|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We recognize the security of our banking operations is critical to protecting our customers, maintaining our reputation and preserving our enterprise value. We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. The Company’s Information Security Officer is primarily responsible for developing, monitoring, and implementing our cybersecurity program, which establishes policies and procedures for the measurement of the effectiveness and efficiency of information security controls related to both design and operations. The Chief Technology Officer is responsible for implementing the appropriate controls and monitoring them towards adherence with the established standards.
As a regulated financial institution, we have designed our cybersecurity program based on the requirements of the Gramm-Leach Bliley Act of 1999 and Federal Financial Institutions Examination Council (“FFIEC”) Cybersecurity Assessment Tool. Our processes for identifying, assessing and managing material risks from cybersecurity threats rely on the FFIEC Cybersecurity Assessment Tool as well as recurring audits and assessments of our cybersecurity program and controls. As part of our cybersecurity program, we have developed an incident response plan based on industry-standard cybersecurity frameworks, with procedures for responding to and remediating a cyber-incident. We also review and test our incident response plan through simulations and assessments. Further, we employ recurring security awareness training for employees and produce recurring security awareness material for our customers.
We engage third-party services to conduct penetration testing as well as other regular evaluations of our security protocols and processes. Additionally, we assess and monitor the cybersecurity controls of third-party service providers and partners. Ongoing and regular monitoring of our third parties is also managed through our Information Security Program team’s protocols in partnership with the vendor management, enterprise risk management, and internal audit departments.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We recognize the security of our banking operations is critical to protecting our customers, maintaining our reputation and preserving our enterprise value. We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. The Company’s Information Security Officer is primarily responsible for developing, monitoring, and implementing our cybersecurity program, which establishes policies and procedures for the measurement of the effectiveness and efficiency of information security controls related to both design and operations. The Chief Technology Officer is responsible for implementing the appropriate controls and monitoring them towards adherence with the established standards.
As a regulated financial institution, we have designed our cybersecurity program based on the requirements of the Gramm-Leach Bliley Act of 1999 and Federal Financial Institutions Examination Council (“FFIEC”) Cybersecurity Assessment Tool. Our processes for identifying, assessing and managing material risks from cybersecurity threats rely on the FFIEC Cybersecurity Assessment Tool as well as recurring audits and assessments of our cybersecurity program and controls. As part of our cybersecurity program, we have developed an incident response plan based on industry-standard cybersecurity frameworks, with procedures for responding to and remediating a cyber-incident. We also review and test our incident response plan through simulations and assessments. Further, we employ recurring security awareness training for employees and produce recurring security awareness material for our customers.
We engage third-party services to conduct penetration testing as well as other regular evaluations of our security protocols and processes. Additionally, we assess and monitor the cybersecurity controls of third-party service providers and partners. Ongoing and regular monitoring of our third parties is also managed through our Information Security Program team’s protocols in partnership with the vendor management, enterprise risk management, and internal audit departments.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors, through the Audit Committee and Directors’ Risk Committee, provides direction and oversight of the Company’s risk management system. Our Chief Technology Officer is responsible for managing our
information security team, while our Information Security Officer is responsible for maintaining and continuing to develop and implement our cybersecurity program enterprise-wide and assessing and managing risks from cybersecurity threats. Both the Information Security Officer and Chief Technology Officer have extensive experience in the banking industry and in information technology and information security. The Information Security Officer has served in information security roles for twenty-five years and in banking for thirty-five years. The Chief Technology Officer has been with the Company since 2010 and has over twenty years of experience in information technology and cybersecurity within the banking industry.
We have processes to inform the Directors’ Risk Committee, Audit Committee and the Board about risks from cybersecurity threats. Our management team reports its findings using the FFIEC Cybersecurity Assessment Tool and our information security team’s determination as to whether our security controls, at a minimum, are in place and effective. The Information Security Officer and Chief Technology Officer regularly report to the Director Risk Committee, Audit Committee and the Board regarding cybersecurity and related threats and trends, changes, control effectiveness and residual risk, the areas where our cybersecurity program may be improved and improvements made to address and remediate issues.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Audit Committee and Directors’ Risk Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
We have processes to inform the Directors’ Risk Committee, Audit Committee and the Board about risks from cybersecurity threats. Our management team reports its findings using the FFIEC Cybersecurity Assessment Tool and our information security team’s determination as to whether our security controls, at a minimum, are in place and effective. The Information Security Officer and Chief Technology Officer regularly report to the Director Risk Committee, Audit Committee and the Board regarding cybersecurity and related threats and trends, changes, control effectiveness and residual risk, the areas where our cybersecurity program may be improved and improvements made to address and remediate issues.
|Cybersecurity Risk Role of Management [Text Block]
|Our Chief Technology Officer is responsible for managing our information security team, while our Information Security Officer is responsible for maintaining and continuing to develop and implement our cybersecurity program enterprise-wide and assessing and managing risks from cybersecurity threats. Both the Information Security Officer and Chief Technology Officer have extensive experience in the banking industry and in information technology and information security. The Information Security Officer has served in information security roles for twenty-five years and in banking for thirty-five years. The Chief Technology Officer has been with the Company since 2010 and has over twenty years of experience in information technology and cybersecurity within the banking industry.
We have processes to inform the Directors’ Risk Committee, Audit Committee and the Board about risks from cybersecurity threats. Our management team reports its findings using the FFIEC Cybersecurity Assessment Tool and our information security team’s determination as to whether our security controls, at a minimum, are in place and effective. The Information Security Officer and Chief Technology Officer regularly report to the Director Risk Committee, Audit Committee and the Board regarding cybersecurity and related threats and trends, changes, control effectiveness and residual risk, the areas where our cybersecurity program may be improved and improvements made to address and remediate issues.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Information Security Officer and Chief Technology Officer
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Both the Information Security Officer and Chief Technology Officer have extensive experience in the banking industry and in information technology and information security. The Information Security Officer has served in information security roles for twenty-five years and in banking for thirty-five years. The Chief Technology Officer has been with the Company since 2010 and has over twenty years of experience in information technology and cybersecurity within the banking industry.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|We have processes to inform the Directors’ Risk Committee, Audit Committee and the Board about risks from cybersecurity threats. Our management team reports its findings using the FFIEC Cybersecurity Assessment Tool and our information security team’s determination as to whether our security controls, at a minimum, are in place and effective. The Information Security Officer and Chief Technology Officer regularly report to the Director Risk Committee, Audit Committee and the Board regarding cybersecurity and related threats and trends, changes, control effectiveness and residual risk, the areas where our cybersecurity program may be improved and improvements made to address and remediate issues
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef