|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Prosper recognizes the critical importance of protecting the company’s assets and customer data against new and existing risks using appropriate organizational measures, policies, procedures, and technical solutions while maintaining robust cybersecurity measures to safeguard our information systems and protect the security, confidentiality, integrity, and availability of our data.
Managing Material Risks & Integrated Overall Risk Management
Prosper has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our information security (“InfoSec”) team works closely with our information technology team to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
Third-Party Risk Management Engagement
Prosper engages with a range of external experts, including external auditors, cybersecurity assessors and penetration testers as part of our InfoSec and cybersecurity programs. Our collaboration with these third-parties includes services such as external audits, threat assessments and guidance on key security initiatives. These partnerships allow us to leverage specialized knowledge and insights, consistent with our aim for industry-best practices.
Oversee Third-Party Risk
Prosper maintains stringent processes to oversee and manage the risks associated with third-party service providers, including a team focused on vendor, enterprise, and procurement risk management. We conduct diligence and security assessments of material third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. This monitoring includes an initial review of their information security program, annual re-assessments, and ongoing monitoring for security incidents. This approach is designed to mitigate risks related to data breaches or other security incidents originating from our material vendors and partners.
Risks from Cybersecurity Threats
For a description of the cybersecurity risks which could materially affect Prosper’s business strategy, results of operations, or financial condition, please refer to the following: (i) “Risk Factors—If the security of PFL's investors' and borrowers' confidential information stored in our systems is breached or otherwise subjected to unauthorized access, users' secure information may be stolen, our reputations may be harmed, and we may be exposed to liability,”; (ii) “Risk Factors—Any significant disruption in service in our marketplace or in PMI’s computer systems could adversely affect PMI’s ability to perform its obligations under the Administration Agreement,”; and (iii) “Risk Factors—Our marketplace may be vulnerable to malware, third-party software vulnerabilities, and similar disruptions.” We and certain third party vendors occasionally have experienced cyber-attacks, breaches of our and their systems and other similar incidents, which to-date have not had a material effect on Prosper’s business strategy, results of operations, or financial condition.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
Managing Material Risks & Integrated Overall Risk Management
Prosper has strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our information security (“InfoSec”) team works closely with our information technology team to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats.
Board of Directors Oversight of Risks
The Board is directly responsible for overseeing risks related to cybersecurity and is composed of board members with diverse expertise, including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
The Board is informed of cybersecurity risks by our Chief Executive Officer (“CEO”) and General Counsel (“GC”), who are kept updated on an ongoing basis of cybersecurity risks through our Chief Technology Officer (“CTO”) and Head of Information Security (the “InfoSec Director”). Our InfoSec Director also prepares a quarterly update for each Board meeting that updates the Board of any information security and cybersecurity risks and threats to our systems. The InfoSec Director also
met with the Board directly for training focused exclusively on our cybersecurity and information security program and risks starting in 2024 and expects to continue to provide such training in the future.
Risk Management Personnel
Primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with our InfoSec Director. Our InfoSec Director has experience building global Information Security programs and has advised organizations across several highly- regulated industries, including financial services, technology, healthcare, government, non-profit, and retail. Our InfoSec Director, with oversight from the CTO, manages Prosper’s information security risk management program and informs Prosper’s Enterprise Risk & Information Security Committee (“eRISC”), which consists of members of Prosper’s management team and includes our CEO, Chief Financial Officer (“CFO”), CTO, and GC, regarding the prevention, detection, mitigation, and remediation of cyber risks and incidents. The cybersecurity team has decades of experience in selecting, deploying, and operating cybersecurity technologies, initiatives, and processes. eRISC meets on at least a quarterly basis to discuss any cybersecurity incident reports, as applicable, ongoing cybersecurity initiatives and strategies, take any actions approved by the voting members of eRISC, and discuss escalation and reporting to the Board, as needed.
