Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers, and is designed to facilitate coordination across different departments in the handling of such cybersecurity threats and incidents. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat, including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies. Our cybersecurity risk management program is regularly updated to align with industry best practices established by internationally accepted security standards and its effectiveness in mitigating the risks that the Bank is exposed to is periodically assessed. Cybersecurity is not only a strategic priority, but also one of the main elements in the digital transformation of the Bank. Our Corporate Security & Financial Crime Prevention Hub Area is responsible for ensuring adequate information security management by establishing security policies, procedures and controls that bolster the security of our infrastructures, digital channels and payment methods following a holistic and threat intelligence-led approach, where a program has been designed for each of the four fundamental pillars of our security strategy: cybersecurity, data protection, physical security and security in business processes and fraud management, with the aim to reduce the risks identified in the risk taxonomy defined by the Group. As cyberattacks evolve and become more sophisticated, the Bank has strengthened its prevention and monitorization efforts. During the past few years, cybersecurity and information security measures have been reinforced with the aim to ensure an adequate protection of our information and the assets supporting business processes. Security measures adopted in the past few years include measures intended to: (i) ensure end-to-end protection of business processes, considering addressing logical and physical security, privacy and fraud management concerns; (ii) ensure compliance with the security and privacy by design principles; and (iii) improve client access control and authentication services related to online services, from a security and user experience perspective, including by enhancing the use of facial biometrics and advanced analytics models. Further, system monitoring capabilities, as well as incident prevention, detection and response capabilities have also been strengthened through the use of integrated information sources, improved analytical capabilities and automated platforms, improving information security management from a preventive and proactive approach. Additionally, and with the aim to ensure that security is embedded in business processes, the security management model has been reinforced in the software development lifecycle process and in infrastructure, architecture and operations management. The Bank routinely reviews, reinforces and tests its security processes and procedures through simulation exercises in the areas of physical security and digital security. Specialized teams periodically perform security technical tests in order to detect and correct possible security vulnerabilities. These tests include technical tests of technological platforms as well as malicious users’ simulated attacks performed by the “red team”. The outcome of such exercises is a fundamental part of a feedback process designed to improve the cybersecurity strategies. We continuously carry out training and awareness initiatives related to security and privacy, promoting training and awareness campaigns for our employees, clients and society, through our app, online channels and social networks. Some of the topics covered include protection of personal information, secure password management, device protection (laptops, smartphones, etc.), social engineering (phishing, smishing, vishing), malware and other technical attacks detection, detection of scams, security on online purchases and how to react if there is a security incident. The Global and Local Computer Emergency Response Team (“CERT”) are the first line of detection and response to cyberattacks aimed at users and infrastructure. The Global and Local CERT operate 24x7 and provide services with operation lines dedicated to fraud and cybersecurity. The Bank’s cybersecurity strategy is based on internationally accepted security standards. It covers best practices established in information-security standards and guidelines including ISO/IEC 27002 and other ISO/IEC 27000 series standards, COBIT 5 and the NIST Cybersecurity Framework. In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers, and is designed to facilitate coordination across different departments in the handling of such cybersecurity threats and incidents. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat, including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies. Our cybersecurity risk management program is regularly updated to align with industry best practices established by internationally accepted security standards and its effectiveness in mitigating the risks that the Bank is exposed to is periodically assessed.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board of Directors has overall oversight responsibility for our risk management, and is assisted by the Information Technology Committee in the oversight of technological risk and cybersecurity management and in monitoring the technological and cybersecurity strategy. This Committee is one of the main elements of our risk management governance model. It is responsible for the oversight of our technological and cybersecurity strategies, being informed, every three months, by the Chief Security Officer (“CSO”) of the performance and of any incidents that have arisen. Further, our Corporate Security & Financial Crime Prevention Hub Area and the Risk Control Area is responsible for identifying and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our CSO, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Information Technology Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	This Committee is one of the main elements of our risk management governance model. It is responsible for the oversight of our technological and cybersecurity strategies, being informed, every three months, by the Chief Security Officer (“CSO”) of the performance and of any incidents that have arisen.
Cybersecurity Risk Role of Management [Text Block]	Further, our Corporate Security & Financial Crime Prevention Hub Area and the Risk Control Area is responsible for identifying and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our CSO, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our cybersecurity programs are under the direction of our CSO, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Further, our Corporate Security & Financial Crime Prevention Hub Area and the Risk Control Area is responsible for identifying and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers, and is designed to facilitate coordination across different departments in the handling of such cybersecurity threats and incidents. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat, including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies. Our cybersecurity risk management program is regularly updated to align with industry best practices established by internationally accepted security standards and its effectiveness in mitigating the risks that the Bank is exposed to is periodically assessed.

Cybersecurity is not only a strategic priority, but also one of the main elements in the digital transformation of the Bank. Our Corporate Security & Financial Crime Prevention Hub Area is responsible for ensuring adequate information security management by establishing security policies, procedures and controls that bolster the security of our infrastructures, digital channels and payment methods following a holistic and threat intelligence-led approach, where a program has been designed for each of the four fundamental pillars of our security strategy: cybersecurity, data protection, physical security and security in business processes and fraud management, with the aim to reduce the risks identified in the risk taxonomy defined by the Group.

As cyberattacks evolve and become more sophisticated, the Bank has strengthened its prevention and monitorization efforts. During the past few years, cybersecurity and information security measures have been reinforced with the aim to ensure an adequate protection of our information and the assets supporting business processes. Security measures adopted in the past few years include measures intended to: (i) ensure end-to-end protection of business processes, considering addressing logical and physical security, privacy and fraud management concerns; (ii) ensure compliance with the security and privacy by design principles; and (iii) improve client access control and authentication services related to online services, from a security and user experience perspective, including by enhancing the use of facial biometrics and advanced analytics models.

Further, system monitoring capabilities, as well as incident prevention, detection and response capabilities have also been strengthened through the use of integrated information sources, improved analytical capabilities and automated platforms, improving information security management from a preventive and proactive approach.

Additionally, and with the aim to ensure that security is embedded in business processes, the security management model has been reinforced in the software development lifecycle process and in infrastructure, architecture and operations management.

The Bank routinely reviews, reinforces and tests its security processes and procedures through simulation exercises in the areas of physical security and digital security. Specialized teams periodically perform security technical tests in order to detect and correct possible security vulnerabilities. These tests include technical tests of technological platforms as well as malicious users’ simulated attacks performed by the “red team”. The outcome of such exercises is a fundamental part of a feedback process designed to improve the cybersecurity strategies.

We continuously carry out training and awareness initiatives related to security and privacy, promoting training and awareness campaigns for our employees, clients and society, through our app, online channels and social networks. Some of the topics covered include protection of personal information, secure password management, device protection (laptops, smartphones, etc.), social engineering (phishing, smishing, vishing), malware and other technical attacks detection, detection of scams, security on online purchases and how to react if there is a security incident.

The Global and Local Computer Emergency Response Team (“CERT”) are the first line of detection and response to cyberattacks aimed at users and infrastructure. The Global and Local CERT operate 24x7 and provide services with operation lines dedicated to fraud and cybersecurity.

The Bank’s cybersecurity strategy is based on internationally accepted security standards. It covers best practices established in information-security standards and guidelines including ISO/IEC 27002 and other ISO/IEC 27000 series standards, COBIT 5 and the NIST Cybersecurity Framework.

In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board of Directors has overall oversight responsibility for our risk management, and is assisted by the Information Technology Committee in the oversight of technological risk and cybersecurity management and in monitoring the technological and cybersecurity strategy. This Committee is one of the main elements of our risk management governance model. It is responsible for the oversight of our technological and cybersecurity strategies, being informed, every three months, by the Chief Security Officer (“CSO”) of the performance and of any incidents that have arisen.

Further, our Corporate Security & Financial Crime Prevention Hub Area and the Risk Control Area is responsible for identifying and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our CSO, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Information Technology Committee

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

This Committee is one of the main elements of our risk management governance model. It is responsible for the oversight of our technological and cybersecurity strategies, being informed, every three months, by the Chief Security Officer (“CSO”) of the performance and of any incidents that have arisen.

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Our cybersecurity programs are under the direction of our CSO, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true