|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
As a cloud-based SaaS provider operating within the financial services industry, cybersecurity risk management is a critical part of our overall risk management efforts. We maintain Cyber Security and Technology Risk programs that are comprised of policies and controls designed to mitigate cybersecurity and other technology risks. We continuously work to enhance these Cyber Security and Technology Risk programs, though we acknowledge that, at any given time, we may face known and unknown cybersecurity risks and threats that are not fully mitigated.
In order to identify, assess, and manage our cybersecurity risks, we use a risk management framework informed by industry standards and industry-recognized practices, including the National Institute of Standards and Technology and the Secure Controls Framework. We perform periodic technology risk assessments based on these frameworks to identify and assess risks from cybersecurity threats and review the efficacy of our controls. These risk assessments include security assessments, vulnerability assessments, penetration testing, and security audits, and we also engage third-party security experts and consultants to assist with assessments and enhancements of our cybersecurity risk management processes, and provide benchmarks against industry practices. Using the results of these assessments, we have developed risk mitigation strategies that include a variety of technical and operational measures, such as cybersecurity training and compliance programs for all employees with access to our information systems. In addition, we maintain specific policies and practices governing our third-party risks, including our third-party risk management process. Our third-party risk management process uses a number of approaches, including consultation with outside specialists, to assess potential risks associated with third parties’ security controls. Generally, we also contractually require third parties who have access to our data and systems to, among other things, maintain security controls to protect our confidential information and data, and notify us of cybersecurity incidents that may impact our data.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We maintain Cyber Security and Technology Risk programs that are comprised of policies and controls designed to mitigate cybersecurity and other technology risks. We continuously work to enhance these Cyber Security and Technology Risk programs, though we acknowledge that, at any given time, we may face known and unknown cybersecurity risks and threats that are not fully mitigated.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Assessing, identifying, and managing our cybersecurity and technology risks is also part of our enterprise risk management (“ERM”) framework. Our ERM framework and associated process is designed to evaluate the Company’s most significant risks, including, as applicable, cybersecurity and technology risks. The ERM framework and associated process is directly overseen by a management-led Risk Management Committee (the “RMC”) that meets on a regular basis and is comprised of our CEO, COO, General Counsel, CTO, Head of Transformation, and CISO.
The RMC, as supported by individual risk managers for each line of business, also maintains reports regarding the assessment, identification, and management of our enterprise risks for the Board to periodically review. The CISO also presents to the Board on cybersecurity risks on an approximately annual basis and the Board, through these periodic reports it receives from the RMC and the presentations by the CISO, maintains involvement with and oversight over the Company’s cybersecurity risks. As part of our Cyber Security and Technology Risk programs, the Company has also established an incident response process to track and log cybersecurity incidents. This process provides for escalating notifications to our CEO and Board depending on the nature and severity of an incident.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Risk Management Committee (the “RMC”)
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The ERM framework and associated process is directly overseen by a management-led Risk Management Committee (the “RMC”) that meets on a regular basis and is comprised of our CEO, COO, General Counsel, CTO, Head of Transformation, and CISO.
|Cybersecurity Risk Role of Management [Text Block]
|As part of our Cyber Security and Technology Risk programs, the Company has also established an incident response process to track and log cybersecurity incidents. This process provides for escalating notifications to our CEO and Board depending on the nature and severity of an incident.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer (“CISO”)
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Information Security Officer (“CISO”) has over 20 years of industry experience and leads a dedicated Cybersecurity, and Governance, Risk and Compliance (“GRC”) team that is responsible for managing the cybersecurity, technology risk management, and cyber continual improvement programs, as well as other activities designed to identify, assess, manage and treat risks, and respond to threats or incidents
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The RMC, as supported by individual risk managers for each line of business, also maintains reports regarding the assessment, identification, and management of our enterprise risks for the Board to periodically review. The CISO also presents to the Board on cybersecurity risks on an approximately annual basis and the Board, through these periodic reports it receives from the RMC and the presentations by the CISO, maintains involvement with and oversight over the Company’s cybersecurity risks. As part of our Cyber Security and Technology Risk programs, the Company has also established an incident response process to track and log cybersecurity incidents. This process provides for escalating notifications to our CEO and Board depending on the nature and severity of an incident.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef