management framework. The Enterprise Risk Management Dashboard, which includes ongoing monitoring of current and emerging technology and cybersecurity risks, is presented to the Finance and Risk Management Committee and to the Bank’s Board on a tri-annual basis. In addition, reports on the monitoring of third-party relationships, particularly critical relationships, are presented to the Finance and Risk Management Committee and to the Bank’s Board.
The Bank’s Board, through the Finance and Risk Management Committee, has oversight of cybersecurity incident disclosures, if applicable. The Finance and Risk Management Committee shall annually review with Management the Company’s Business Continuity Plan (the “BCP”), the BCP Policy, BCP testing results and the Company’s Pandemic Plan and Cyber Incident Response Plan and programs, including materiality determination criteria and escalation protocols with respect to the prompt reporting of material cyber incidents to the Finance and Risk Management Committee and the Bank’s Board. The Finance and Risk Management Committee shall further review with Management and report to the Bank’s Board any cyber incident disclosure reports to or from regulators with respect thereto, and the root cause and remediation and enhancement efforts with respect thereto.
The Bank’s information technology team maintains and develops their knowledge through various business, technical and cybersecurity-related programs, certificates and degrees, including a senior member of the team who holds a Master of Business Administration and another team member holding a Master’s Degree in Cybersecurity Management. Collectively, the senior members of the information technology team have approximately 75 years of experience in technology and cybersecurity, and the information technology team collectively holds and maintains continuing education in various technology and cybersecurity certification areas. The Bank’s ISO holds the designation of Certified Cyber Crimes Investigator from the IAFCI and also maintains continuing education related to cybersecurity.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef