|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
The Company employs a multi-layered approach in an effort to assess, identify and manage risks from cybersecurity threats:
This multi-layered approach has been integrated into the Company’s overall risk management system and processes. Integrating cybersecurity risk management into the overall risk management system demonstrates the Company’s commitment to addressing threats that could significantly impact its operations, financial stability, and reputation. This integration is intended to provide a holistic approach to risk management and helps in creating a more resilient organization against cybersecurity threats.
The Company, as an integral aspect of its regular operations and risk management processes, engages third-party entities and service organizations. The Company evaluates and selects these external partners through its due diligence process. This scrutiny is intended to provide alignment with the Company’s standards for security, reliability, and compliance. Additionally, the Company engages third-party firms to augment the Company’s cybersecurity defenses, leveraging external expertise to mitigate and prevent potential threats. Furthermore, the Company maintains ongoing oversight and monitoring of these third parties in an effort to mitigate potential risks and provide continued adherence to established protocols in order to foster an ecosystem of trusted collaborations within its operational framework.
During the periods covered by this report, there were no cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial
condition, see Item 1A. Risk Factors – "The Company’s operations, including third-party and client interactions, are increasingly done via electronic means, and this has increased the risks related to cybersecurity threats," which are incorporated by reference into this Item 1C.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|This multi-layered approach has been integrated into the Company’s overall risk management system and processes. Integrating cybersecurity risk management into the overall risk management system demonstrates the Company’s commitment to addressing threats that could significantly impact its operations, financial stability, and reputation. This integration is intended to provide a holistic approach to risk management and helps in creating a more resilient organization against cybersecurity threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
The Company’s Board of Directors (the “Board”) plays a pivotal role in overseeing risks arising from cybersecurity threats within the Company. The Board exercises oversight by adopting a Written Information Security Program, engaging in discussions, reviewing reports, and seeking updates on the Company’s cybersecurity posture. The Board’s Risk Committee oversees and monitors the Bank’s enterprise risk management practices. The Risk Committee assists the Company’s Board of Directors with monitoring the Company’s information technology and cybersecurity plans and policies, in addition to compliance with information security and technology risk management requirements, including reporting related to the SEC’s cybersecurity disclosure rules.
The Board is kept informed about cybersecurity issues through a structured and responsive communication process tailored to its needs. This involves updates provided by the Chief Information Security Officer (“CISO”) or other members of management during Board and Risk Committee meetings. Additionally, management reports to the Board on significant cyber incidents, emerging threats, and the effectiveness of existing security measures. The communication framework is intended to keep the board informed about cybersecurity matters, allowing them to make informed decisions and provide strategic guidance to fortify the Company’s defenses against potential threats.
The Company employs a software platform designed for tracking, monitoring, and managing cybersecurity threats across its systems and networks. The platform serves as a centralized hub that aggregates data from various sources, allowing the cybersecurity team, led by the CISO, to take action to mitigate risks. This technological tool serves as a key component in the Company’s cybersecurity arsenal, enhancing its ability to monitor, analyze, and respond to evolving cyber threats.
In cases where cybersecurity threats are deemed significant or pose a potential risk to the Company’s operations, they are escalated to members of management who oversee cybersecurity matters. Depending on the nature and criticality of the threat, it may be escalated to executives such as the CISO, Chief Information Officer, Chief Risk Officer, Chief Financial Officer, General Counsel, or other relevant senior management personnel. These leaders possess the expertise and authority to assess the situation’s impact on the Company’s operations, finances, and reputation. Further, these leaders have over 15 years of experience each in their respective fields of expertise. Upon receiving this information, they engage in deliberation and decision-making, collaborating with the cybersecurity team to formulate and execute an appropriate response plan, which may include elevating the matter to the Risk Committee, or the Board, if warranted. This hierarchical escalation process is intended to ensure that key decision-makers are properly informed, enabling appropriate actions to mitigate the identified cybersecurity risks.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Board’s Risk Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
The Board is kept informed about cybersecurity issues through a structured and responsive communication process tailored to its needs. This involves updates provided by the Chief Information Security Officer (“CISO”) or other members of management during Board and Risk Committee meetings. Additionally, management reports to the Board on significant cyber incidents, emerging threats, and the effectiveness of existing security measures. The communication framework is intended to keep the board informed about cybersecurity matters, allowing them to make informed decisions and provide strategic guidance to fortify the Company’s defenses against potential threats.
|Cybersecurity Risk Role of Management [Text Block]
|Additionally, management reports to the Board on significant cyber incidents, emerging threats, and the effectiveness of existing security measures.
In cases where cybersecurity threats are deemed significant or pose a potential risk to the Company’s operations, they are escalated to members of management who oversee cybersecurity matters. Depending on the nature and criticality of the threat, it may be escalated to executives such as the CISO, Chief Information Officer, Chief Risk Officer, Chief Financial Officer, General Counsel, or other relevant senior management personnel. These leaders possess the expertise and authority to assess the situation’s impact on the Company’s operations, finances, and reputation. Further, these leaders have over 15 years of experience each in their respective fields of expertise. Upon receiving this information, they engage in deliberation and decision-making, collaborating with the cybersecurity team to formulate and execute an appropriate response plan, which may include elevating the matter to the Risk Committee, or the Board, if warranted. This hierarchical escalation process is intended to ensure that key decision-makers are properly informed, enabling appropriate actions to mitigate the identified cybersecurity risks.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer (“CISO”)
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Depending on the nature and criticality of the threat, it may be escalated to executives such as the CISO, Chief Information Officer, Chief Risk Officer, Chief Financial Officer, General Counsel, or other relevant senior management personnel. These leaders possess the expertise and authority to assess the situation’s impact on the Company’s operations, finances, and reputation. Further, these leaders have over 15 years of experience each in their respective fields of expertise.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
The Company employs a software platform designed for tracking, monitoring, and managing cybersecurity threats across its systems and networks. The platform serves as a centralized hub that aggregates data from various sources, allowing the cybersecurity team, led by the CISO, to take action to mitigate risks. This technological tool serves as a key component in the Company’s cybersecurity arsenal, enhancing its ability to monitor, analyze, and respond to evolving cyber threats.
In cases where cybersecurity threats are deemed significant or pose a potential risk to the Company’s operations, they are escalated to members of management who oversee cybersecurity matters. Depending on the nature and criticality of the threat, it may be escalated to executives such as the CISO, Chief Information Officer, Chief Risk Officer, Chief Financial Officer, General Counsel, or other relevant senior management personnel. These leaders possess the expertise and authority to assess the situation’s impact on the Company’s operations, finances, and reputation. Further, these leaders have over 15 years of experience each in their respective fields of expertise. Upon receiving this information, they engage in deliberation and decision-making, collaborating with the cybersecurity team to formulate and execute an appropriate response plan, which may include elevating the matter to the Risk Committee, or the Board, if warranted. This hierarchical escalation process is intended to ensure that key decision-makers are properly informed, enabling appropriate actions to mitigate the identified cybersecurity risks.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef