XML 54 R36.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Cyber/information security is a significant and integrated component of the Company’s risk management strategy. As an insured depository institution, threats to information security are present and growing, and the potential exists for a cybersecurity incident to occur, which could disrupt business operations or compromise sensitive data. To date, the Company has not, to its knowledge, experienced an incident materially affecting or reasonably likely to materially affect the Company.
Cybersecurity Risk Management and Strategy:
The Bank maintains comprehensive policies, procedures, internal controls and practices with respect to cyber/information security, including:
Information Security Policy and Risk Management. The Bank maintains an Information Security Policy reviewed and updated as needed, and at least annually by its Board of Directors.
Information Technology & Information Security Audits. The Bank conducts independent external and internal audits of internal controls relating to information technology and information security in accordance with standards established by the Federal Financial Institutions Examination Council (FFIEC).
Information Security Management. To prepare and respond to incidents, the Bank maintains implemented multi-layered cybersecurity protocols, integrating people, technology, and processes as part of the Bank’s Information Security Program. The Information Security Program is governed by various information security and cybersecurity, systems development, change control, disaster recovery/business continuity, third-party risk management and physical asset classification and control policies. The Information Security Program identifies data sources, threats and vulnerabilities, deploys current information security technologies and ensures awareness, accountability, and oversight for data protection throughout the Bank and with trusted third parties to ensure that data is protected and able to be recovered in the event of a breach or failure (technical or other disaster). The Company engages qualified third-party vendors, consultants and independent auditors to, among other things, conduct network penetration tests and perform cyber/information security audits.
Employee Training and Awareness. Our employees are the first line of defense with respect to cyber/information security protection. Each employee is responsible for protecting the Bank and customer information. Employees are provided with training at initial onboarding and thereafter regarding information security and cybersecurity-related policies and procedures applicable to their respective roles within the organization. In addition, employees are subjected to regular simulated phishing assessments, designed to sharpen threat detection and reporting capabilities. In addition to training, employees are supported with solutions designed to identify, prevent, detect, respond to, and recover from cyber/information security threats and activities intended to compromise cyber/information security.
Customer Data Privacy Reviews. The Bank conducts independent external and internal reviews of internal controls relating to customer data privacy and data security in accordance with the requirements of the Gramm-Leach-Bliley Act, the Right to Financial Privacy Act, and standards established by the FFIEC.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
The Bank maintains comprehensive policies, procedures, internal controls and practices with respect to cyber/information security, including:
Information Security Policy and Risk Management. The Bank maintains an Information Security Policy reviewed and updated as needed, and at least annually by its Board of Directors.
Information Technology & Information Security Audits. The Bank conducts independent external and internal audits of internal controls relating to information technology and information security in accordance with standards established by the Federal Financial Institutions Examination Council (FFIEC).
Information Security Management. To prepare and respond to incidents, the Bank maintains implemented multi-layered cybersecurity protocols, integrating people, technology, and processes as part of the Bank’s Information Security Program. The Information Security Program is governed by various information security and cybersecurity, systems development, change control, disaster recovery/business continuity, third-party risk management and physical asset classification and control policies. The Information Security Program identifies data sources, threats and vulnerabilities, deploys current information security technologies and ensures awareness, accountability, and oversight for data protection throughout the Bank and with trusted third parties to ensure that data is protected and able to be recovered in the event of a breach or failure (technical or other disaster). The Company engages qualified third-party vendors, consultants and independent auditors to, among other things, conduct network penetration tests and perform cyber/information security audits.
Employee Training and Awareness. Our employees are the first line of defense with respect to cyber/information security protection. Each employee is responsible for protecting the Bank and customer information. Employees are provided with training at initial onboarding and thereafter regarding information security and cybersecurity-related policies and procedures applicable to their respective roles within the organization. In addition, employees are subjected to regular simulated phishing assessments, designed to sharpen threat detection and reporting capabilities. In addition to training, employees are supported with solutions designed to identify, prevent, detect, respond to, and recover from cyber/information security threats and activities intended to compromise cyber/information security.
