Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Our ability to serve our clients depends on resilient technology and the secure handling of sensitive information. We rely on information systems and networks, often provided by third parties, to operate our business and deliver professional services. In the ordinary course, we process personal data and other confidential or proprietary information that is subject to contractual obligations and evolving privacy and security requirements. We have designed and are implementing a cybersecurity and information security program to manage risks to the confidentiality, integrity, and availability of our systems and the information we maintain or process. We continue to invest in enhancing our cybersecurity risk management practices and various other security controls. Our cybersecurity risk management activities are based on a hybrid of the NIST Cybersecurity Framework 2.0 and ISO 27001 standards, are coordinated with our broader enterprise risk management (ERM) processes and will continue to be integrated into our ERM program over time. Our program is designed to align cybersecurity risk identification, assessment, mitigation, and reporting with our ERM processes, including escalation protocols to senior management, our board’s risk and audit committees, and to the board of directors, as appropriate. Our cybersecurity and information security program is risk-based and is informed by generally accepted cybersecurity practices, internal and external assessments and testing, and threat intelligence, including information provided by third-party partners. We maintain processes to identify, assess, and prioritize cybersecurity risks based on likelihood and potential impact, including financial, operational, legal, and reputational considerations. We consider a range of threats, such as phishing and other social-engineering attacks (including those that may use deepfakes), credential theft, malware and ransomware, denial-of-service attacks, and supply‑chain events that affect critical service providers. We have also designed our cybersecurity and information security program to be multi-tiered and we have implemented and continue to enhance several key elements, including: •Developing and updating information security policies, standards, and procedures, including practices for data handling, identity and access management, incident response, and vendor management. We will continue to assess these materials in order to clarify roles and responsibilities, strengthen minimum control expectations for service providers, and enhance data handling standards. These policies will be reviewed periodically and updated to reflect evolving regulatory requirements, emerging threats, and changes in our business operations. •Security monitoring and response supported by a combination of internal resources and a managed security service provider (MSSP) that assists with monitoring, triage, and incident response activities. •Vulnerability management and independent testing, including periodic risk assessments and penetration testing, as well as tracking and prioritization of remediation efforts. •Security awareness training for personnel, including periodic communications and exercises intended to reduce the risk of phishing and other user‑focused threats, including mandatory training for personnel and periodic simulated phishing exercises. •Incident response preparedness, including response procedures and processes designed to support containment, investigation, recovery, fulfillment of relevant legal obligations, and post‑incident improvement. We have adopted an Incident Response Policy and maintain response procedures designed to support containment, investigation, recovery, and compliance with legal and regulatory obligations. We continue to enhance our documented response procedures, including our playbooks and escalation criteria. We are expanding our tabletop exercises and coordinate with our MSSP to support timely containment and recovery. We maintain defined escalation criteria to assess the severity and potential materiality of cybersecurity incidents, including processes to escalate incidents to senior management and, where appropriate, to the risk and audit committees and the board of directors. •Business continuity and disaster recovery planning intended to support operations during and after disruptive events, including periodic testing of recovery capabilities and including disruptions at third‑party service providers. We evaluate cybersecurity considerations as part of our processes for selecting and overseeing third-party vendors that handle sensitive information or provide critical services. We are enhancing our vendor risk management program through expanded risk-based diligence, use of contractual safeguards, and ongoing monitoring of critical service providers. These processes include assessing vendor security controls prior to engagement and periodically thereafter, particularly for vendors that process sensitive data or support critical systems. Given our reliance on third‑party platforms (including data centers, software‑as‑a‑service, and cloud providers), we address security and resilience throughout the vendor lifecycle. Even with these measures, no program can eliminate all risk, particularly when incidents originate at third parties we depend upon. When implementing significant technological changes and integrating acquisitions, business combinations and other strategic initiatives, we also consider cybersecurity and data protection risks. We use integration runbooks to align relevant operations with our cybersecurity policies, procedures, and control expectations. For a discussion of cybersecurity and technology-related risks relevant to our business, see Part I, Item 1A "Risk Factors—Risks Related to Information Technology, Infrastructure and Intellectual Property." We do not believe that any risks from known cybersecurity threats, including as a result of prior cybersecurity incidents, have materially affected us or are reasonably likely to materially affect us. This assessment is based on information known to us and our assessment of the nature, scope, and actual or potential impact of known cybersecurity threats and prior incidents, including considerations of financial impact, operational disruption, and reputational harm. This assessment is inherently uncertain and dependent on information available to us, and our processes for identifying, assessing and managing cybersecurity risks may not be sufficient to identify all such risks and incidents. Accordingly, cybersecurity threats or incidents could materially affect us in the future.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have designed and are implementing a cybersecurity and information security program to manage risks to the confidentiality, integrity, and availability of our systems and the information we maintain or process. We continue to invest in enhancing our cybersecurity risk management practices and various other security controls. Our cybersecurity risk management activities are based on a hybrid of the NIST Cybersecurity Framework 2.0 and ISO 27001 standards, are coordinated with our broader enterprise risk management (ERM) processes and will continue to be integrated into our ERM program over time. Our program is designed to align cybersecurity risk identification, assessment, mitigation, and reporting with our ERM processes, including escalation protocols to senior management, our board’s risk and audit committees, and to the board of directors, as appropriate.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our board of directors has overall responsibility for risk oversight, including oversight of cybersecurity and information technology risks. The board of directors carries out aspects of this oversight through the risk committee and audit committee. Cybersecurity and information technology risks are also addressed through our ERM processes, which are intended to support consistent identification, assessment, and escalation of key risks. The risk committee oversees cybersecurity risk and receives periodic updates on key trends, program initiatives, program effectiveness, and assessment results from management. The audit committee oversees cybersecurity and receives similar updates for risks pertaining to the integrity of financial systems, financial reporting, and financial disclosure controls. Management also updates the risk and audit committees, as appropriate, regarding significant cybersecurity incidents and response activities. Both the risk committee and the audit committee report to the full board of directors regarding these matters on a regular basis.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our board of directors has overall responsibility for risk oversight, including oversight of cybersecurity and information technology risks. The board of directors carries out aspects of this oversight through the risk committee and audit committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The risk committee oversees cybersecurity risk and receives periodic updates on key trends, program initiatives, program effectiveness, and assessment results from management. The audit committee oversees cybersecurity and receives similar updates for risks pertaining to the integrity of financial systems, financial reporting, and financial disclosure controls. Management also updates the risk and audit committees, as appropriate, regarding significant cybersecurity incidents and response activities. Both the risk committee and the audit committee report to the full board of directors regarding these matters on a regular basis.
Cybersecurity Risk Role of Management [Text Block]	Cybersecurity risk management is coordinated by an interim Chief Information Security Officer (“CISO”) and a cross-functional cybersecurity governance committee (the “Cybersecurity and Governance Committee”) led by the CISO and supported by stakeholders from functions including legal, risk management, finance, and technology. Our CISO has substantial experience as a CISO in financial services and has over 25 years of experience in technology and cybersecurity roles. He holds a Bachelor of Science degree in Cybersecurity and Risk Analysis, and holds globally recognized cybersecurity certifications, including a Certified Information Systems Security Professional (CISSP) certification and a Certified Information Security Manager (CISM) certification. This Cybersecurity Governance Committee sets cybersecurity priorities, oversees the implementation of key initiatives and controls, coordinates monitoring and incident response activities (including those performed by our MSSP), and supports cybersecurity considerations for significant technological changes and third-party relationships. The Cybersecurity Governance Committee meets frequently to review cybersecurity risk reporting, metrics, and remediation efforts and oversee incident escalation to senior management, to the risk and audit committees, and to the board of directors as appropriate. Our internal personnel who are involved in cybersecurity and information technology include professionals with expertise in areas such as IT operations, security administration, risk assessment, incident response, and compliance. We expect to increase cybersecurity staffing in targeted functions to work directly with our CISO to enhance our cybersecurity capabilities. In addition to our internal capabilities, we employ external service providers, such as our MSSP and specialized consultants, to provide independent validation of controls and practices, assist in the identification of emergent risks, and supplement internal capabilities.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Cybersecurity risk management is coordinated by an interim Chief Information Security Officer (“CISO”) and a cross-functional cybersecurity governance committee (the “Cybersecurity and Governance Committee”) led by the CISO and supported by stakeholders from functions including legal, risk management, finance, and technology. Our CISO has substantial experience as a CISO in financial services and has over 25 years of experience in technology and cybersecurity roles. He holds a Bachelor of Science degree in Cybersecurity and Risk Analysis, and holds globally recognized cybersecurity certifications, including a Certified Information Systems Security Professional (CISSP) certification and a Certified Information Security Manager (CISM) certification.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CISO has substantial experience as a CISO in financial services and has over 25 years of experience in technology and cybersecurity roles. He holds a Bachelor of Science degree in Cybersecurity and Risk Analysis, and holds globally recognized cybersecurity certifications, including a Certified Information Systems Security Professional (CISSP) certification and a Certified Information Security Manager (CISM) certification.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our board of directors has overall responsibility for risk oversight, including oversight of cybersecurity and information technology risks. The board of directors carries out aspects of this oversight through the risk committee and audit committee. Cybersecurity and information technology risks are also addressed through our ERM processes, which are intended to support consistent identification, assessment, and escalation of key risks. The risk committee oversees cybersecurity risk and receives periodic updates on key trends, program initiatives, program effectiveness, and assessment results from management. The audit committee oversees cybersecurity and receives similar updates for risks pertaining to the integrity of financial systems, financial reporting, and financial disclosure controls. Management also updates the risk and audit committees, as appropriate, regarding significant cybersecurity incidents and response activities. Both the risk committee and the audit committee report to the full board of directors regarding these matters on a regular basis.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Our ability to serve our clients depends on resilient technology and the secure handling of sensitive information. We rely on information systems and networks, often provided by third parties, to operate our business and deliver professional services. In the ordinary course, we process personal data and other confidential or proprietary information that is subject to contractual obligations and evolving privacy and security requirements.

We have designed and are implementing a cybersecurity and information security program to manage risks to the confidentiality, integrity, and availability of our systems and the information we maintain or process. We continue to invest in enhancing our cybersecurity risk management practices and various other security controls. Our cybersecurity risk management activities are based on a hybrid of the NIST Cybersecurity Framework 2.0 and ISO 27001 standards, are coordinated with our broader enterprise risk management (ERM) processes and will continue to be integrated into our ERM program over time. Our program is designed to align cybersecurity risk identification, assessment, mitigation, and reporting with our ERM processes, including escalation protocols to senior management, our board’s risk and audit committees, and to the board of directors, as appropriate.

Our cybersecurity and information security program is risk-based and is informed by generally accepted cybersecurity practices, internal and external assessments and testing, and threat intelligence, including information provided by third-party partners. We maintain processes to identify, assess, and prioritize cybersecurity risks based on likelihood and potential impact, including financial, operational, legal, and reputational considerations. We consider a range of threats, such as phishing and other social-engineering attacks (including those that may use deepfakes), credential theft, malware and ransomware, denial-of-service attacks, and supply‑chain events that affect critical service providers.

We have also designed our cybersecurity and information security program to be multi-tiered and we have implemented and continue to enhance several key elements, including:

•Developing and updating information security policies, standards, and procedures, including practices for data handling, identity and access management, incident response, and vendor management. We will continue to assess these materials in order to clarify roles and responsibilities, strengthen minimum control expectations for service providers, and enhance data handling standards. These policies will be reviewed periodically and updated to reflect evolving regulatory requirements, emerging threats, and changes in our business operations.

•Security monitoring and response supported by a combination of internal resources and a managed security service provider (MSSP) that assists with monitoring, triage, and incident response activities.

•Vulnerability management and independent testing, including periodic risk assessments and penetration testing, as well as tracking and prioritization of remediation efforts.

•Security awareness training for personnel, including periodic communications and exercises intended to reduce the risk of phishing and other user‑focused threats, including mandatory training for personnel and periodic simulated phishing exercises.

•Incident response preparedness, including response procedures and processes designed to support containment, investigation, recovery, fulfillment of relevant legal obligations, and post‑incident improvement. We have adopted an Incident Response Policy and maintain response procedures designed to support containment, investigation, recovery, and compliance with legal and regulatory obligations. We continue to enhance our documented response procedures, including our playbooks and escalation criteria. We are expanding our tabletop exercises and coordinate with our MSSP to support timely containment and recovery. We maintain defined escalation criteria to assess the severity and potential materiality of cybersecurity incidents, including processes to escalate incidents to senior management and, where appropriate, to the risk and audit committees and the board of directors.

•Business continuity and disaster recovery planning intended to support operations during and after disruptive events, including periodic testing of recovery capabilities and including disruptions at third‑party service providers.

We evaluate cybersecurity considerations as part of our processes for selecting and overseeing third-party vendors that handle sensitive information or provide critical services. We are enhancing our vendor risk management program through expanded risk-based diligence, use of contractual safeguards, and ongoing monitoring of critical service providers. These processes include assessing vendor security controls prior to engagement and periodically thereafter, particularly for vendors that process sensitive data or support critical systems. Given our reliance on third‑party platforms (including data centers, software‑as‑a‑service, and cloud providers), we address security and resilience throughout the vendor lifecycle.

Even with these measures, no program can eliminate all risk, particularly when incidents originate at third parties we depend upon.

When implementing significant technological changes and integrating acquisitions, business combinations and other strategic initiatives, we also consider cybersecurity and data protection risks. We use integration runbooks to align relevant operations with our cybersecurity policies, procedures, and control expectations.

For a discussion of cybersecurity and technology-related risks relevant to our business, see Part I, Item 1A "Risk Factors—Risks Related to Information Technology, Infrastructure and Intellectual Property." We do not believe that any risks from known cybersecurity threats, including as a result of prior cybersecurity incidents, have materially affected us or are reasonably likely to materially affect us. This assessment is based on information known to us and our assessment of the nature, scope, and actual or potential impact of known cybersecurity threats and prior incidents, including considerations of financial impact, operational disruption, and reputational harm. This assessment is inherently uncertain and dependent on information available to us, and our processes for identifying, assessing and managing cybersecurity risks may not be sufficient to identify all such risks and incidents. Accordingly, cybersecurity threats or incidents could materially affect us in the future.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our board of directors has overall responsibility for risk oversight, including oversight of cybersecurity and information technology risks. The board of directors carries out aspects of this oversight through the risk committee and audit committee. Cybersecurity and information technology risks are also addressed through our ERM processes, which are intended to support consistent identification, assessment, and escalation of key risks.

The risk committee oversees cybersecurity risk and receives periodic updates on key trends, program initiatives, program effectiveness, and assessment results from management. The audit committee oversees cybersecurity and receives similar updates for risks pertaining to the integrity of financial systems, financial reporting, and financial disclosure controls. Management also updates the risk and audit committees, as appropriate, regarding significant cybersecurity incidents and response activities. Both the risk committee and the audit committee report to the full board of directors regarding these matters on a regular basis.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity risk management is coordinated by an interim Chief Information Security Officer (“CISO”) and a cross-functional cybersecurity governance committee (the “Cybersecurity and Governance Committee”) led by the CISO and supported by stakeholders from functions including legal, risk management, finance, and technology. Our CISO has substantial experience as a CISO in financial services and has over 25 years of experience in technology and cybersecurity roles. He holds a Bachelor of Science degree in Cybersecurity and Risk Analysis, and holds globally recognized cybersecurity certifications, including a Certified Information Systems Security Professional (CISSP) certification and a Certified Information Security Manager (CISM) certification.

This Cybersecurity Governance Committee sets cybersecurity priorities, oversees the implementation of key initiatives and controls, coordinates monitoring and incident response activities (including those performed by our MSSP), and supports cybersecurity considerations for significant technological changes and third-party relationships. The Cybersecurity Governance Committee meets frequently to review cybersecurity risk reporting, metrics, and remediation efforts and oversee incident escalation to senior management, to the risk and audit committees, and to the board of directors as appropriate.

Our internal personnel who are involved in cybersecurity and information technology include professionals with expertise in areas such as IT operations, security administration, risk assessment, incident response, and compliance. We expect to increase cybersecurity staffing in targeted functions to work directly with our CISO to enhance our cybersecurity capabilities. In addition to our internal capabilities, we employ external service providers, such as our MSSP and specialized consultants, to provide independent validation of controls and practices, assist in the identification of emergent risks, and supplement internal capabilities.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CISO has substantial experience as a CISO in financial services and has over 25 years of experience in technology and cybersecurity roles. He holds a Bachelor of Science degree in Cybersecurity and Risk Analysis, and holds globally recognized cybersecurity certifications, including a Certified Information Systems Security Professional (CISSP) certification and a Certified Information Security Manager (CISM) certification.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true