|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
We maintain an information security program and governance framework that is designed to protect our information systems against operational risks related to cybersecurity.
Cybersecurity Risk Management and Strategy
We utilize third party cybersecurity consultancy firms to manage and execute our cybersecurity programs. These third party firms are led and supervised by our Chief Information Officer (“CIO”). Our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based on frameworks established by the National Institute of Standards and Technology (“NIST”), the International Organization for Standardization and other applicable industry standards. On a quarterly basis, our third party cybersecurity consultancy firms perform phish testing and on demand information security training. On a yearly basis, our third party consultancy firms perform, among other trainings and assessments, information security awareness training, internal cybersecurity risk assessments, internal and external penetration tests, key vendor risk assessments, incident response tabletop exercises, written information security and business continuity plan policy gap analysis reviews and revisions as well as incident response plan reviews and revisions. The results of the assessments are used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader enterprise-level risk assessment that is presented to our Board, Audit Committee and members of management.
While we do not believe that our business strategy, results of operations, or financial condition have been materially adversely affected by any cybersecurity incidents, cybersecurity threats are pervasive, and, similar to other global financial services firms, we, as well as our clients, investors, associates, regulators, service providers, and other third parties, have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the target of cyber attacks. We continue to assess the risks and changes in the cyber environment, invest in enhancements to our cybersecurity capabilities, and engage in industry and government forums to promote advancements in our cybersecurity capabilities, as well as the broader financial services cybersecurity ecosystem. For more information on risks to us from cybersecurity threats, see “Operational risks, data security breaches, loss or leakage of data and other interruptions of our information technology systems or those of our third-party service providers may disrupt our business, compromise sensitive information related to our business, or prevent us from accessing critical information, which may result in losses or limit our growth.” in “Item 1A – Risk Factors” of this Form 10-K.
Cybersecurity Governance
Board Oversight
Our Board of Directors and Audit Committee are primarily responsible for overseeing and governing our cybersecurity risk management program. Our Board receives updates on cybersecurity and material cybersecurity risks as needed and at least annually by our Chief Compliance Officer or their designee.
Management's Role
Our CIO, who has 15 years experience in technology, has primary responsibility for assessing and managing material cybersecurity risks, including overseeing and identifying cybersecurity risks associated with our use of third party cybersecurity consultancy firms, and are members of management’s IT Steering Committee, which consists of management team members and certain employees who drive alignment on technology and security decisions across the Company. The IT Steering Committee meets monthly to review security performance metrics, identify security risks, and assess the status of approved security enhancements. The IT Steering Committee also considers and makes recommendations to management, the Board of Directors and the Audit Committee on security policies and procedures, security service requirements, and cybersecurity risk mitigation strategies.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based on frameworks established by the National Institute of Standards and Technology (“NIST”), the International Organization for Standardization and other applicable industry standards.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Board Oversight
Our Board of Directors and Audit Committee are primarily responsible for overseeing and governing our cybersecurity risk management program. Our Board receives updates on cybersecurity and material cybersecurity risks as needed and at least annually by our Chief Compliance Officer or their designee.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors and Audit Committee are primarily responsible for overseeing and governing our cybersecurity risk management program.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board receives updates on cybersecurity and material cybersecurity risks as needed and at least annually by our Chief Compliance Officer or their designee.
|Cybersecurity Risk Role of Management [Text Block]
|
Management's Role
Our CIO, who has 15 years experience in technology, has primary responsibility for assessing and managing material cybersecurity risks, including overseeing and identifying cybersecurity risks associated with our use of third party cybersecurity consultancy firms, and are members of management’s IT Steering Committee, which consists of management team members and certain employees who drive alignment on technology and security decisions across the Company. The IT Steering Committee meets monthly to review security performance metrics, identify security risks, and assess the status of approved security enhancements. The IT Steering Committee also considers and makes recommendations to management, the Board of Directors and the Audit Committee on security policies and procedures, security service requirements, and cybersecurity risk mitigation strategies.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|third party cybersecurity consultancy firms, and are members of management’s IT Steering Committee, which consists of management team members and certain employees who drive alignment on technology and security decisions across the Company.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our CIO, who has 15 years experience in technology, has primary responsibility for assessing and managing material cybersecurity risks, including overseeing and identifying cybersecurity risks associated with our use of third party cybersecurity consultancy firms, and are members of management’s IT Steering Committee, which consists of management team members and certain employees who drive alignment on technology and security decisions across the Company.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The IT Steering Committee meets monthly to review security performance metrics, identify security risks, and assess the status of approved security enhancements. The IT Steering Committee also considers and makes recommendations to management, the Board of Directors and the Audit Committee on security policies and procedures, security service requirements, and cybersecurity risk mitigation strategies.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef