Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	As with all institutions involved in the provision of financial services, information security represents a significant operational risk. To mitigate this risk, we have developed and manage a comprehensive information security program dedicated to protecting data entrusted to us by our clients as well as our own proprietary corporate information and the information technology infrastructure we use to process this data and information. Our approach is considered to be a defense-in-depth strategy, with multiple tiers of security controls and monitoring. Our security program is benchmarked against the National Institute of Standards and Technology Cybersecurity Framework (NIST), including, among other things, with respect to application security, vulnerability management and data protection, threat detection and incident response. Cybersecurity risk management is the direct responsibility of our IT security team, which is led by our chief information officer (CIO) and our chief information security officer (CISO). The IT security team develops, maintains, and enforces our information security program and information security policies, which are reviewed at least annually and are subject to approval by our information security committee. Additionally, we complete the following: •an annual enterprise risk assessment; •an annual threat and vulnerability assessment conducted in accordance with NIST guidance which considers adversarial and non-adversarial threat events that could impact our environment; •periodic IT risk assessments; •quarterly vulnerability management reviews; and •periodic cloud risk assessments. Our IT security team regularly monitors the company's technology environment to address and investigate potential incidents. In the event of an incident, we would follow our internally developed incident response playbook, which includes but is not limited to guidelines for determining the severity of an incident, roles and responsibilities of the cyber response team, mitigation and recovery steps, and communication to internal and external stakeholders based upon nature and extent of the incident. We conduct regular external and internal penetration testing, "red teaming" exercises to seek to identify and remediate potential vulnerabilities, and other methods to ensure the readiness and effectiveness of our program and to continue to enhance our security posture. Our information security team also performs periodic tabletop exercises to simulate potential incidents in order to identify potential enhancements to monitoring and our incident response process. We engage third party consultants with respect to cybersecurity, including to conduct vulnerability assessments and penetration testing of its information technology systems. We have established a formal third party risk management (TPRM) policy which defines the criteria that a third party service provider must meet in order to be considered by us. All vendors are risk ranked and reviewed by our TPRM team with results reported to our information security committee, which ultimately approves the use of new and existing vendors. In addition, we maintain an internal information security committee comprised of cross-departmental company executives and IT leaders to ensure that we maintain strong governance mechanisms and to ensure compliance with our security policies and procedures. Although we have implemented what we believe to be an appropriate information security program to protect against, detect, mitigate, and respond to cybersecurity risks, there can be no assurance that such risks, including incidents, may be prevented or timely detected. During the year ended December 31, 2024, we did not experience any material cybersecurity incidents, including cybersecurity incidents that materially affected or are reasonably likely to materially affect the Company, our business strategy, results of operations, or financial condition. See “Risk Factors—Risks Relating to the Operation of Our Business—The security of our information technology systems may be compromised and confidential information, including non-public personal information that we maintain, could be improperly disclosed."
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	To mitigate this risk, we have developed and manage a comprehensive information security program dedicated to protecting data entrusted to us by our clients as well as our own proprietary corporate information and the information technology infrastructure we use to process this data and information. Our approach is considered to be a defense-in-depth strategy, with multiple tiers of security controls and monitoring. Our security program is benchmarked against the National Institute of Standards and Technology Cybersecurity Framework (NIST), including, among other things, with respect to application security, vulnerability management and data protection, threat detection and incident response.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Our board of directors, led by the board’s technology, innovation and operations committee, actively oversees our information security program, with our management, inlcluding the CIO and CISO, providing the board and that committee with regular updates (including at each of the three meetings held by that committee in 2024) and reporting on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The CIO and CISO, who are well qualified, oversee our information security program and are responsible for assessing and managing our risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The CIO and CISO, who are well qualified, oversee our information security program and are responsible for assessing and managing our risks from cybersecurity threats. Our CIO has over 25 years of experience serving Fortune 500 companies in the area of information technology, including over 20 years in mortgage and financial services, with roles ranging from overseeing application development and delivery to enhance risk management capability and improve operational efficiency to information technology strategy, architecture, delivery, and management. Similarly, our CISO has over 25 years of experience working for financial services companies in information technology, including roles overseeing e-commerce, technical infrastructure management and architecture, and over 20 years overseeing information security programs.
Cybersecurity Risk Role of Management [Text Block]	The CIO and CISO, who are well qualified, oversee our information security program and are responsible for assessing and managing our risks from cybersecurity threats. Our CIO has over 25 years of experience serving Fortune 500 companies in the area of information technology, including over 20 years in mortgage and financial services, with roles ranging from overseeing application development and delivery to enhance risk management capability and improve operational efficiency to information technology strategy, architecture, delivery, and management. Similarly, our CISO has over 25 years of experience working for financial services companies in information technology, including roles overseeing e-commerce, technical infrastructure management and architecture, and over 20 years overseeing information security programs.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The CIO and CISO, who are well qualified, oversee our information security program and are responsible for assessing and managing our risks from cybersecurity threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CIO has over 25 years of experience serving Fortune 500 companies in the area of information technology, including over 20 years in mortgage and financial services, with roles ranging from overseeing application development and delivery to enhance risk management capability and improve operational efficiency to information technology strategy, architecture, delivery, and management. Similarly, our CISO has over 25 years of experience working for financial services companies in information technology, including roles overseeing e-commerce, technical infrastructure management and architecture, and over 20 years overseeing information security programs.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our board of directors, led by the board’s technology, innovation and operations committee, actively oversees our information security program, with our management, inlcluding the CIO and CISO, providing the board and that committee with regular updates (including at each of the three meetings held by that committee in 2024) and reporting on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

As with all institutions involved in the provision of financial services, information security represents a significant operational risk. To mitigate this risk, we have developed and manage a comprehensive information security program dedicated to protecting data entrusted to us by our clients as well as our own proprietary corporate information and the information technology infrastructure we use to process this data and information. Our approach is considered to be a defense-in-depth strategy, with multiple tiers of security controls and monitoring. Our security program is benchmarked against the National Institute of Standards and Technology Cybersecurity Framework (NIST), including, among other things, with respect to application security, vulnerability management and data protection, threat detection and incident response.

Cybersecurity risk management is the direct responsibility of our IT security team, which is led by our chief information officer (CIO) and our chief information security officer (CISO). The IT security team develops, maintains, and enforces our information security program and information security policies, which are reviewed at least annually and are subject to approval by our information security committee. Additionally, we complete the following:

•an annual enterprise risk assessment;

•an annual threat and vulnerability assessment conducted in accordance with NIST guidance which considers adversarial and non-adversarial threat events that could impact our environment;

•periodic IT risk assessments;

•quarterly vulnerability management reviews; and

•periodic cloud risk assessments.

Our IT security team regularly monitors the company's technology environment to address and investigate potential incidents. In the event of an incident, we would follow our internally developed incident response playbook, which includes but is not limited to guidelines for determining the severity of an incident, roles and responsibilities of the cyber response team, mitigation and recovery steps, and communication to internal and external stakeholders based upon nature and extent of the incident. We conduct regular external and internal penetration testing, "red teaming" exercises to seek to identify and remediate potential vulnerabilities, and other methods to ensure the readiness and effectiveness of our program and to continue to enhance our security posture. Our information security team also performs periodic tabletop exercises to simulate potential incidents in order to identify potential enhancements to monitoring and our incident response process.

We engage third party consultants with respect to cybersecurity, including to conduct vulnerability assessments and penetration testing of its information technology systems. We have established a formal third party risk management (TPRM) policy which defines the criteria that a third party service provider must meet in order to be considered by us. All vendors are risk ranked and reviewed by our TPRM team with results reported to our information security committee, which ultimately approves the use of new and existing vendors. In addition, we maintain an internal information security committee comprised of cross-departmental company executives and IT leaders to ensure that we maintain strong governance mechanisms and to ensure compliance with our security policies and procedures.

Although we have implemented what we believe to be an appropriate information security program to protect against, detect, mitigate, and respond to cybersecurity risks, there can be no assurance that such risks, including incidents, may be prevented or timely detected. During the year ended December 31, 2024, we did not experience any material cybersecurity incidents, including cybersecurity incidents that materially affected or are reasonably likely to materially affect the Company, our business strategy, results of operations, or financial condition. See “Risk Factors—Risks Relating to the Operation of Our Business—The security of our information technology systems may be compromised and confidential information, including non-public personal information that we maintain, could be improperly disclosed."

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

To mitigate this risk, we have developed and manage a comprehensive information security program dedicated to protecting data entrusted to us by our clients as well as our own proprietary corporate information and the information technology infrastructure we use to process this data and information. Our approach is considered to be a defense-in-depth strategy, with multiple tiers of security controls and monitoring. Our security program is benchmarked against the National Institute of Standards and Technology Cybersecurity Framework (NIST), including, among other things, with respect to application security, vulnerability management and data protection, threat detection and incident response.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Our board of directors, led by the board’s technology, innovation and operations committee, actively oversees our information security program, with our management, inlcluding the CIO and CISO, providing the board and that committee with regular updates (including at each of the three meetings held by that committee in 2024) and reporting on our IT strategy, including information security strategies and initiatives, event preparedness and incremental improvement efforts.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The CIO and CISO, who are well qualified, oversee our information security program and are responsible for assessing and managing our risks from cybersecurity threats.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The CIO and CISO, who are well qualified, oversee our information security program and are responsible for assessing and managing our risks from cybersecurity threats. Our CIO has over 25 years of experience serving Fortune 500 companies in the area of information technology, including over 20 years in mortgage and financial services, with roles ranging from overseeing application development and delivery to enhance risk management capability and improve operational efficiency to

information technology strategy, architecture, delivery, and management. Similarly, our CISO has over 25 years of experience working for financial services companies in information technology, including roles overseeing e-commerce, technical infrastructure management and architecture, and over 20 years overseeing information security programs.

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The CIO and CISO, who are well qualified, oversee our information security program and are responsible for assessing and managing our risks from cybersecurity threats.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CIO has over 25 years of experience serving Fortune 500 companies in the area of information technology, including over 20 years in mortgage and financial services, with roles ranging from overseeing application development and delivery to enhance risk management capability and improve operational efficiency to

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true