|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Our information security program is managed through a dynamic enterprise-wide cybersecurity strategy, policies, standards, architecture, and processes. The Bank relies upon a formalized internal Information and Cybersecurity Program (the "Program”) to safeguard confidential information, maintain the confidentiality of our customers’ data and to ensure the integrity of financial transactions. The Program is approved by the Bank’s Board of Directors or a committee thereof annually, and is designed to identify reasonably foreseeable internal and external threats, assess the likelihood and potential damage these threats could cause, and assess the appropriateness of policies, standards and procedures used to identify and mitigate risks associated with a material cybersecurity incident. The Program has been designed to align with industry best practices, as well as regulatory guidelines and laws and leverages the National Institute of Standards and Technology Cybersecurity framework (“NIST CSF”) as its baseline. We are dedicated to cybersecurity and maintaining the trust and confidence of our customers and stockholders.
Additionally, we maintain an Incident Response Plan that provides established procedures for timely reporting and escalation of significant cybersecurity incidents. Our commitment involves promptly notifying regulatory authorities, customers, and other stakeholders in the event of any material cyber incidents that may impact our operations or the security of sensitive information. The Incident Response Plan is coordinated through the Vice President of Information Technology (“VP of IT”) and key members of executive management who are responsible for escalation as part of the Plan.
We use a layered defense management approach to managing cybersecurity. The Bank’s cybersecurity operations function is headed by the VP of IT who is responsible for managing information security risks by developing and implementing information security strategies, architecture, and procedures and acts as the first line of defense. The VP of IT oversees a team of internal and external security professionals in safeguarding our critical data, systems, and assets against threats, breaches, and attacks. The VP of IT is also responsible for ensuring the confidentiality, integrity, and availability of information assets.
The information security program, policies, and standards are managed by the Bank's Information Security Officer (the "ISO"), who leads the enterprise wide technology risk management function. The ISO acts as the second line of defense and provides risk oversight for the Bank’s technology operating infrastructure and operations. The ISO manages testing of technology controls, technology risk assessments, risk reporting, information security third-party due diligence, monitoring the implementation of risk mitigation actions, and tracking their effectiveness over time. The Bank's internal auditors and Board of Directors act as the third line of defense, providing the independent assurance function.
In addition to the above risk management framework, we engage in regular assessments of our infrastructure, software systems, and network architecture, using internal cybersecurity experts and -party specialists. We also maintain a -party risk management program designed to identify, assess, and manage risks, including cybersecurity risks, associated with external service providers and our supply chain. Additionally, we actively monitor our email gateways for malicious phishing email campaigns and monitor remote connections for any portion of our workforce that has the option to work remotely. We leverage internal and external auditors and independent external partners to periodically review our processes, systems, and controls, including with respect to our information security program, to opine on their design and operating effectiveness and make recommendations to strengthen our risk management program.
Notwithstanding our defensive measures and processes, the threat posed by cyber-attacks is severe. Our internal systems, processes, and controls are designed to mitigate loss from cyber-attacks. For further discussion of risks from cybersecurity threats, see the section captioned “Risks Related to Our Operations” in Item 1A. Risk Factors.
As part of our governance structure, the Board of Directors, Chief Executive Officer and VP of IT play an active role in overseeing our cybersecurity program. Regular briefings on cyber risk management and incident response activities are conducted, ensuring a high level of governance and accountability in addressing cybersecurity concerns. The Bank and its vendors provide periodic reports to our Board of Directors, or committee thereof, as well as to our senior management team as appropriate. These reports include updates on the Bank’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
We are steadfast in our commitment to collaborate with regulatory authorities to enhance industry-wide cybersecurity standards. Given the ongoing and changing cyber threat landscape, we are committed to invest in, improve and update our cybersecurity practices on an ongoing basis. Regular assessments, testing, audits, and training of all employees are conducted to adapt to emerging threats and enhance our ability to safeguard the interests of our customers.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our information security program is managed through a dynamic enterprise-wide cybersecurity strategy, policies, standards, architecture, and processes. The Bank relies upon a formalized internal Information and Cybersecurity Program (the "Program”) to safeguard confidential information, maintain the confidentiality of our customers’ data and to ensure the integrity of financial transactions. The Program is approved by the Bank’s Board of Directors or a committee thereof annually, and is designed to identify reasonably foreseeable internal and external threats, assess the likelihood and potential damage these threats could cause, and assess the appropriateness of policies, standards and procedures used to identify and mitigate risks associated with a material cybersecurity incident. The Program has been designed to align with industry best practices, as well as regulatory guidelines and laws and leverages the National Institute of Standards and Technology Cybersecurity framework (“NIST CSF”) as its baseline. We are dedicated to cybersecurity and maintaining the trust and confidence of our customers and stockholders.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Notwithstanding our defensive measures and processes, the threat posed by cyber-attacks is severe. Our internal systems, processes, and controls are designed to mitigate loss from cyber-attacks. For further discussion of risks from cybersecurity threats, see the section captioned “Risks Related to Our Operations” in Item 1A. Risk Factors.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As part of our governance structure, the Board of Directors, Chief Executive Officer and VP of IT play an active role in overseeing our cybersecurity program. Regular briefings on cyber risk management and incident response activities are conducted, ensuring a high level of governance and accountability in addressing cybersecurity concerns. The Bank and its vendors provide periodic reports to our Board of Directors, or committee thereof, as well as to our senior management team as appropriate. These reports include updates on the Bank’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
|Cybersecurity Risk Role of Management [Text Block]
|Additionally, we maintain an Incident Response Plan that provides established procedures for timely reporting and escalation of significant cybersecurity incidents. Our commitment involves promptly notifying regulatory authorities, customers, and other stakeholders in the event of any material cyber incidents that may impact our operations or the security of sensitive information. The Incident Response Plan is coordinated through the Vice President of Information Technology (“VP of IT”) and key members of executive management who are responsible for escalation as part of the Plan.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The information security program, policies, and standards are managed by the Bank's Information Security Officer (the "ISO"), who leads the enterprise wide technology risk management function. The ISO acts as the second line of defense and provides risk oversight for the Bank’s technology operating infrastructure and operations. The ISO manages testing of technology controls, technology risk assessments, risk reporting, information security third-party due diligence, monitoring the implementation of risk mitigation actions, and tracking their effectiveness over time. The Bank's internal auditors and Board of Directors act as the third line of defense, providing the independent assurance function.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef