Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	ITEM 1C. CYBERSECURITY We take our responsibility for the privacy and security of the information our customers share with us seriously. Through our cybersecurity program, we continuously watch for threats to our systems and make real-time adjustments to our defenses to protect customer data and minimize service disruptions. We identify and assess cybersecurity risks on an ongoing basis by maintaining a cybersecurity program that involves a defense-in-depth approach with multiple layers of security controls to protect our environment. We have invested in and deployed a security operating model involving people, processes, and technology that is designed to protect against potential and known cybersecurity risks and threats. Our cybersecurity program involves collaboration with partners, including financial industry groups, to understand and incorporate best practices and engage in cybersecurity threat intelligence sharing. Our security operations team includes cyber threat intelligence, threat hunting, and cybersecurity engineers and analysts, who are working directly with third parties to monitor the threat landscape. Alerts from monitoring are analyzed by our security teams for preemptive engagement to avoid or minimize the impact of potential cyber threats. We rely on third-party cybersecurity software tools and services to enhance cybersecurity functions such as incident logging, network monitoring, detecting and blocking malicious attacks, as well as to govern identity and access management, and for security operations and data loss prevention. We utilize an internal global incident management team, comprised of executive and senior management-level personnel, that is responsible for oversight of our business resiliency and cybersecurity incident response programs. Our cybersecurity incident response team works closely with the business continuity, disaster recovery, and crisis management functions to plan, prepare, and practice response to simulated cybersecurity incident scenarios for response readiness. In the event of a cybersecurity incident, our incident response team would assess whether to engage the support of law enforcement or other third parties. In addition to our cybersecurity incident response team, we have retainers with leading incident response organizations to augment response activities, if needed. We also conduct one or more annual cybersecurity incident response tabletop exercises with senior management and third-party experts to test our incident response plan and enhance our readiness for a potential cybersecurity incident. Additionally, we carry cybersecurity insurance to help reduce financial risk posed by cybersecurity incidents. Additionally, we engage an external firm to conduct an annual System and Organization Controls 2 Type 2 examination of certain cybersecurity controls. Our internal audit organization also provides independent assurance of the cybersecurity program through related audit engagements to complement external assessments and reviews. Additional third parties are engaged, as needed, to perform risk assessments, penetration testing, and other services related to cybersecurity. Cybersecurity risks associated with third-party service providers are managed in accordance with our Third-Party Risk Management (TPRM) program. Components of this program include cybersecurity due diligence and review of contractual terms with third parties that access our network or sensitive information. The TPRM program works to conduct appropriate review of all new third parties and performs ongoing monitoring of our existing relationships based on the risk presented by the third-party. As part of our cybersecurity program, we perform an annual cybersecurity risk assessment to evaluate our cybersecurity program and related controls. The cybersecurity risk assessment is informed by the guidelines published by the National Institute of Standards and Technology, which are aimed at identifying and determining the potential impact of threats and vulnerabilities and assessing the controls in place to mitigate those threats and vulnerabilities. Risks from cybersecurity threats have not materially affected, and are not reasonably likely to materially affect, our business strategy, operations, or financial condition. Management’s role in assessing and managing cybersecurity risks is led by our Chief Information Security Officer (CISO), who is a senior vice president and officer of the Company. As of the date of this report, our CISO has over twenty years of experience in information security leadership, including leading threat and vulnerability management, cybersecurity operations and cybersecurity defense, cybersecurity incident response, and technology risk management. He holds a bachelor’s degree in computer science and several professional qualifications, including Certified Information Systems Security Professional and Information Systems Security Management Professional. The responsibilities of prevention, detection, mitigation, and remediation of cybersecurity incidents are allocated across the CISO's organization, and each organizational unit reports risks and incidents to the CISO, who in turn informs other senior management of cybersecurity incidents that may be material to the company. Our cybersecurity program is overseen by the Information Security Committee (ISC), a cross-functional management committee whose membership include the CISO, Chief Risk Officer (CRO), Chief Technology Officer, Chief Compliance Officer, and others. Members of the ISC possess substantial experience in risk management, finance, and information security. The ISC is responsible for ensuring that the cybersecurity strategy and program align with our overall risk strategy. Our TPRM program is governed by the TPRM Steering Committee, a cross-functional leadership team with representation from sourcing, compliance, legal, information security, and enterprise risk. The committee provides guidance and oversight for the TPRM policy and program framework to manage risks associated with third-party vendors. The TPRM Steering Committee also ensures that the TPRM program and strategy remain aligned with our broader business objectives. Both the TPRM Steering Committee and the ISC escalate relevant risks to our Executive Risk Management Committee (ERMC), which is comprised of senior leaders from our corporate functions and business segments. The ERMC oversees our enterprise-wide risk management framework and ensures strategic alignment across the organization. The ERMC is chaired by the CRO, who maintains a direct line of communication with the Risk and Finance Committee (RFC) of our board of directors.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We identify and assess cybersecurity risks on an ongoing basis by maintaining a cybersecurity program that involves a defense-in-depth approach with multiple layers of security controls to protect our environment. We have invested in and deployed a security operating model involving people, processes, and technology that is designed to protect against potential and known cybersecurity risks and threats. Our cybersecurity program involves collaboration with partners, including financial industry groups, to understand and incorporate best practices and engage in cybersecurity threat intelligence sharing. Our security operations team includes cyber threat intelligence, threat hunting, and cybersecurity engineers and analysts, who are working directly with third parties to monitor the threat landscape. Alerts from monitoring are analyzed by our security teams for preemptive engagement to avoid or minimize the impact of potential cyber threats. We rely on third-party cybersecurity software tools and services to enhance cybersecurity functions such as incident logging, network monitoring, detecting and blocking malicious attacks, as well as to govern identity and access management, and for security operations and data loss prevention.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	As part of our cybersecurity program, we perform an annual cybersecurity risk assessment to evaluate our cybersecurity program and related controls. The cybersecurity risk assessment is informed by the guidelines published by the National Institute of Standards and Technology, which are aimed at identifying and determining the potential impact of threats and vulnerabilities and assessing the controls in place to mitigate those threats and vulnerabilities. Risks from cybersecurity threats have not materially affected, and are not reasonably likely to materially affect, our business strategy, operations, or financial condition.
Cybersecurity Risk Board of Directors Oversight [Text Block]	The RFC is the board committee that oversees our cybersecurity risk management. Our CISO makes quarterly reports to the RFC about material cybersecurity risks, updates to the cybersecurity program, metrics that evaluate the effectiveness of the cybersecurity program, material cybersecurity incidents and remediation plans. The RFC also receives timely reports from the CISO when there are significant cybersecurity incidents or updates to the cybersecurity risk assessment. The board of directors also takes an active role in overseeing cybersecurity risk, including receiving an annual report from the CISO that provides an overview of the status and effectiveness of our cybersecurity risk management program and participating in cybersecurity incident response tabletop exercises. See "Quantitative and Qualitative Disclosures About Market Risk" contained herein in Item 7A for further information. Also see "Risk Factors" included in Item 1A for additional information regarding cybersecurity risk.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Risk and Finance Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our CISO makes quarterly reports to the RFC about material cybersecurity risks, updates to the cybersecurity program, metrics that evaluate the effectiveness of the cybersecurity program, material cybersecurity incidents and remediation plans. The RFC also receives timely reports from the CISO when there are significant cybersecurity incidents or updates to the cybersecurity risk assessment.
Cybersecurity Risk Role of Management [Text Block]	Management’s role in assessing and managing cybersecurity risks is led by our Chief Information Security Officer (CISO), who is a senior vice president and officer of the Company. As of the date of this report, our CISO has over twenty years of experience in information security leadership, including leading threat and vulnerability management, cybersecurity operations and cybersecurity defense, cybersecurity incident response, and technology risk management. He holds a bachelor’s degree in computer science and several professional qualifications, including Certified Information Systems Security Professional and Information Systems Security Management Professional. The responsibilities of prevention, detection, mitigation, and remediation of cybersecurity incidents are allocated across the CISO's organization, and each organizational unit reports risks and incidents to the CISO, who in turn informs other senior management of cybersecurity incidents that may be material to the company. Our cybersecurity program is overseen by the Information Security Committee (ISC), a cross-functional management committee whose membership include the CISO, Chief Risk Officer (CRO), Chief Technology Officer, Chief Compliance Officer, and others. Members of the ISC possess substantial experience in risk management, finance, and information security. The ISC is responsible for ensuring that the cybersecurity strategy and program align with our overall risk strategy. Our TPRM program is governed by the TPRM Steering Committee, a cross-functional leadership team with representation from sourcing, compliance, legal, information security, and enterprise risk. The committee provides guidance and oversight for the TPRM policy and program framework to manage risks associated with third-party vendors. The TPRM Steering Committee also ensures that the TPRM program and strategy remain aligned with our broader business objectives. Both the TPRM Steering Committee and the ISC escalate relevant risks to our Executive Risk Management Committee (ERMC), which is comprised of senior leaders from our corporate functions and business segments. The ERMC oversees our enterprise-wide risk management framework and ensures strategic alignment across the organization. The ERMC is chaired by the CRO, who maintains a direct line of communication with the Risk and Finance Committee (RFC) of our board of directors.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Management’s role in assessing and managing cybersecurity risks is led by our Chief Information Security Officer (CISO)
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	As of the date of this report, our CISO has over twenty years of experience in information security leadership, including leading threat and vulnerability management, cybersecurity operations and cybersecurity defense, cybersecurity incident response, and technology risk management. He holds a bachelor’s degree in computer science and several professional qualifications, including Certified Information Systems Security Professional and Information Systems Security Management Professional.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our CISO makes quarterly reports to the RFC about material cybersecurity risks, updates to the cybersecurity program, metrics that evaluate the effectiveness of the cybersecurity program, material cybersecurity incidents and remediation plans. The RFC also receives timely reports from the CISO when there are significant cybersecurity incidents or updates to the cybersecurity risk assessment.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C. CYBERSECURITY

We take our responsibility for the privacy and security of the information our customers share with us seriously. Through our cybersecurity program, we continuously watch for threats to our systems and make real-time adjustments to our defenses to protect customer data and minimize service disruptions.

We identify and assess cybersecurity risks on an ongoing basis by maintaining a cybersecurity program that involves a defense-in-depth approach with multiple layers of security controls to protect our environment. We have invested in and deployed a security operating model involving people, processes, and technology that is designed to protect against potential and known cybersecurity risks and threats. Our cybersecurity program involves collaboration with partners, including financial industry groups, to understand and incorporate best practices and engage in cybersecurity threat intelligence sharing. Our security operations team includes cyber threat intelligence, threat hunting, and cybersecurity engineers and analysts, who are working directly with third parties to monitor the threat landscape. Alerts from monitoring are analyzed by our security teams for

preemptive engagement to avoid or minimize the impact of potential cyber threats. We rely on third-party cybersecurity software tools and services to enhance cybersecurity functions such as incident logging, network monitoring, detecting and blocking malicious attacks, as well as to govern identity and access management, and for security operations and data loss prevention.

We utilize an internal global incident management team, comprised of executive and senior management-level personnel, that is responsible for oversight of our business resiliency and cybersecurity incident response programs. Our cybersecurity incident response team works closely with the business continuity, disaster recovery, and crisis management functions to plan, prepare, and practice response to simulated cybersecurity incident scenarios for response readiness. In the event of a cybersecurity incident, our incident response team would assess whether to engage the support of law enforcement or other third parties. In addition to our cybersecurity incident response team, we have retainers with leading incident response organizations to augment response activities, if needed. We also conduct one or more annual cybersecurity incident response tabletop exercises with senior management and third-party experts to test our incident response plan and enhance our readiness for a potential cybersecurity incident. Additionally, we carry cybersecurity insurance to help reduce financial risk posed by cybersecurity incidents.

Additionally, we engage an external firm to conduct an annual System and Organization Controls 2 Type 2 examination of certain cybersecurity controls. Our internal audit organization also provides independent assurance of the cybersecurity program through related audit engagements to complement external assessments and reviews. Additional third parties are engaged, as needed, to perform risk assessments, penetration testing, and other services related to cybersecurity.

Cybersecurity risks associated with third-party service providers are managed in accordance with our Third-Party Risk Management (TPRM) program. Components of this program include cybersecurity due diligence and review of contractual terms with third parties that access our network or sensitive information. The TPRM program works to conduct appropriate review of all new third parties and performs ongoing monitoring of our existing relationships based on the risk presented by the third-party.

As part of our cybersecurity program, we perform an annual cybersecurity risk assessment to evaluate our cybersecurity program and related controls. The cybersecurity risk assessment is informed by the guidelines published by the National Institute of Standards and Technology, which are aimed at identifying and determining the potential impact of threats and vulnerabilities and assessing the controls in place to mitigate those threats and vulnerabilities. Risks from cybersecurity threats have not materially affected, and are not reasonably likely to materially affect, our business strategy, operations, or financial condition.

Management’s role in assessing and managing cybersecurity risks is led by our Chief Information Security Officer (CISO), who is a senior vice president and officer of the Company. As of the date of this report, our CISO has over twenty years of experience in information security leadership, including leading threat and vulnerability management, cybersecurity operations and cybersecurity defense, cybersecurity incident response, and technology risk management. He holds a bachelor’s degree in computer science and several professional qualifications, including Certified Information Systems Security Professional and Information Systems Security Management Professional. The responsibilities of prevention, detection, mitigation, and remediation of cybersecurity incidents are allocated across the CISO's organization, and each organizational unit reports risks and incidents to the CISO, who in turn informs other senior management of cybersecurity incidents that may be material to the company.

Our cybersecurity program is overseen by the Information Security Committee (ISC), a cross-functional management committee whose membership include the CISO, Chief Risk Officer (CRO), Chief Technology Officer, Chief Compliance Officer, and others. Members of the ISC possess substantial experience in risk management, finance, and information security. The ISC is responsible for ensuring that the cybersecurity strategy and program align with our overall risk strategy. Our TPRM program is governed by the TPRM Steering Committee, a cross-functional leadership team with representation from sourcing, compliance, legal, information security, and enterprise risk. The committee provides guidance and oversight for the TPRM policy and program framework to manage risks associated with third-party vendors. The TPRM Steering Committee also ensures that the TPRM program and strategy remain aligned with our broader business objectives.

Both the TPRM Steering Committee and the ISC escalate relevant risks to our Executive Risk Management Committee (ERMC), which is comprised of senior leaders from our corporate functions and business segments. The ERMC oversees our

enterprise-wide risk management framework and ensures strategic alignment across the organization. The ERMC is chaired by the CRO, who maintains a direct line of communication with the Risk and Finance Committee (RFC) of our board of directors.

Cybersecurity Risk Management Processes Integrated [Text Block]

We identify and assess cybersecurity risks on an ongoing basis by maintaining a cybersecurity program that involves a defense-in-depth approach with multiple layers of security controls to protect our environment. We have invested in and deployed a security operating model involving people, processes, and technology that is designed to protect against potential and known cybersecurity risks and threats. Our cybersecurity program involves collaboration with partners, including financial industry groups, to understand and incorporate best practices and engage in cybersecurity threat intelligence sharing. Our security operations team includes cyber threat intelligence, threat hunting, and cybersecurity engineers and analysts, who are working directly with third parties to monitor the threat landscape. Alerts from monitoring are analyzed by our security teams for

preemptive engagement to avoid or minimize the impact of potential cyber threats. We rely on third-party cybersecurity software tools and services to enhance cybersecurity functions such as incident logging, network monitoring, detecting and blocking malicious attacks, as well as to govern identity and access management, and for security operations and data loss prevention.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

As part of our cybersecurity program, we perform an annual cybersecurity risk assessment to evaluate our cybersecurity program and related controls. The cybersecurity risk assessment is informed by the guidelines published by the National Institute of Standards and Technology, which are aimed at identifying and determining the potential impact of threats and vulnerabilities and assessing the controls in place to mitigate those threats and vulnerabilities. Risks from cybersecurity threats have not materially affected, and are not reasonably likely to materially affect, our business strategy, operations, or financial condition.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Risk and Finance Committee

Cybersecurity Risk Role of Management [Text Block]

Management’s role in assessing and managing cybersecurity risks is led by our Chief Information Security Officer (CISO), who is a senior vice president and officer of the Company. As of the date of this report, our CISO has over twenty years of experience in information security leadership, including leading threat and vulnerability management, cybersecurity operations and cybersecurity defense, cybersecurity incident response, and technology risk management. He holds a bachelor’s degree in computer science and several professional qualifications, including Certified Information Systems Security Professional and Information Systems Security Management Professional. The responsibilities of prevention, detection, mitigation, and remediation of cybersecurity incidents are allocated across the CISO's organization, and each organizational unit reports risks and incidents to the CISO, who in turn informs other senior management of cybersecurity incidents that may be material to the company.

Our cybersecurity program is overseen by the Information Security Committee (ISC), a cross-functional management committee whose membership include the CISO, Chief Risk Officer (CRO), Chief Technology Officer, Chief Compliance Officer, and others. Members of the ISC possess substantial experience in risk management, finance, and information security. The ISC is responsible for ensuring that the cybersecurity strategy and program align with our overall risk strategy. Our TPRM program is governed by the TPRM Steering Committee, a cross-functional leadership team with representation from sourcing, compliance, legal, information security, and enterprise risk. The committee provides guidance and oversight for the TPRM policy and program framework to manage risks associated with third-party vendors. The TPRM Steering Committee also ensures that the TPRM program and strategy remain aligned with our broader business objectives.

Both the TPRM Steering Committee and the ISC escalate relevant risks to our Executive Risk Management Committee (ERMC), which is comprised of senior leaders from our corporate functions and business segments. The ERMC oversees our

enterprise-wide risk management framework and ensures strategic alignment across the organization. The ERMC is chaired by the CRO, who maintains a direct line of communication with the Risk and Finance Committee (RFC) of our board of directors.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Management’s role in assessing and managing cybersecurity risks is led by our Chief Information Security Officer (CISO)

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our CISO makes quarterly reports to the RFC about material cybersecurity risks, updates to the cybersecurity program, metrics that evaluate the effectiveness of the cybersecurity program, material cybersecurity incidents and remediation plans. The RFC also receives timely reports from the CISO when there are significant cybersecurity incidents or updates to the cybersecurity risk assessment.