Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	The increased use of, and dependence on, information management systems in order to engage with customers and conduct business necessarily creates cyber risk. Despite the significant resources and security measures used by the Corporation, the incentives for threat actors to obtain financial payment information and customer non-public information, or to conduct ransomware will continue to exist. Cyber breach statistics over the past several years evidence the targeting of numerous banking institutions and credit bureaus. Phishing attempts have also significantly increased and political conflict also presents cyber threats by nation states. Operational risk is inherent in the Corporation’s activities and can present itself in numerous ways, including internal or external fraud, business disruptions or failures, noncompliance with applicable laws and regulations, cyber breach, or failure of third parties, among other events. The result of these could be reputational harm, financial losses, or litigation and regulatory fines for the Bank. The Corporation operates in a fashion that allows operational risk to be in line with its risk appetite. To govern, monitor and control operational risk, the Corporation maintains an ERM Program, which sets thresholds for risk appetite by key risk areas, such as strategic risk and operational risk. These thresholds are monitored by the Compliance and Internal Audit Departments and key metrics are reported to management and Board committees. The ERM Program includes managing material risks from cybersecurity threats. Use of third-party software and services also exposes the Corporation to cybersecurity risk as numerous service providers host critical data or have direct contact with our bank customers. Although the Corporation adheres to industry standard practices in conducting thorough due diligence of vendors and contract management, should a vendor experience a breach the bank could still suffer reputational harm, and potentially financial losses. Expanded use of cloud-based technologies and providing our customers more internet-based product offerings to continue to remain competitive will serve to increase these potential risks. The Corporation’s third party risk management program helps to mitigate risks posed by reliance on third and fourth parties. Governance of third parties includes a due diligence and risk assessment prior to contract execution, with oversight completed based on a frequency defined by the third parties risk profile. To combat these ever-present cyber risks, the Corporation maintains a comprehensive Information Security Program, which includes annual risk assessments, an Incident Response Plan, and a layered control environment meant to detect, prevent, and limit unauthorized or harmful actions across our information technology environment. Policies over information security are Board-approved and various types of control testing is conducted throughout the year, both by internal and external parties. Findings are actioned on throughout the year and reported to various committees. The Corporation has adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework for the management and development of cybersecurity controls and is an active participant in the financial sector information sharing organization structure, known as the Financial Services Information Sharing and Analysis Center. The Corporation’s Chief Information Security Officer (CISO) is responsible for assessing and managing the Corporation’s risks from cybersecurity threats. The CISO is an active Certified Information Security Systems Professional and has been with the organization for 18 years with over 21 years of experience in technology infrastructure and security. The Information Security Department conducts cyber incident tabletop exercises on an ongoing basis. These exercises vary by topic, but may include internal incident response teams, executive management, and third parties that provide services across forensic, legal, and public relations capabilities. The purpose of these tabletops is to simulate a cyber event and work through the event using our Incident Response Plan. This allows our incident response team to become familiar with the logistics of the plan, as well as provide feedback to improve the process and plan. External subject matter experts, such as Bank legal counsel, forensic advisors, marketing agency and insurance broker participate in these exercises. Management has established an Information Security Committee in order to assist executive management and the Board of Directors of the Bank in fulfilling their oversight responsibilities related to information security. The Corporation’s Information Security Committee consists of members with diverse experience, including the Corporation’s leaders from information security, enterprise risk management, legal, bank protection, internal audit and various business units. The Corporation’s information security professionals have a range of varying cybersecurity experience and education, many of whom have substantial experience assessing and managing cybersecurity initiatives and hold certain cybersecurity certificates. The Corporation uses multiple assessors, consultants, auditors and other third parties in the fulfillment of the information security program. These third parties participate in testing and validation processes, as well as the execution of certain program-related controls. The Committee reports its activities, key conclusions and recommendations to the Enterprise Risk Management Committee and the Board’s Risk and Credit Policy Committee of the Board on a quarterly basis. At the Information Security Committee, security-related policies and standards are reviewed and recommended for approval, annual risk assessment results and action plans are noted, annual penetration test reports shared, current security incidents discussed, and relevant cyber risks and trends are presented.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Operational risk is inherent in the Corporation’s activities and can present itself in numerous ways, including internal or external fraud, business disruptions or failures, noncompliance with applicable laws and regulations, cyber breach, or failure of third parties, among other events. The result of these could be reputational harm, financial losses, or litigation and regulatory fines for the Bank. The Corporation operates in a fashion that allows operational risk to be in line with its risk appetite. To govern, monitor and control operational risk, the Corporation maintains an ERM Program, which sets thresholds for risk appetite by key risk areas, such as strategic risk and operational risk. These thresholds are monitored by the Compliance and Internal Audit Departments and key metrics are reported to management and Board committees. The ERM Program includes managing material risks from cybersecurity threats.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	true
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Corporation’s Board of Directors has delegated primary responsibility for oversight of cybersecurity risk to its Risk and Credit Policy Committee, with its Audit Committee also considering cyber risk as part of financial oversight. The Information Security Department provides an annual update to the Risk and Credit Policy Committee of the Board on the state of the Information Security Program. This cybersecurity “deep dive” includes review of key security incidents and review of the Information Security Policy, Information Security Program, the Incident Response Plan, and the Acceptable Use Policy. The Board is then presented with the update by the Chair of the Risk and Credit Policy Committee. The Board considers cybersecurity risks in business strategy by getting updates on the Bank’s cybersecurity risk assessment. It assesses the experience of management personnel responsible for preventing, mitigating, detecting and remediating any cyber incidents, including the Chief Information Security Officer. In 2022, the Board appointed Jason Sondhi to its Board of Directors. Mr. Sondhi has experience managing companies who provide endpoint detection and incident response, vulnerability scans, security information and event management, security employee training and vCISO services. Mr. Sondhi’s cybersecurity expertise assists the Board in overseeing management’s cybersecurity related efforts.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Risk and Credit Policy Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Corporation’s Board of Directors has delegated primary responsibility for oversight of cybersecurity risk to its Risk and Credit Policy Committee, with its Audit Committee also considering cyber risk as part of financial oversight. The Information Security Department provides an annual update to the Risk and Credit Policy Committee of the Board on the state of the Information Security Program. This cybersecurity “deep dive” includes review of key security incidents and review of the Information Security Policy, Information Security Program, the Incident Response Plan, and the Acceptable Use Policy. The Board is then presented with the update by the Chair of the Risk and Credit Policy Committee.
Cybersecurity Risk Role of Management [Text Block]	The Corporation’s Chief Information Security Officer (CISO) is responsible for assessing and managing the Corporation’s risks from cybersecurity threats. The CISO is an active Certified Information Security Systems Professional and has been with the organization for 18 years with over 21 years of experience in technology infrastructure and security. The Information Security Department conducts cyber incident tabletop exercises on an ongoing basis. These exercises vary by topic, but may include internal incident response teams, executive management, and third parties that provide services across forensic, legal, and public relations capabilities. The purpose of these tabletops is to simulate a cyber event and work through the event using our Incident Response Plan. This allows our incident response team to become familiar with the logistics of the plan, as well as provide feedback to improve the process and plan. External subject matter experts, such as Bank legal counsel, forensic advisors, marketing agency and insurance broker participate in these exercises. Management has established an Information Security Committee in order to assist executive management and the Board of Directors of the Bank in fulfilling their oversight responsibilities related to information security. The Corporation’s Information Security Committee consists of members with diverse experience, including the Corporation’s leaders from information security, enterprise risk management, legal, bank protection, internal audit and various business units. The Corporation’s information security professionals have a range of varying cybersecurity experience and education, many of whom have substantial experience assessing and managing cybersecurity initiatives and hold certain cybersecurity certificates. The Corporation uses multiple assessors, consultants, auditors and other third parties in the fulfillment of the information security program. These third parties participate in testing and validation processes, as well as the execution of certain program-related controls. The Committee reports its activities, key conclusions and recommendations to the Enterprise Risk Management Committee and the Board’s Risk and Credit Policy Committee of the Board on a quarterly basis. At the Information Security Committee, security-related policies and standards are reviewed and recommended for approval, annual risk assessment results and action plans are noted, annual penetration test reports shared, current security incidents discussed, and relevant cyber risks and trends are presented. The Corporation’s Board of Directors has delegated primary responsibility for oversight of cybersecurity risk to its Risk and Credit Policy Committee, with its Audit Committee also considering cyber risk as part of financial oversight. The Information Security Department provides an annual update to the Risk and Credit Policy Committee of the Board on the state of the Information Security Program. This cybersecurity “deep dive” includes review of key security incidents and review of the Information Security Policy, Information Security Program, the Incident Response Plan, and the Acceptable Use Policy. The Board is then presented with the update by the Chair of the Risk and Credit Policy Committee.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Corporation’s Chief Information Security Officer (CISO) is responsible for assessing and managing the Corporation’s risks from cybersecurity threats. The CISO is an active Certified Information Security Systems Professional and has been with the organization for 18 years with over 21 years of experience in technology infrastructure and security.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The CISO is an active Certified Information Security Systems Professional and has been with the organization for 18 years with over 21 years of experience in technology infrastructure and security.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Information Security Department provides an annual update to the Risk and Credit Policy Committee of the Board on the state of the Information Security Program. This cybersecurity “deep dive” includes review of key security incidents and review of the Information Security Policy, Information Security Program, the Incident Response Plan, and the Acceptable Use Policy. The Board is then presented with the update by the Chair of the Risk and Credit Policy Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The increased use of, and dependence on, information management systems in order to engage with customers and conduct business necessarily creates cyber risk. Despite the significant resources and security measures used by the Corporation, the incentives for threat actors to obtain financial payment information and customer non-public information, or to conduct ransomware will continue to exist. Cyber breach statistics over the past several years evidence the targeting of numerous banking institutions and credit bureaus. Phishing attempts have also significantly increased and political conflict also presents cyber threats by nation states.

Operational risk is inherent in the Corporation’s activities and can present itself in numerous ways, including internal or external fraud, business disruptions or failures, noncompliance with applicable laws and regulations, cyber breach, or failure of third parties, among other events. The result of these could be reputational harm, financial losses, or litigation and regulatory fines for the Bank. The Corporation operates in a fashion that allows operational risk to be in line with its risk appetite. To govern, monitor and control operational risk, the Corporation maintains an ERM Program, which sets thresholds for risk appetite by key risk areas, such as strategic risk and operational risk. These thresholds are monitored by the Compliance and Internal Audit Departments and key metrics are reported to management and Board committees. The ERM Program includes managing material risks from cybersecurity threats.

Use of third-party software and services also exposes the Corporation to cybersecurity risk as numerous service providers host critical data or have direct contact with our bank customers. Although the Corporation adheres to industry standard practices in conducting thorough due diligence of vendors and contract management, should a vendor experience a breach the bank could still suffer reputational harm, and potentially financial losses. Expanded use of cloud-based technologies and providing our customers more internet-based product offerings to continue to remain competitive will serve to increase these potential risks. The Corporation’s third party risk management program helps to mitigate risks posed by reliance on third and fourth parties. Governance of third parties includes a due diligence and risk assessment prior to contract execution, with oversight completed based on a frequency defined by the third parties risk profile.

To combat these ever-present cyber risks, the Corporation maintains a comprehensive Information Security Program, which includes annual risk assessments, an Incident Response Plan, and a layered control environment meant to detect, prevent, and limit unauthorized or harmful actions across our information technology environment. Policies over information security are Board-approved and various types of control testing is conducted throughout the year, both by internal and external parties. Findings are actioned on throughout the year and reported to various committees. The Corporation has adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework for the management and development of cybersecurity controls and is an active participant in the financial sector information sharing organization structure, known as the Financial Services Information Sharing and Analysis Center.

The Corporation’s Chief Information Security Officer (CISO) is responsible for assessing and managing the Corporation’s risks from cybersecurity threats. The CISO is an active Certified Information Security Systems Professional and has been with the organization for 18 years with over 21 years of experience in technology infrastructure and security.

The Information Security Department conducts cyber incident tabletop exercises on an ongoing basis. These exercises vary by topic, but may include internal incident response teams, executive management, and third parties that provide services across forensic, legal, and public relations capabilities. The purpose of these tabletops is to simulate a cyber event and work through the event using our Incident Response Plan. This allows our incident response team to become familiar with the logistics of the plan, as well as provide feedback to improve the process and plan. External subject matter experts, such as Bank legal counsel, forensic advisors, marketing agency and insurance broker participate in these exercises.

Management has established an Information Security Committee in order to assist executive management and the Board of Directors of the Bank in fulfilling their oversight responsibilities related to information security. The Corporation’s Information Security Committee consists of members with diverse experience, including the Corporation’s leaders from information security, enterprise risk management, legal, bank protection, internal audit and various business units. The Corporation’s information security professionals have a range of varying cybersecurity experience and education, many of whom have substantial experience assessing and managing cybersecurity initiatives and hold certain cybersecurity certificates. The Corporation uses multiple assessors, consultants, auditors and other third parties in the fulfillment of the information security program. These third parties participate in testing and validation processes, as well as the execution of certain program-related controls. The Committee reports its activities, key conclusions and recommendations to the Enterprise Risk Management Committee and the Board’s Risk and Credit Policy Committee of the Board on a quarterly basis. At the Information Security Committee, security-related policies and standards are reviewed and recommended for approval, annual risk assessment results and action plans are noted, annual penetration test reports shared, current security incidents discussed, and relevant cyber risks and trends are presented.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Corporation’s Board of Directors has delegated primary responsibility for oversight of cybersecurity risk to its Risk and Credit Policy Committee, with its Audit Committee also considering cyber risk as part of financial oversight. The Information Security Department provides an annual update to the Risk and Credit Policy Committee of the Board on the state of the Information Security Program. This cybersecurity “deep dive” includes review of key security incidents and review of the Information Security Policy, Information Security Program, the Incident Response Plan, and the Acceptable Use Policy. The Board is then presented with the update by the Chair of the Risk and Credit Policy Committee.

The Board considers cybersecurity risks in business strategy by getting updates on the Bank’s cybersecurity risk assessment. It assesses the experience of management personnel responsible for preventing, mitigating, detecting and remediating any cyber incidents, including the Chief Information Security Officer.

In 2022, the Board appointed Jason Sondhi to its Board of Directors. Mr. Sondhi has experience managing companies who provide endpoint detection and incident response, vulnerability scans, security information and event management, security employee training and vCISO services. Mr. Sondhi’s cybersecurity expertise assists the Board in overseeing management’s cybersecurity related efforts.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Risk and Credit Policy Committee

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The CISO is an active Certified Information Security Systems Professional and has been with the organization for 18 years with over 21 years of experience in technology infrastructure and security.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Information Security Department provides an annual update to the Risk and Credit Policy Committee of the Board on the state of the Information Security Program. This cybersecurity “deep dive” includes review of key security incidents and review of the Information Security Policy, Information Security Program, the Incident Response Plan, and the Acceptable Use Policy. The Board is then presented with the update by the Chair of the Risk and Credit Policy Committee.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true