Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cyber Risk Management and Strategy Our cyber risk management and strategy has been incorporated into our compliance and risk management program across a number of verticals. For example, information security risk assessments are performed across our business processes, including, but not limited to, third-party services, vendors and systems that process sensitive data. We undergo external annual penetration assessments to evaluate susceptibility to attack, for example, through social engineering, application websites and system/network vulnerabilities. We aim to continuously evolve our Information Security program in response to the ever-changing landscape of best practices, industry-specific risks, company-specific risks, and potential threats. This evolution is also driven by validation tests in an effort to ensure our program remains robust and effective. In the wake of the October 2023 cybersecurity incident, we prioritized implementation of enhanced safeguards consistent with our incident response process and further fortifying our commitment to information security. We also have a process to evaluate third-party providers, which is designed to understand the potential risks and impact of threats to our supply chains as well as potential privacy risks associated with external data management. This process has multiple components and is designed to assess our providers performance across several domains, including data security, asset management, communications and operations management, access control, business continuity management, financial, and legal compliance. Considering the complexity and evolving nature of cybersecurity threats, we engage with a range of external experts, including cybersecurity assessors, consultants, and auditors, in evaluating and testing our risk management systems. These engagements allow us to leverage specialized knowledge and insights, including leading industry practices, to better inform our cybersecurity strategies and processes. Our collaboration with these third parties includes audits, threat assessments, and consultations to enhance our security measures. In addition, we undergo several compliance audits annually, which include a SOX compliance audit, a SOC1 audit and a SOC2 audit. Our approach to managing compliance-related risks includes maintaining a data loss prevention program, centralized compliance management, an identity management platform, ongoing Managed Security monitoring, threat and vulnerability monitoring, and information security risk insurance.
Cybersecurity Risk Management Processes Integrated [Text Block]	Our cyber risk management and strategy has been incorporated into our compliance and risk management program across a number of verticals.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance Related to Cybersecurity Risks The full Board of Directors conducts several reviews throughout the year in an effort to ensure that our cyber strategy and risk management is appropriate and prudent. It is the responsibility of the Board of Directors to understand and oversee our strategic plans, the associated risks, and the steps that our senior management team is taking to manage and mitigate those risks. Principal accountability in this domain is placed with our Chief Information Security Officer, who has approximately 25 years of experience in cybersecurity program design and implementation. Responsibility is shared by our Chief Risk and Compliance Officer, who has approximately 20 years of leadership experience in the financial services sector with an extensive background in the mortgage industry, and our Chief Innovation and Digital Officer who has approximately 20 years of experience leading technology and product engineering functions. Our Enterprise Risk Committee reviews and discusses cybersecurity, information security and data privacy risks at regular intervals. A quarterly Enterprise Risk Committee meeting is chaired by our Chief Risk and Compliance Officer and includes information security briefings led by the Chief Information Security Officer. We also hold quarterly Audit and Risk Committee meetings, during which our Board of Directors receives briefings on information security matters. Risks that are identified during these processes are reviewed by executive leadership and corrective action plans are established to address and manage the issues, as applicable and appropriate. We believe in a proactive approach to enterprise risk management. A major tenet of our cybersecurity program includes training to educate and inform team members on cyber hygiene and threat management as well as regular testing to check for understanding. We have invested in technology and dedicated internal resources to facilitate training for application developers, conduct tabletop exercises, run anti-phishing campaigns, and train on privacy regulations. These training activities, along with other key risk indicators, are tracked and reported to our Enterprise Risk Committee on a quarterly basis.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The full Board of Directors conducts several reviews throughout the year in an effort to ensure that our cyber strategy and risk management is appropriate and prudent. It is the responsibility of the Board of Directors to understand and oversee our strategic plans, the associated risks, and the steps that our senior management team is taking to manage and mitigate those risks
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	We also hold quarterly Audit and Risk Committee meetings, during which our Board of Directors receives briefings on information security matters.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Principal accountability in this domain is placed with our Chief Information Security Officer, who has approximately 25 years of experience in cybersecurity program design and implementation. Responsibility is shared by our Chief Risk and Compliance Officer, who has approximately 20 years of leadership experience in the financial services sector with an extensive background in the mortgage industry, and our Chief Innovation and Digital Officer who has approximately 20 years of experience leading technology and product engineering functions. Our Enterprise Risk Committee reviews and discusses cybersecurity, information security and data privacy risks at regular intervals. A quarterly Enterprise Risk Committee meeting is chaired by our Chief Risk and Compliance Officer and includes information security briefings led by the Chief Information Security Officer.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	approximately 25 years of experience in cybersecurity program design and implementation
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	A quarterly Enterprise Risk Committee meeting is chaired by our Chief Risk and Compliance Officer and includes information security briefings led by the Chief Information Security Officer.

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cyber Risk Management and Strategy

Our cyber risk management and strategy has been incorporated into our compliance and risk management program across a number of verticals. For example, information security risk assessments are performed across our business processes, including, but not limited to, third-party services, vendors and systems that process sensitive data. We undergo external annual penetration assessments to evaluate susceptibility to attack, for example, through social engineering, application websites and system/network vulnerabilities. We aim to continuously evolve our Information Security program in response to the ever-changing landscape of best practices, industry-specific risks, company-specific risks, and potential threats. This evolution is also driven by validation tests in an effort to ensure our program remains robust and effective. In the wake of the October 2023 cybersecurity incident, we prioritized implementation of enhanced safeguards consistent with our incident response process and further fortifying our commitment to information security.

We also have a process to evaluate third-party providers, which is designed to understand the potential risks and impact of threats to our supply chains as well as potential privacy risks associated with external data management. This process has multiple components and is designed to assess our providers performance across several domains, including data security, asset management, communications and operations management, access control, business continuity management, financial, and legal compliance.

Considering the complexity and evolving nature of cybersecurity threats, we engage with a range of external experts, including cybersecurity assessors, consultants, and auditors, in evaluating and testing our risk management systems. These engagements allow us to leverage specialized knowledge and insights, including leading industry practices, to better inform our cybersecurity strategies and processes. Our collaboration with these third parties includes audits, threat assessments, and consultations to enhance our security measures.

In addition, we undergo several compliance audits annually, which include a SOX compliance audit, a SOC1 audit and a SOC2 audit. Our approach to managing compliance-related risks includes maintaining a data loss prevention program, centralized compliance management, an identity management platform, ongoing Managed Security monitoring, threat and vulnerability monitoring, and information security risk insurance.

Cybersecurity Risk Management Processes Integrated [Text Block]

Our cyber risk management and strategy has been incorporated into our compliance and risk management program across a number of verticals.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance Related to Cybersecurity Risks

The full Board of Directors conducts several reviews throughout the year in an effort to ensure that our cyber strategy and risk management is appropriate and prudent. It is the responsibility of the Board of Directors to understand and oversee our strategic plans, the associated risks, and the steps that our senior management team is taking to manage and mitigate those risks. Principal accountability in this domain is placed with our Chief Information Security Officer, who has approximately 25 years of experience in cybersecurity program design and implementation. Responsibility is shared by our Chief Risk and Compliance Officer, who has approximately 20 years of leadership experience in the financial services sector with an extensive background in the mortgage industry, and our Chief Innovation and Digital Officer who has approximately 20 years of experience leading technology and product engineering functions.

Our Enterprise Risk Committee reviews and discusses cybersecurity, information security and data privacy risks at regular intervals. A quarterly Enterprise Risk Committee meeting is chaired by our Chief Risk and Compliance Officer and includes information security briefings led by the Chief Information Security Officer.

We also hold quarterly Audit and Risk Committee meetings, during which our Board of Directors receives briefings on information security matters. Risks that are identified during these processes are reviewed by executive leadership and corrective action plans are established to address and manage the issues, as applicable and appropriate.

We believe in a proactive approach to enterprise risk management. A major tenet of our cybersecurity program includes training to educate and inform team members on cyber hygiene and threat management as well as regular testing to check for understanding. We have invested in technology and dedicated internal resources to facilitate training for application developers, conduct tabletop exercises, run anti-phishing campaigns, and train on privacy regulations. These training activities, along with other key risk indicators, are tracked and reported to our Enterprise Risk Committee on a quarterly basis.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

We also hold quarterly Audit and Risk Committee meetings, during which our Board of Directors receives briefings on information security matters.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Principal accountability in this domain is placed with our Chief Information Security Officer, who has approximately 25 years of experience in cybersecurity program design and implementation. Responsibility is shared by our Chief Risk and Compliance Officer, who has approximately 20 years of leadership experience in the financial services sector with an extensive background in the mortgage industry, and our Chief Innovation and Digital Officer who has approximately 20 years of experience leading technology and product engineering functions. Our Enterprise Risk Committee reviews and discusses cybersecurity, information security and data privacy risks at regular intervals. A quarterly Enterprise Risk Committee meeting is chaired by our Chief Risk and Compliance Officer and includes information security briefings led by the Chief Information Security Officer.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

approximately 25 years of experience in cybersecurity program design and implementation

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

A quarterly Enterprise Risk Committee meeting is chaired by our Chief Risk and Compliance Officer and includes information security briefings led by the Chief Information Security Officer.