XML 53 R36.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Under the ultimate direction of our Chief Executive Officer and executive management team, our Information Security Core Committee has primary responsibility for overseeing our management of cybersecurity risks. This committee is chaired by our Chief Information Security Officer, or CISO, who reports directly to our Chief Risk Officer. Other members of the committee include representatives from Information Technology, Operations, Privacy, Compliance, BSA, Audit. Business
Continuity, Vendor Management, Human Resources, Physical Security, Unified Fraud, Retail, Wealth Management, Lending, and Enterprise Risk Management.
Our CISO, working with his team and the Information Security Core Committee, has primary responsibility for assessing and managing our cybersecurity threat management program. He has more than 25 years of experience in building and leading information security teams and has worked at a technology start-up and a large, publicly-traded financial institution before joining the Company. His experience as a technology engineer has prepared him to lead a variety of teams, both large and small, design, implement and execute executive cyber and information security controls. He studied Computer Science at the University of Virginia and holds a Certified Information Systems Security Professional ("CISSP") certification.
In addition to frequent electronic communication, the committee meets monthly and more frequently, as circumstances warrant, to discuss and monitor prevention, detection, mitigation and remediation of risks from cybersecurity threats. When appropriate, meetings will also include our Chief Risk Officer, Chief Financial Officer, General Counsel and members of our disclosure committee. On a regular basis, the CISO also updates the executive management team on developments within the cybersecurity sphere.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] We have implemented a cybersecurity risk management program that is designed to identify, assess, and mitigate risks from cybersecurity threats to this data and our systems. We did not experience any cybersecurity incidents in 2024 that materially affected the Company.
Risk Management Oversight and Governance
Under the ultimate direction of our Chief Executive Officer and executive management team, our Information Security Core Committee has primary responsibility for overseeing our management of cybersecurity risks. This committee is chaired by our Chief Information Security Officer, or CISO, who reports directly to our Chief Risk Officer. Other members of the committee include representatives from Information Technology, Operations, Privacy, Compliance, BSA, Audit. Business
Continuity, Vendor Management, Human Resources, Physical Security, Unified Fraud, Retail, Wealth Management, Lending, and Enterprise Risk Management.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
The Board of Directors has delegated oversight of the Company’s cybersecurity program to the Enterprise Risk Management Committee of the Board of Directors. The Enterprise Risk Management Committee is responsible for reviewing reports on data management and security initiatives and significant existing and emerging cybersecurity risks, including cybersecurity incidents, the impact on the Company and its stakeholders of any significant cybersecurity incident and any disclosure obligations arising from any such incidents.
Our CISO meets quarterly with the Enterprise Risk Management Committee of the Board of Directors to discuss management’s ongoing cybersecurity risk management programs. He provides information about the sources and nature of risks the Company faces, how management assesses such risks – including in terms of likelihood and severity of impact, progress on vulnerability remediation and current developments in the cybersecurity landscape. This presentation is shared with the full Board of Directors to enable discussion of cybersecurity risk management at the full board level.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Board of Directors has delegated oversight of the Company’s cybersecurity program to the Enterprise Risk Management Committee of the Board of Directors. The Enterprise Risk Management Committee is responsible for reviewing reports on data management and security initiatives and significant existing and emerging cybersecurity risks, including cybersecurity incidents, the impact on the Company and its stakeholders of any significant cybersecurity incident and any disclosure obligations arising from any such incidents.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Our CISO meets quarterly with the Enterprise Risk Management Committee of the Board of Directors to discuss management’s ongoing cybersecurity risk management programs. He provides information about the sources and nature of risks the Company faces, how management assesses such risks – including in terms of likelihood and severity of impact, progress on vulnerability remediation and current developments in the cybersecurity landscape. This presentation is shared with the full Board of Directors to enable discussion of cybersecurity risk management at the full board level
Cybersecurity Risk Role of Management [Text Block]
Our CISO, working with his team and the Information Security Core Committee, has primary responsibility for assessing and managing our cybersecurity threat management program. He has more than 25 years of experience in building and leading information security teams and has worked at a technology start-up and a large, publicly-traded financial institution before joining the Company. His experience as a technology engineer has prepared him to lead a variety of teams, both large and small, design, implement and execute executive cyber and information security controls. He studied Computer Science at the University of Virginia and holds a Certified Information Systems Security Professional ("CISSP") certification.
In addition to frequent electronic communication, the committee meets monthly and more frequently, as circumstances warrant, to discuss and monitor prevention, detection, mitigation and remediation of risks from cybersecurity threats. When appropriate, meetings will also include our Chief Risk Officer, Chief Financial Officer, General Counsel and members of our disclosure committee. On a regular basis, the CISO also updates the executive management team on developments within the cybersecurity sphere.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our CISO, working with his team and the Information Security Core Committee, has primary responsibility for assessing and managing our cybersecurity threat management program. He has more than 25 years of experience in building and leading information security teams and has worked at a technology start-up and a large, publicly-traded financial institution before joining the Company. His experience as a technology engineer has prepared him to lead a variety of teams, both large and small, design, implement and execute executive cyber and information security controls. He studied Computer Science at the University of Virginia and holds a Certified Information Systems Security Professional ("CISSP") certification.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
Our CISO, working with his team and the Information Security Core Committee, has primary responsibility for assessing and managing our cybersecurity threat management program. He has more than 25 years of experience in building and leading information security teams and has worked at a technology start-up and a large, publicly-traded financial institution before joining the Company. His experience as a technology engineer has prepared him to lead a variety of teams, both large and small, design, implement and execute executive cyber and information security controls. He studied Computer Science at the University of Virginia and holds a Certified Information Systems Security Professional ("CISSP") certification.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our CISO meets quarterly with the Enterprise Risk Management Committee of the Board of Directors to discuss management’s ongoing cybersecurity risk management programs. He provides information about the sources and nature of risks the Company faces, how management assesses such risks – including in terms of likelihood and severity of impact, progress on vulnerability remediation and current developments in the cybersecurity landscape. This presentation is shared with the full Board of Directors to enable discussion of cybersecurity risk management at the full board level.
Our Internal Audit function updates the Enterprise Risk Management Committee of our Board of Directors on a quarterly basis about the Company’s enterprise risk management program. These reports are the culmination of a process that involves discussions with leaders across the Company and incorporates a multitude of enterprise risk factors, including cybersecurity threats. The Enterprise Risk Management Committee Chair, in turn, reports to the full Board of Directors a summary of the enterprise risk management presentation.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true