Process for Monitoring Cybersecurity Incidents
The InfoSec Director and eRISC, as applicable, are continually informed about the latest developments in cybersecurity including potential threats and innovative risk management techniques. The InfoSec Director is an active thought leader and speaker within the CISO community, regularly participating in cybersecurity conferences such as FS-ISAC, and CISO summits. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The InfoSec Director implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the InfoSec Director is equipped with a well-defined incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Reporting to Board of Directors
As discussed above in “Cybersecurity Board of Directors Oversight of Risks,” our InfoSec Director regularly updates our eRISC committee regarding all aspects related to cybersecurity risks and incidents and also maintains direct communication with the CEO, CFO, CTO, and GC for escalation of such incidents directly to the Board. This ensures that the highest levels of management and the Board are kept informed of the cybersecurity posture and potential risks facing Prosper.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board is directly responsible for overseeing risks related to cybersecurity and is composed of board members with diverse expertise, including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
The Board is informed of cybersecurity risks by our Chief Executive Officer (“CEO”) and General Counsel (“GC”), who are kept updated on an ongoing basis of cybersecurity risks through our Chief Technology Officer (“CTO”) and Head of Information Security (the “InfoSec Director”). Our InfoSec Director also prepares a quarterly update for each Board meeting that updates the Board of any information security and cybersecurity risks and threats to our systems. The InfoSec Director also
met with the Board directly for training focused exclusively on our cybersecurity and information security program and risks starting in 2024 and expects to continue to provide such training in the future.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board is directly responsible for overseeing risks related to cybersecurity and is composed of board members with diverse expertise, including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
The Board is informed of cybersecurity risks by our Chief Executive Officer (“CEO”) and General Counsel (“GC”), who are kept updated on an ongoing basis of cybersecurity risks through our Chief Technology Officer (“CTO”) and Head of Information Security (the “InfoSec Director”). Our InfoSec Director also prepares a quarterly update for each Board meeting that updates the Board of any information security and cybersecurity risks and threats to our systems. The InfoSec Director also
met with the Board directly for training focused exclusively on our cybersecurity and information security program and risks starting in 2024 and expects to continue to provide such training in the future.
|Cybersecurity Risk Role of Management [Text Block]
|
Primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with our InfoSec Director. Our InfoSec Director has experience building global Information Security programs and has advised organizations across several highly- regulated industries, including financial services, technology, healthcare, government, non-profit, and retail. Our InfoSec Director, with oversight from the CTO, manages Prosper’s information security risk management program and informs Prosper’s Enterprise Risk & Information Security Committee (“eRISC”), which consists of members of Prosper’s management team and includes our CEO, Chief Financial Officer (“CFO”), CTO, and GC, regarding the prevention, detection, mitigation, and remediation of cyber risks and incidents. The cybersecurity team has decades of experience in selecting, deploying, and operating cybersecurity technologies, initiatives, and processes. eRISC meets on at least a quarterly basis to discuss any cybersecurity incident reports, as applicable, ongoing cybersecurity initiatives and strategies, take any actions approved by the voting members of eRISC, and discuss escalation and reporting to the Board, as needed.
Process for Monitoring Cybersecurity Incidents
The InfoSec Director and eRISC, as applicable, are continually informed about the latest developments in cybersecurity including potential threats and innovative risk management techniques. The InfoSec Director is an active thought leader and speaker within the CISO community, regularly participating in cybersecurity conferences such as FS-ISAC, and CISO summits. This ongoing knowledge acquisition is crucial for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. The InfoSec Director implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the InfoSec Director is equipped with a well-defined incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with our InfoSec Director.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our InfoSec Director has experience building global Information Security programs and has advised organizations across several highly- regulated industries, including financial services, technology, healthcare, government, non-profit, and retail.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our InfoSec Director has experience building global Information Security programs and has advised organizations across several highly- regulated industries, including financial services, technology, healthcare, government, non-profit, and retail. Our InfoSec Director, with oversight from the CTO, manages Prosper’s information security risk management program and informs Prosper’s Enterprise Risk & Information Security Committee (“eRISC”), which consists of members of Prosper’s management team and includes our CEO, Chief Financial Officer (“CFO”), CTO, and GC, regarding the prevention, detection, mitigation, and remediation of cyber risks and incidents. The cybersecurity team has decades of experience in selecting, deploying, and operating cybersecurity technologies, initiatives, and processes. eRISC meets on at least a quarterly basis to discuss any cybersecurity incident reports, as applicable, ongoing cybersecurity initiatives and strategies, take any actions approved by the voting members of eRISC, and discuss escalation and reporting to the Board, as needed.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef