Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Our Board, through the Risk Committee and the Cyber Subcommittee, receives regular updates and reporting from management on cyber and information security matters, including information related to third-party assessments of Valley’s information security program, as well as a wide range of topics such as recent developments, evolving standards, Valley’s vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to Valley’s peers and third parties. On an annual basis, the Board and its Risk Committee discuss Valley’s approach to cyber and information security risk management. Senior management is briefed by our information security team on cyber and information security matters, preparedness and any incidents requiring the attention of our security incident response team.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Our cyber and information security risk management framework and strategy is focused on the following key areas: Identification, Protection and Detection. Valley maintains a threat team and internal committees to identify any new threats and risks to its information systems. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile through various methods including, for example, using manual and automated tools, subscribing to threat intelligence reports and services, analyzing threats and threat actors, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and conducting threat and vulnerability assessments.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance. Having the appropriate governance structure in place is critical to the functioning of our cyber and information security risk framework. As noted above, our Board has primary oversight responsibility for our cyber and information security risk, and it performs this oversight function primarily through its Risk Committee, which reports to the full Board. Additionally, to keep pace with the speed of disruptive innovation and associated cyber risks, the Board has established a dedicated Cyber & Technology Risk Subcommittee (the “Cyber Subcommittee”) that reports to the Risk Committee. The Risk Committee, through the Cyber Subcommittee, oversees the Company’s cybersecurity risk profile, prevalent cybersecurity risks, our enterprise information security program and key enterprise information security initiatives.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	We also have a team of employees, including at the senior management level, who are dedicated to assisting the Board in fulfilling its oversight responsibility for cyber and information security. Valley’s Chief Information Security Officer (CISO), who is responsible for developing and implementing our cyber and information security program, has over 24 years of experience leading cyber security oversight and holds a CRISC certification, and others on our information security team have cybersecurity experience or certifications. The CISO and Director of Cyber Risk Management each participate in all meetings of the Cyber Subcommittee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our cyber and information security risk management framework and strategy is focused on the following key areas: Identification, Protection and Detection. Valley maintains a threat team and internal committees to identify any new threats and risks to its information systems. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile through various methods including, for example, using manual and automated tools, subscribing to threat intelligence reports and services, analyzing threats and threat actors, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and conducting threat and vulnerability assessments. Technical Safeguards. Valley also deploys technical safeguards that are designed to protect Valley’s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, continuous scanning of our environments for potential weaknesses, behavioral-based protections against malware and filtering of inbound emails to protect the firm against phishing attacks. The effectiveness of these safeguards is evaluated through vulnerability assessments and cybersecurity threat intelligence with the goal of implementing improvements as needed. Third-Party Risk Management. Valley maintains a risk-based approach to identifying and overseeing cybersecurity risks presented by vendors, service providers and other third parties, as well as the systems of third parties that could adversely impact its business in the event of a cybersecurity incident affecting those third-party systems. We have integrated security reviews into the third-party vendor management program. We assess third-party cybersecurity controls and include security and privacy provisions in our contracts where applicable. However, ultimately, we rely on the third parties we use to implement information security programs commensurate with the relevant risk, and we cannot ensure in all circumstances that their efforts will be successful. Education and Awareness. Valley provides mandatory cybersecurity training at least annually for all employees, which is intended to equip them with tools to identify and address cybersecurity threats, and to communicate Valley’s evolving information security policies, standards, processes and practices. We also require employees in certain roles to complete additional role-based, specialized cyber and information security training.
Cybersecurity Risk Role of Management [Text Block]	Risk Management and Strategy Our cyber and information security risk management framework and strategy is focused on the following key areas: Identification, Protection and Detection. Valley maintains a threat team and internal committees to identify any new threats and risks to its information systems. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile through various methods including, for example, using manual and automated tools, subscribing to threat intelligence reports and services, analyzing threats and threat actors, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and conducting threat and vulnerability assessments. Technical Safeguards. Valley also deploys technical safeguards that are designed to protect Valley’s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, continuous scanning of our environments for potential weaknesses, behavioral-based protections against malware and filtering of inbound emails to protect the firm against phishing attacks. The effectiveness of these safeguards is evaluated through vulnerability assessments and cybersecurity threat intelligence with the goal of implementing improvements as needed. Third-Party Risk Management. Valley maintains a risk-based approach to identifying and overseeing cybersecurity risks presented by vendors, service providers and other third parties, as well as the systems of third parties that could adversely impact its business in the event of a cybersecurity incident affecting those third-party systems. We have integrated security reviews into the third-party vendor management program. We assess third-party cybersecurity controls and include security and privacy provisions in our contracts where applicable. However, ultimately, we rely on the third parties we use to implement information security programs commensurate with the relevant risk, and we cannot ensure in all circumstances that their efforts will be successful. Education and Awareness. Valley provides mandatory cybersecurity training at least annually for all employees, which is intended to equip them with tools to identify and address cybersecurity threats, and to communicate Valley’s evolving information security policies, standards, processes and practices. We also require employees in certain roles to complete additional role-based, specialized cyber and information security training. Incident Response and Recovery Planning. Valley maintains incident response and recovery plans that are intended to assist in Valley’s response to a cyber or information security incident, and such plans are evaluated on a regular basis. In the event of an incident, we intend to follow our incident response plan, which outlines the steps to be followed from incident detection to eradication, recovery and notification, including notifying functional areas (e.g., legal), as well as senior management and the Board, as appropriate. As part of these plans, we have also implemented controls and procedures providing for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents, including to regulators and governmental agencies, can be made by management in a timely manner. Outside Consultants. While we have deployed personnel to perform testing and oversight functions internally, we also leverage external consultants and other tools to test the effectiveness of our operating environment and the protection of our data. We engage third parties to perform assessments on our cybersecurity measures, including information security maturity assessments, audits and reviews of our information security control environment and operating effectiveness. These assessment efforts include a wide range of activities such as tabletop exercises, vulnerability testing, and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. The results of these assessments are reported to the Risk Committee and the Board. Valley adjusts its cyber and information security program as necessary based on the information provided by these assessments, audits and reviews.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Governance. Having the appropriate governance structure in place is critical to the functioning of our cyber and information security risk framework. As noted above, our Board has primary oversight responsibility for our cyber and information security risk, and it performs this oversight function primarily through its Risk Committee, which reports to the full Board. Additionally, to keep pace with the speed of disruptive innovation and associated cyber risks, the Board has established a dedicated Cyber & Technology Risk Subcommittee (the “Cyber Subcommittee”) that reports to the Risk Committee. The Risk Committee, through the Cyber Subcommittee, oversees the Company’s cybersecurity risk profile, prevalent cybersecurity risks, our enterprise information security program and key enterprise information security initiatives.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	We also have a team of employees, including at the senior management level, who are dedicated to assisting the Board in fulfilling its oversight responsibility for cyber and information security. Valley’s Chief Information Security Officer (CISO), who is responsible for developing and implementing our cyber and information security program, has over 24 years of experience leading cyber security oversight and holds a CRISC certification, and others on our information security team have cybersecurity experience or certifications. The CISO and Director of Cyber Risk Management each participate in all meetings of the Cyber Subcommittee.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Risk Management and Strategy Our cyber and information security risk management framework and strategy is focused on the following key areas: Identification, Protection and Detection. Valley maintains a threat team and internal committees to identify any new threats and risks to its information systems. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile through various methods including, for example, using manual and automated tools, subscribing to threat intelligence reports and services, analyzing threats and threat actors, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and conducting threat and vulnerability assessments. Technical Safeguards. Valley also deploys technical safeguards that are designed to protect Valley’s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, continuous scanning of our environments for potential weaknesses, behavioral-based protections against malware and filtering of inbound emails to protect the firm against phishing attacks. The effectiveness of these safeguards is evaluated through vulnerability assessments and cybersecurity threat intelligence with the goal of implementing improvements as needed. Third-Party Risk Management. Valley maintains a risk-based approach to identifying and overseeing cybersecurity risks presented by vendors, service providers and other third parties, as well as the systems of third parties that could adversely impact its business in the event of a cybersecurity incident affecting those third-party systems. We have integrated security reviews into the third-party vendor management program. We assess third-party cybersecurity controls and include security and privacy provisions in our contracts where applicable. However, ultimately, we rely on the third parties we use to implement information security programs commensurate with the relevant risk, and we cannot ensure in all circumstances that their efforts will be successful. Education and Awareness. Valley provides mandatory cybersecurity training at least annually for all employees, which is intended to equip them with tools to identify and address cybersecurity threats, and to communicate Valley’s evolving information security policies, standards, processes and practices. We also require employees in certain roles to complete additional role-based, specialized cyber and information security training. Incident Response and Recovery Planning. Valley maintains incident response and recovery plans that are intended to assist in Valley’s response to a cyber or information security incident, and such plans are evaluated on a regular basis. In the event of an incident, we intend to follow our incident response plan, which outlines the steps to be followed from incident detection to eradication, recovery and notification, including notifying functional areas (e.g., legal), as well as senior management and the Board, as appropriate. As part of these plans, we have also implemented controls and procedures providing for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents, including to regulators and governmental agencies, can be made by management in a timely manner.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

We also have a team of employees, including at the senior management level, who are dedicated to assisting the Board in fulfilling its oversight responsibility for cyber and information security. Valley’s Chief Information Security Officer (CISO), who is responsible for developing and implementing our cyber and information security program, has over 24 years of experience leading cyber security oversight and holds a CRISC certification, and others on our information security team have cybersecurity experience or certifications. The CISO and Director of Cyber Risk Management each participate in all meetings of the Cyber Subcommittee.

Cybersecurity Risk Role of Management [Text Block]

Risk Management and Strategy

Our cyber and information security risk management framework and strategy is focused on the following key areas:

Identification, Protection and Detection. Valley maintains a threat team and internal committees to identify any new threats and risks to its information systems. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile through various methods including, for example, using manual and automated tools, subscribing to threat intelligence reports and services, analyzing threats and threat actors, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and conducting threat and vulnerability assessments.

Technical Safeguards. Valley also deploys technical safeguards that are designed to protect Valley’s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, continuous scanning of our environments for potential weaknesses, behavioral-based protections against malware and filtering of inbound emails to protect the firm against phishing attacks. The effectiveness of these safeguards is evaluated through vulnerability assessments and cybersecurity threat intelligence with the goal of implementing improvements as needed.

Third-Party Risk Management. Valley maintains a risk-based approach to identifying and overseeing cybersecurity risks presented by vendors, service providers and other third parties, as well as the systems of third parties that could adversely impact its business in the event of a cybersecurity incident affecting those third-party systems. We have integrated security reviews into the third-party vendor management program. We assess third-party cybersecurity controls and include security and privacy provisions in our contracts where applicable. However, ultimately, we rely on the third parties we use to implement information security programs commensurate with the relevant risk, and we cannot ensure in all circumstances that their efforts will be successful.

Education and Awareness. Valley provides mandatory cybersecurity training at least annually for all employees, which is intended to equip them with tools to identify and address cybersecurity threats, and to communicate Valley’s evolving

information security policies, standards, processes and practices. We also require employees in certain roles to complete additional role-based, specialized cyber and information security training.

Incident Response and Recovery Planning. Valley maintains incident response and recovery plans that are intended to assist in Valley’s response to a cyber or information security incident, and such plans are evaluated on a regular basis. In the event of an incident, we intend to follow our incident response plan, which outlines the steps to be followed from incident detection to eradication, recovery and notification, including notifying functional areas (e.g., legal), as well as senior management and the Board, as appropriate. As part of these plans, we have also implemented controls and procedures providing for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents, including to regulators and governmental agencies, can be made by management in a timely manner.

Outside Consultants. While we have deployed personnel to perform testing and oversight functions internally, we also leverage external consultants and other tools to test the effectiveness of our operating environment and the protection of our data. We engage third parties to perform assessments on our cybersecurity measures, including information security maturity assessments, audits and reviews of our information security control environment and operating effectiveness. These assessment efforts include a wide range of activities such as tabletop exercises, vulnerability testing, and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. The results of these assessments are reported to the Risk Committee and the Board. Valley adjusts its cyber and information security program as necessary based on the information provided by these assessments, audits and reviews.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Governance. Having the appropriate governance structure in place is critical to the functioning of our cyber and information security risk framework. As noted above, our Board has primary oversight responsibility for our cyber and information security risk, and it performs this oversight function primarily through its Risk Committee, which reports to the full Board. Additionally, to keep pace with the speed of disruptive innovation and associated cyber risks, the Board has established a dedicated Cyber & Technology Risk Subcommittee (the “Cyber Subcommittee”) that reports to the Risk Committee. The Risk Committee, through the Cyber Subcommittee, oversees the Company’s cybersecurity risk profile, prevalent cybersecurity risks, our enterprise information security program and key enterprise information security initiatives.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Risk Management and Strategy

Our cyber and information security risk management framework and strategy is focused on the following key areas:

Identification, Protection and Detection. Valley maintains a threat team and internal committees to identify any new threats and risks to its information systems. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile through various methods including, for example, using manual and automated tools, subscribing to threat intelligence reports and services, analyzing threats and threat actors, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and conducting threat and vulnerability assessments.

Technical Safeguards. Valley also deploys technical safeguards that are designed to protect Valley’s information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, continuous scanning of our environments for potential weaknesses, behavioral-based protections against malware and filtering of inbound emails to protect the firm against phishing attacks. The effectiveness of these safeguards is evaluated through vulnerability assessments and cybersecurity threat intelligence with the goal of implementing improvements as needed.

Third-Party Risk Management. Valley maintains a risk-based approach to identifying and overseeing cybersecurity risks presented by vendors, service providers and other third parties, as well as the systems of third parties that could adversely impact its business in the event of a cybersecurity incident affecting those third-party systems. We have integrated security reviews into the third-party vendor management program. We assess third-party cybersecurity controls and include security and privacy provisions in our contracts where applicable. However, ultimately, we rely on the third parties we use to implement information security programs commensurate with the relevant risk, and we cannot ensure in all circumstances that their efforts will be successful.

Education and Awareness. Valley provides mandatory cybersecurity training at least annually for all employees, which is intended to equip them with tools to identify and address cybersecurity threats, and to communicate Valley’s evolving

information security policies, standards, processes and practices. We also require employees in certain roles to complete additional role-based, specialized cyber and information security training.

Incident Response and Recovery Planning. Valley maintains incident response and recovery plans that are intended to assist in Valley’s response to a cyber or information security incident, and such plans are evaluated on a regular basis. In the event of an incident, we intend to follow our incident response plan, which outlines the steps to be followed from incident detection to eradication, recovery and notification, including notifying functional areas (e.g., legal), as well as senior management and the Board, as appropriate. As part of these plans, we have also implemented controls and procedures providing for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents, including to regulators and governmental agencies, can be made by management in a timely manner.