Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	The Company’s information security program is designed to protect the security of our computer systems, networks, software and information assets, including customer information. The program is comprised of technical controls, policies, guidelines, and procedures. These technical controls, policies, guidelines, and procedures are intended to align with regulatory guidance, and common industry standard security practices. The Board and our executives appreciate the severity of cybersecurity-related risks and support the continuous development of and investment in the information security program. Commitment to Security and Confidentiality At the Company, we expect each associate to be responsible for the security and confidentiality of customer information. We communicate this responsibility to associates during on-boarding and throughout their employment. Annually, training courses are assigned to each associate to complete on how to protect the confidentiality of customer information at the time of hire and during each year of employment. We regularly provide associates with information security awareness training, including the recognition and appropriate handling of potential phishing emails, which can introduce malware to a bank’s network, result in the theft of user credentials and, ultimately, place customer information at risk. We regularly use phishing campaigns to train associates to determine their ability to recognize phishing emails. For associates who fail a phishing campaign, the associates are assigned additional training courses. Associates must also follow established procedures for the safe storage and handling and secure disposal of customer information. Old or obsolete computer assets are subject to defined procedures and processes to ensure safe destruction of information contained on those devices. For paper-based information or documents, we dispose of paper using shred bins for destruction. Cybersecurity Incident Response Plan As part of our information security program, we have adopted an Information Security Incident Response Plan (Incident Response Plan), which is administered by the Company’s Chief Information Security Officer (CISO). The Incident Response Plan describes the Company’s processes, procedures, and responsibilities for responding to incidents including security and cybersecurity. The Incident Response Plan is intended to be followed in the event of a cybersecurity incident, including implementation of (i) forensic and containment, eradication, and remediation actions by information technology and security personnel and (ii) operational response actions by business units, communications, legal, and risk personnel. The Incident Response Plan includes an annual tabletop exercise to simulate responses to cybersecurity events. If applicable, each exercise may result in postmortem and discuss lessons learned to evaluate any improvements to the Incident Response Plan. The Incident Response Plan includes processes for escalation and reporting of cybersecurity incidents to the Incident Response Team. Network and Device Security The Company employs a constantly evolving, defense-in-depth methodology to cybersecurity. Robust high-availability firewalls are in place at the perimeter. Remote workers are supported through the Company’s secure virtual private network (VPN) and uses multifactor authentication. The Company has a vulnerability management program in place that includes a managed detect and response platform to ensure monitoring of the Company’s network, ensures the timely installation of software patches, and provides a risk-based approach to addresses vulnerabilities across the network. Network security controls are in place to prevent unauthorized access to the network or the Company’s IT resources. The Company employs controls over its managed workstations, servers, and other endpoints to prevent inappropriate access or damage to physical, virtual, or data assets. Data loss prevention programs are in place to prevent the inappropriate transmission or exposure of sensitive data assets or customer information. Cybersecurity training is provided to all employees as part of the overall cybersecurity program. The Company contracts with third party vendors to conduct internal and external penetration tests against the Company’s networks and IT assets to ensure controls are operating in an appropriate manner. Impacts of Cybersecurity Incidents To date, the Company has not experienced a cybersecurity incident that has materially impacted our business strategy, results of operations, or financial condition. Addressing cybersecurity risks is a priority for the Company, and the Company is committed to enhancing its systems of internal controls and business continuity and disaster recovery plans. Third-Party Vendor Controls Before engaging third-party service providers, the Company carries out a due diligence process. This process is led by the Enterprise Risk Management team and Information Security performs due diligence through the process. Risk assessments are reviewed using Service Organization Controls (SOC) reports, self- attestation questionnaires, and other tools. Any third-party service provider or vendor utilized as part of the Company’s cybersecurity framework is required to comply with the Company’s policies regarding non-public personal information and information security. Third parties processing sensitive customer data are contractually required to meet all legal and regulatory obligations to protect customer data against security threats or unauthorized access. After contract executions, vendors undergo ongoing monitoring to ensure they continue to meet their security obligations.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Company’s information security program is designed to protect the security of our computer systems, networks, software and information assets, including customer information. The program is comprised of technical controls, policies, guidelines, and procedures. These technical controls, policies, guidelines, and procedures are intended to align with regulatory guidance, and common industry standard security practices.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our Board of Directors is responsible for overseeing the Company’s business and affairs, including risks associated with cybersecurity threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors oversees the Company’s corporate risk governance processes primarily through its committees, and oversight of cybersecurity threats is delegated primarily to our Board Risk Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The CISO and the Cybersecurity Manager attend Board Risk Committee meetings, periodically provides cybersecurity and other information security updates to the Board Risk Committee. The CISO also provides an annual information security program summary report to the Board of Directors, outlining the overall status of our information security program and the Company’s compliance with regulatory guidelines.
Cybersecurity Risk Role of Management [Text Block]	The Company’s CISO directs the Company’s information security program and our information technology risk management. The CISO and Cybersecurity Manager along with a team of dedicated security personnel examines risks to the Company’s information systems and assets, designs and implements security solutions, monitors the environment, and provides immediate responses to threats. Role of the Chief Information Security Officer and Cybersecurity Manager Our CISO is responsible for the Company’s information security program. In this role, the CISO manages the Company’s information security Program. The Company’s Cybersecurity Manager oversees the day-to-day cybersecurity operations. The CISO and Cybersecurity Manager support the information security risk oversight responsibilities of the Board of Directors and its committees. The CISO reports to our Chief Information Officer, who in turn reports to our Chief Executive Officer and President. The Cybersecurity Manager reports to the Information Technology Director, who in turn reports to the Chief Information Officer. Our Cybersecurity Manager has experience spanning multiple OCC and FDIC regulated financial institutions across the nation. He holds various cybersecurity related certifications and is currently registered with the International Information Systems Security Certification Consortium as a Certified Information Systems Security Professional (CISSP) member in good standing. Role of the Enterprise Risk Manager Our Enterprise Risk Manager is responsible for oversight of the Company’s information technology governance and risk program. In this role, the Enterprise Risk Manager provides independent oversight of information technology risk, promotes effective challenge to the Company’s information technology systems, and ensures that high-level risks receive appropriate attention. The Enterprise Risk Manager is a member of the Company’s Risk Management Group and reports to the Chief Risk Officer, who in turn reports to the Board Risk Committee. Role of the IT Risk Governance Subcommittee Governance of the information security program begins with the IT Risk Governance Subcommittee, a management level subcommittee, whose objective is to protect the integrity, security, safety and resiliency of corporate information systems and assets. Together, our CISO leads the Company’s IT Risk Governance Committee. The IT Risk Governance Committee meets regularly to review the development of the program and develop recommendations and provides regular reports to management, and, ultimately, the Board Risk Committee through the CISO. Role of Enterprise Risk Management Enterprise Risk Management (ERM) is a holistic process to identify, assess/measure, mitigate/control, and aggregate/escalate/report organizational risks, both internal and external, in order to make decisions aimed at maximizing shareholder value and achieving strategic goals. The overarching ERM program shapes information security strategy and development. ERM works with information security management to facilitate performance of Risk Assessments, the results of which are used to identify opportunities to strengthen the program.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Company’s CISO directs the Company’s information security program and our information technology risk management. The CISO and Cybersecurity Manager along with a team of dedicated security personnel examines risks to the Company’s information systems and assets, designs and implements security solutions, monitors the environment, and provides immediate responses to threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our Cybersecurity Manager has experience spanning multiple OCC and FDIC regulated financial institutions across the nation. He holds various cybersecurity related certifications and is currently registered with the International Information Systems Security Certification Consortium as a Certified Information Systems Security Professional (CISSP) member in good standing.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The CISO and Cybersecurity Manager support the information security risk oversight responsibilities of the Board of Directors and its committees. The CISO reports to our Chief Information Officer, who in turn reports to our Chief Executive Officer and President. The Cybersecurity Manager reports to the Information Technology Director, who in turn reports to the Chief Information Officer.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company’s information security program is designed to protect the security of our computer systems, networks, software and information assets, including customer information. The program is comprised of technical controls, policies, guidelines, and procedures. These technical controls, policies, guidelines, and procedures are intended to align with regulatory guidance, and common industry standard security practices.

The Board and our executives appreciate the severity of cybersecurity-related risks and support the continuous development of and investment in the information security program.

Commitment to Security and Confidentiality

At the Company, we expect each associate to be responsible for the security and confidentiality of customer information. We communicate this responsibility to associates during on-boarding and throughout their employment. Annually, training courses are assigned to each associate to complete on how to protect the confidentiality of customer information at the time of hire and during each year of employment.

We regularly provide associates with information security awareness training, including the recognition and appropriate handling of potential phishing emails, which can introduce malware to a bank’s network, result in the theft of user credentials and, ultimately, place customer information at risk. We regularly use phishing campaigns to train associates to determine their ability to recognize phishing emails. For associates who fail a phishing campaign, the associates are assigned additional training courses.

Associates must also follow established procedures for the safe storage and handling and secure disposal of customer information. Old or obsolete computer assets are subject to defined procedures and processes to ensure safe destruction of information contained on those devices. For paper-based information or documents, we dispose of paper using shred bins for destruction.

Cybersecurity Incident Response Plan

As part of our information security program, we have adopted an Information Security Incident Response Plan (Incident Response Plan), which is administered by the Company’s Chief Information Security Officer (CISO). The Incident Response Plan describes the Company’s processes, procedures, and responsibilities for responding to incidents including security and cybersecurity. The Incident Response Plan is intended to be followed in the event of a cybersecurity incident, including implementation of (i) forensic and containment, eradication, and remediation actions by information technology and security personnel and (ii) operational response actions by business units, communications, legal, and risk personnel. The Incident Response Plan includes an annual tabletop exercise to simulate responses to cybersecurity events. If applicable, each exercise may result in postmortem and discuss lessons learned to evaluate any improvements to the Incident Response Plan.

The Incident Response Plan includes processes for escalation and reporting of cybersecurity incidents to the Incident Response Team.

Network and Device Security

The Company employs a constantly evolving, defense-in-depth methodology to cybersecurity. Robust high-availability firewalls are in place at the perimeter. Remote workers are supported through the Company’s secure virtual private network (VPN) and uses multifactor authentication. The Company has a vulnerability management program in place that includes a managed detect and response platform to ensure monitoring of the Company’s network, ensures the timely installation of software patches, and provides a risk-based approach to addresses vulnerabilities across the network. Network security controls are in place to prevent unauthorized access to the network or the Company’s IT resources. The Company employs controls over its managed workstations, servers, and other endpoints to prevent inappropriate access or damage to physical, virtual, or data assets. Data loss prevention programs are in place to prevent the inappropriate transmission or exposure of sensitive data assets or customer information.

Cybersecurity training is provided to all employees as part of the overall cybersecurity program. The Company contracts with third party vendors to conduct internal and external penetration tests against the Company’s networks and IT assets to ensure controls are operating in an appropriate manner.

Impacts of Cybersecurity Incidents

To date, the Company has not experienced a cybersecurity incident that has materially impacted our business strategy, results of operations, or financial condition. Addressing cybersecurity risks is a priority for the Company, and the Company is committed to enhancing its systems of internal controls and business continuity and disaster recovery plans.

Third-Party Vendor Controls

Before engaging third-party service providers, the Company carries out a due diligence process. This process is led by the Enterprise Risk Management team and Information Security performs due diligence through the process. Risk assessments are reviewed using Service Organization Controls (SOC) reports, self- attestation questionnaires, and other tools.

Any third-party service provider or vendor utilized as part of the Company’s cybersecurity framework is required to comply with the Company’s policies regarding non-public personal information and information security. Third parties processing sensitive customer data are contractually required to meet all legal and regulatory obligations to protect customer data against security threats or unauthorized access. After contract executions, vendors undergo ongoing monitoring to ensure they continue to meet their security obligations.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our Board of Directors is responsible for overseeing the Company’s business and affairs, including risks associated with cybersecurity threats.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Board of Directors oversees the Company’s corporate risk governance processes primarily through its committees, and oversight of cybersecurity threats is delegated primarily to our Board Risk Committee.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The CISO and the Cybersecurity Manager attend Board Risk Committee meetings, periodically provides cybersecurity and other information security updates to the Board Risk Committee. The CISO also provides an annual information security program summary report to the Board of Directors, outlining the overall status of our information security program and the Company’s compliance with regulatory guidelines.

Cybersecurity Risk Role of Management [Text Block]

The Company’s CISO directs the Company’s information security program and our information technology risk management. The CISO and Cybersecurity Manager along with a team of dedicated security personnel examines risks to the Company’s information systems and assets, designs and implements security solutions, monitors the environment, and provides immediate responses to threats.

Role of the Chief Information Security Officer and Cybersecurity Manager

Our CISO is responsible for the Company’s information security program. In this role, the CISO manages the Company’s information security Program.

The Company’s Cybersecurity Manager oversees the day-to-day cybersecurity operations.

The CISO and Cybersecurity Manager support the information security risk oversight responsibilities of the Board of Directors and its committees. The CISO reports to our Chief Information Officer, who in turn reports to our Chief Executive Officer and President. The Cybersecurity Manager reports to the Information Technology Director, who in turn reports to the Chief Information Officer.

Our Cybersecurity Manager has experience spanning multiple OCC and FDIC regulated financial institutions across the nation. He holds various cybersecurity related certifications and is currently registered with the International

Information Systems Security Certification Consortium as a Certified Information Systems Security Professional (CISSP) member in good standing.

Role of the Enterprise Risk Manager

Our Enterprise Risk Manager is responsible for oversight of the Company’s information technology governance and risk program. In this role, the Enterprise Risk Manager provides independent oversight of information technology risk, promotes effective challenge to the Company’s information technology systems, and ensures that high-level risks receive appropriate attention. The Enterprise Risk Manager is a member of the Company’s Risk Management Group and reports to the Chief Risk Officer, who in turn reports to the Board Risk Committee.

Role of the IT Risk Governance Subcommittee

Governance of the information security program begins with the IT Risk Governance Subcommittee, a management level subcommittee, whose objective is to protect the integrity, security, safety and resiliency of corporate information systems and assets. Together, our CISO leads the Company’s IT Risk Governance Committee. The IT Risk Governance Committee meets regularly to review the development of the program and develop recommendations and provides regular reports to management, and, ultimately, the Board Risk Committee through the CISO.

Role of Enterprise Risk Management

Enterprise Risk Management (ERM) is a holistic process to identify, assess/measure, mitigate/control, and aggregate/escalate/report organizational risks, both internal and external, in order to make decisions aimed at maximizing shareholder value and achieving strategic goals. The overarching ERM program shapes information security strategy and development. ERM works with information security management to facilitate performance of Risk Assessments, the results of which are used to identify opportunities to strengthen the program.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Information Systems Security Certification Consortium as a Certified Information Systems Security Professional (CISSP) member in good standing.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true