Customer Data Privacy Reviews. The Bank conducts independent external and internal reviews of internal controls relating to customer data privacy and data security in accordance with the requirements of the Gramm-Leach-Bliley Act, the Right to Financial Privacy Act, and standards established by the FFIEC.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Board Oversight. The Audit Committees of the Company and the Bank review and monitor the effectiveness of the Bank’s internal controls, including those controls related to information security, based on independent external audit and internal audit reports. The Boards of Directors of the Company and the Bank review a formal Information Security Report at least annually, a Gramm-Leach-Bliley Act (“GLBA”) report annually and receive periodic reports on cyber/information security topics and matters. As required by federal banking laws and regulations, the Bank’s cyber/information security risk management practices include risk assessments, controls, and practices specifically for cybersecurity, information technology deployment and third-party information technology vendor risk management.
CIO Responsibilities. The Information Services Division of the Bank is primarily responsible for identifying, assessing and managing material risks from cyber/information security threats. Information security management is conducted by the CIO of the Bank. Our CIO monitors, evaluates and adjusts the Bank’s Information Security Program, considering any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and changing business arrangements, such as technology development initiatives, outsourcing arrangements, and changes to customer information systems. Our CIO has been working in IT infrastructure for the past 25 years. His experiences include cybersecurity and information security, IT compliance, audit reviews, policies, incident response and annual processes. He has managed IT technology at leading brokerages, and oversees information security and cybersecurity at our Bank. He received Certified Banking Security Manager (CBSM) certification in 2020. He also manages the third-party risk management at our Bank since 2021. The IT Steering Committee and Management Risk Committee reviews and coordinates the status and results of information security controls, network penetration, business continuity/disaster recovery testing, and incident response plan testing.
Information Security Incident Responses. The Bank maintains information security incident response plans for various information security/data breach scenarios. The Bank tests its incident response plans at least annually. Pursuant to applicable federal and state laws, regulations and FFIEC standards, the Bank maintains incident response notification procedures for affected customers, including notification of federal regulatory authorities and law enforcement. For the preservation of all possible avenues for law enforcement, the Bank does not disclose information security incidents to the general public unless required by law or as directed by applicable lawful authority.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committees of the Company and the Bank review and monitor the effectiveness of the Bank’s internal controls, including those controls related to information security, based on independent external audit and internal audit reports.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Boards of Directors of the Company and the Bank review a formal Information Security Report at least annually, a Gramm-Leach-Bliley Act (“GLBA”) report annually and receive periodic reports on cyber/information security topics and matters. As required by federal banking laws and regulations, the Bank’s cyber/information security risk management practices include risk assessments, controls, and practices specifically for cybersecurity, information technology deployment and third-party information technology vendor risk management.
Cybersecurity Risk Role of Management [Text Block] The Information Services Division of the Bank is primarily responsible for identifying, assessing and managing material risks from cyber/information security threats. Information security management is conducted by the CIO of the Bank. Our CIO monitors, evaluates and adjusts the Bank’s Information Security Program, considering any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and changing business arrangements, such as technology development initiatives, outsourcing arrangements, and changes to customer information systems. Our CIO has been working in IT infrastructure for the past 25 years. His experiences include cybersecurity and information security, IT compliance, audit reviews, policies, incident response and annual processes. He has managed IT technology at leading brokerages, and oversees information security and cybersecurity at our Bank. He received Certified Banking Security Manager (CBSM) certification in 2020. He also manages the third-party risk management at our Bank since 2021. The IT Steering Committee and Management Risk Committee reviews and coordinates the status and results of information security controls, network penetration, business continuity/disaster recovery testing, and incident response plan testing.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Information Services Division of the Bank is primarily responsible for identifying, assessing and managing material risks from cyber/information security threats. Information security management is conducted by the CIO of the Bank. Our CIO monitors, evaluates and adjusts the Bank’s Information Security Program, considering any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and changing business arrangements, such as technology development initiatives, outsourcing arrangements, and changes to customer information systems.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CIO has been working in IT infrastructure for the past 25 years. His experiences include cybersecurity and information security, IT compliance, audit reviews, policies, incident response and annual processes. He has managed IT technology at leading brokerages, and oversees information security and cybersecurity at our Bank. He received Certified Banking Security Manager (CBSM) certification in 2020. He also manages the third-party risk management at our Bank since 2021. The IT Steering Committee and Management Risk Committee reviews and coordinates the status and results of information security controls, network penetration, business continuity/disaster recovery testing, and incident response plan testing.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The IT Steering Committee and Management Risk Committee reviews and coordinates the status and results of information security controls, network penetration, business continuity/disaster recovery testing, and incident response plan testing.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true