XML 47 R29.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
The Company recognizes that the security of our banking operations is critical to protecting our customers and maintaining our reputation. The cybersecurity landscape is constantly evolving. To mitigate these risks, the Company deploys a comprehensive and resilient information security program that consists of a layered security model using industry leading hardware, software, and services to protect customers' and the Bank’s data and to ensure the confidentiality, integrity, and availability of our information systems. This information security program is a critical component of our overall enterprise risk management program.

The Company leverages the following guidelines and frameworks to continue to refine and maintain the information security program: FFIEC Information Security IT Examination Handbook, FFIEC Business Continuity Planning Handbook, FFIEC Cybersecurity Assessment Tool, Center for Internet Security Critical Security Controls, National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Key components of the information security program include:

A risk assessment process that identifies and prioritizes material cybersecurity risks; refines and evaluates the effectiveness of controls to mitigate the risks; and reports results to executive management and the Board of Directors.
A third-party Managed Detection and Response (“MDR”) service, which monitors the security of our network, infrastructure and computer systems 24x7, 365 days a year.
An incident response plan that outlines the steps the Bank will take to respond to a cybersecurity incident, which is tested on a periodic basis.
Annual recurring cybersecurity controls testing program, which includes independent third-party penetration testing, cybersecurity procedures and system testing, and third-party independent network traffic monitoring.
A training and awareness program that educates and tests employees on how to avoid and identify cybersecurity risks.
A Cyber Security Insurance Policy that covers insurance, incident response, incident mitigation, and legal support.

The Company engages reputable third-party assessors to conduct various independent risk assessments on a regular basis, including but not limited to maturity assessments and various other tests. Following a defense-in-depth strategy, the Company leverages both in-house resources and third-party service providers to implement and maintain processes and controls to manage the identified risks.

Our vendor management program is designed to ensure that our vendors meet our cybersecurity requirements and manage our third-party risks. This includes conducting periodic risk assessments of critical vendors, requiring vendors to implement appropriate cybersecurity controls, and monitoring vendor compliance with our cybersecurity requirements.

Security controls are employed on all media where information is stored, the systems that process it, and infrastructure components that facilitate its transmission to ensure the confidentiality, integrity, and availability of Bank’s and customers' information. These controls include, but are not limited to, access control, data encryption, data loss prevention, incident response, security monitoring, third party risk management, and vulnerability management.

The Company's cybersecurity risk management program and strategy are regularly reviewed and updated to ensure that they are aligned with the Bank's business objectives and are designed to address evolving cybersecurity threats and satisfy regulatory requirements and industry standards.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] To mitigate these risks, the Company deploys a comprehensive and resilient information security program that consists of a layered security model using industry leading hardware, software, and services to protect customers' and the Bank’s data and to ensure the confidentiality, integrity, and availability of our information systems. This information security program is a critical component of our overall enterprise risk management program.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] The Company’s Board of Directors is charged with overseeing the establishment and execution of the Company’s risk management framework and monitoring adherence to related policies required by applicable statutes, regulations and principles of safety and soundness.
Cybersecurity Risk Board of Directors Oversight [Text Block] The Company’s Board of Directors is charged with overseeing the establishment and execution of the Company’s risk management framework and monitoring adherence to related policies required by applicable statutes, regulations and principles of safety and soundness. Consistent with this responsibility, the Board has primary oversight of cybersecurity risk and cybersecurity risk management and receives reporting from management about material risks from cybersecurity threats. All members of the Board of Directors receive regular updates on cybersecurity risks and incidents from the Information Security Officer (“ISO”) and Chief Information Officer (“CIO”) and annual security awareness training. The Information Security department consists of cybersecurity professionals who assess, identify, and manage cybersecurity risks and are responsible for implementing and maintaining the Company’s cybersecurity risk management program.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Company’s Board of Directors is charged with overseeing the establishment and execution of the Company’s risk management framework and monitoring adherence to related policies required by applicable statutes, regulations and principles of safety and soundness. Consistent with this responsibility, the Board has primary oversight of cybersecurity risk and cybersecurity risk management and receives reporting from management about material risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] All members of the Board of Directors receive regular updates on cybersecurity risks and incidents from the Information Security Officer (“ISO”) and Chief Information Officer (“CIO”) and annual security awareness training.
Cybersecurity Risk Role of Management [Text Block] All members of the Board of Directors receive regular updates on cybersecurity risks and incidents from the Information Security Officer (“ISO”) and Chief Information Officer (“CIO”) and annual security awareness training.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] All members of the Board of Directors receive regular updates on cybersecurity risks and incidents from the Information Security Officer (“ISO”) and Chief Information Officer (“CIO”) and annual security awareness training.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] All members of the Board of Directors receive regular updates on cybersecurity risks and incidents from the Information Security Officer (“ISO”) and Chief Information Officer (“CIO”) and annual security awareness training. The Information Security department consists of cybersecurity professionals who assess, identify, and manage cybersecurity risks and are responsible for implementing and maintaining the Company’s cybersecurity risk management program
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Company’s Board of Directors is charged with overseeing the establishment and execution of the Company’s risk management framework and monitoring adherence to related policies required by applicable statutes, regulations and principles of safety and soundness. Consistent with this responsibility, the Board has primary oversight of cybersecurity risk and cybersecurity risk management and receives reporting from management about material risks from cybersecurity threats. All members of the Board of Directors receive regular updates on cybersecurity risks and incidents from the Information Security Officer (“ISO”) and Chief Information Officer (“CIO”) and annual security awareness training. The Information Security department consists of cybersecurity professionals who assess, identify, and manage cybersecurity risks and are responsible for implementing and maintaining the Company’s cybersecurity risk management program.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true