|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk Management and Strategy
As part of our overall Enterprise Risk Management strategy, we maintain a robust Information Technology and Security Management Program (“ITSM”), which includes processes to assess, identify, monitor and manage cybersecurity risks. The program includes provisions for annual cybersecurity risk assessments, ongoing monitoring and testing, as well as annual training for employees, executives, and Board Members. We use the Federal Financial Institutions Examination Council’s (“FFIEC”) cybersecurity assessment tool to identify risks and ascertain cybersecurity preparedness and the National Institute of Standards and Technology’s (“NIST”) Cybersecurity Framework to benchmark our internal policies and procedures against best practices. We engage consultants and auditors to assist in the completion of our annual risk assessment and review of controls related to the ITSM.
The Company also maintains a robust Vendor Risk Management program to manage risks related to-party relationships in a manner that is consistent with the Company’s strategic goals, organizational objectives, and risk appetite. This includes comprehensive risk and control assessments with respect to the appropriate safeguarding of sensitive information.
We maintain cybersecurity insurance coverage to mitigate potential financial impacts from cyber incidents, such as data breaches and system disruptions. However, such insurance may not cover all types of damages, and we cannot guarantee that our coverage will be sufficient to fully protect us from the financial consequences of a cyberattack.
To date, there have been no cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect the Company, the Bank, our business strategy, results of operations, or financial condition.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|As part of our overall Enterprise Risk Management strategy, we maintain a robust Information Technology and Security Management Program (“ITSM”), which includes processes to assess, identify, monitor and manage cybersecurity risks. The program includes provisions for annual cybersecurity risk assessments, ongoing monitoring and testing, as well as annual training for employees, executives, and Board Members. We use the Federal Financial Institutions Examination Council’s (“FFIEC”) cybersecurity assessment tool to identify risks and ascertain cybersecurity preparedness and the National Institute of Standards and Technology’s (“NIST”) Cybersecurity Framework to benchmark our internal policies and procedures against best practices. We engage consultants and auditors to assist in the completion of our annual risk assessment and review of controls related to the ITSM.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|To date, there have been no cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect the Company, the Bank, our business strategy, results of operations, or financial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The Board of Directors is responsible for overseeing the development, approval, implementation and maintenance of the ITSM, including overseeing the program’s execution in accordance with the overall strategic goals of the Bank. The Board conducts oversight, in part, through the use of committees. The Risk Management Committee (“RMC”) of the Board of Directors is charged with monitoring and reviewing risk assessments, assurance, testing, and training as well as overseeing the correction of identified deficiencies as they relate to the ITSM. The Company’s Information Security Team is comprised of the information security officer (“ISO”) and a cyber-risk analyst. With input from the Information Technology and Risk departments, the Information Security Team is responsible for incident management, disaster recovery, business continuity and cybersecurity programs and policies. The Bank’s Incident Response Manual and Cyber Incident Policy outline how potential cybersecurity threats or incidents are communicated to the RMC. The RMC is responsible for determining if cybersecurity incidents or threats should be escalated to the Board of Directors. The Information Security Team and the RMC work together to mitigate cybersecurity threats or incidents.
The ISO is responsible for cybersecurity under the ITSM and holds a Certified Information Security Manager certification and was a former Chief Information Security Officer (“CISO”) for the United States segment of a multi-national bank. The ISO reports directly to the Executive Vice President, Chief Risk Officer of the Bank who is a member of the executive team. The Chief Operating Officer, who is a member of the executive team, is a former CISO and holds both a Certified Fraud Examiner and Certified Information Security Manager certification. The Chair of the RMC of the Board also has multiple certifications in information and cybersecurity, including a Certified Information Systems Security Professional certification.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board of Directors is responsible for overseeing the development, approval, implementation and maintenance of the ITSM, including overseeing the program’s execution in accordance with the overall strategic goals of the Bank. The Board conducts oversight, in part, through the use of committees. The Risk Management Committee (“RMC”) of the Board of Directors is charged with monitoring and reviewing risk assessments, assurance, testing, and training as well as overseeing the correction of identified deficiencies as they relate to the ITSM. The Company’s Information Security Team is comprised of the information security officer (“ISO”) and a cyber-risk analyst. With input from the Information Technology and Risk departments, the Information Security Team is responsible for incident management, disaster recovery, business continuity and cybersecurity programs and policies. The Bank’s Incident Response Manual and Cyber Incident Policy outline how potential cybersecurity threats or incidents are communicated to the RMC. The RMC is responsible for determining if cybersecurity incidents or threats should be escalated to the Board of Directors. The Information Security Team and the RMC work together to mitigate cybersecurity threats or incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The ISO is responsible for cybersecurity under the ITSM and holds a Certified Information Security Manager certification and was a former Chief Information Security Officer (“CISO”) for the United States segment of a multi-national bank. The ISO reports directly to the Executive Vice President, Chief Risk Officer of the Bank who is a member of the executive team. The Chief Operating Officer, who is a member of the executive team, is a former CISO and holds both a Certified Fraud Examiner and Certified Information Security Manager certification. The Chair of the RMC of the Board also has multiple certifications in information and cybersecurity, including a Certified Information Systems Security Professional certification.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef