XML 58 R38.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We rely extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking and accounting systems, use these systems and their own electronic information systems. Any of these systems can be compromised, including through the employees, customers and other individuals who are authorized to use them, and bad actors use a sophisticated and constantly evolving set of software, tools and strategies to do so. Moreover, the nature of our business, as a financial services provider, and our relative size, make us and our business partners high-value targets for these bad actors to pursue.
Accordingly, we have long devoted significant resources to assessing, identifying and managing risks associated with cybersecurity threats, including:
internal resources who are responsible for conducting regular assessments of our information systems, existing controls, vulnerabilities and potential improvements;
continuous monitoring tools that can detect, alert on, respond to, and help mitigate cybersecurity threats in real-time;
performing due diligence with respect to our third-party service providers, including their cybersecurity practices, and requiring contractual commitments from our service providers to take certain cybersecurity measures;
third-party cybersecurity consultants, who conduct periodic penetration testing, vulnerability assessments, and other procedures which identify potential weaknesses in our systems and help validate and improve internal processes and tooling; and
periodic cybersecurity training for our workforce.
This information security program is a key part of our overall risk management system, which is administered by our Chief Risk Officer. The program includes administrative, technical and physical safeguards to help ensure the security and confidentiality of customer records and information. These security and privacy policies and procedures are in effect across all of our lines of business and geographic locations.
From time-to-time, we have identified cybersecurity threats that require us to make changes to our processes and to implement additional safeguards. While none of these identified threats or incidents have materially affected us, it is possible that threats and incidents we identify in the future could have a material adverse effect on our business strategy, results of operations and financial condition. We continue to evolve our controls to mitigate these threats as effectively as we can reasonably foresee them occurring.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We rely extensively on various information systems and other electronic resources to operate our business. In addition, nearly all of our customers, service providers and other business partners on whom we depend, including the providers of our online banking, mobile banking and accounting systems, use these systems and their own electronic information systems. Any of these systems can be compromised, including through the employees, customers and other individuals who are authorized to use them, and bad actors use a sophisticated and constantly evolving set of software, tools and strategies to do so. Moreover, the nature of our business, as a financial services provider, and our relative size, make us and our business partners high-value targets for these bad actors to pursue.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]
In addition, our board of directors is responsible for the oversight of risk management. In that role, our board of directors, with support from the Company’s cybersecurity advisors, are responsible for ensuring that the risk management processes designed and implemented by management are adequate and functioning as designed. To carry out those duties, our board of directors receive reports from our management team regarding cybersecurity risks, and the Company’s efforts to prevent, detect, mitigate and remediate any cybersecurity incidents. These reports are delivered at least quarterly, with additional information and trainings provided at least twice per year.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our management team is responsible for the day-to-day management of risks we face, including our Chief Information Officer. Our current Chief Information Officer has over 20 years of technology experience, including 16 years in Banking.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our management team is responsible for the day-to-day management of risks we face, including our Chief Information Officer. Our current Chief Information Officer has over 20 years of technology experience, including 16 years in Banking.
In addition, our board of directors is responsible for the oversight of risk management. In that role, our board of directors, with support from the Company’s cybersecurity advisors, are responsible for ensuring that the risk management processes designed and implemented by management are adequate and functioning as designed.
Cybersecurity Risk Role of Management [Text Block]
Our management team is responsible for the day-to-day management of risks we face, including our Chief Information Officer. Our current Chief Information Officer has over 20 years of technology experience, including 16 years in Banking.
In addition, our board of directors is responsible for the oversight of risk management. In that role, our board of directors, with support from the Company’s cybersecurity advisors, are responsible for ensuring that the risk management processes designed and implemented by management are adequate and functioning as designed. To carry out those duties, our board of directors receive reports from our management team regarding cybersecurity risks, and the Company’s efforts to prevent, detect, mitigate and remediate any cybersecurity incidents. These reports are delivered at least quarterly, with additional information and trainings provided at least twice per year.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our management team is responsible for the day-to-day management of risks we face, including our Chief Information Officer. Our current Chief Information Officer has over 20 years of technology experience, including 16 years in Banking.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] over 20 years of technology experience, including 16 years in Banking.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our management team is responsible for the day-to-day management of risks we face, including our Chief Information Officer. Our current Chief Information Officer has over 20 years of technology experience, including 16 years in Banking.
In addition, our board of directors is responsible for the oversight of risk management. In that role, our board of directors, with support from the Company’s cybersecurity advisors, are responsible for ensuring that the risk management processes designed and implemented by management are adequate and functioning as designed.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true