XML 41 R27.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
In the ordinary course of business, we rely on electronic communications and information systems to conduct our operations and to store sensitive data. We employ an in‑depth, layered, defensive approach that leverages people, processes, and technology to manage and maintain cybersecurity controls. We employ a variety of preventative and detective tools to monitor, block, and provide alerts regarding suspicious activity, as well as to report on any suspected persistent threats. Notwithstanding the strength of our defensive measures, the threat from cybersecurity attacks is severe, attacks are sophisticated and increasing in volume, and attackers respond rapidly to changes in defensive measures. While to date we have not experienced a significant compromise, significant data loss or any material financial losses related to cybersecurity attacks, our systems and those of our customers and third‑party service providers are under constant threat, creating the possibility of future events. Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of internet banking, mobile banking and other technology‑based products and services by us and our customers.
The security and maintenance of our information technology systems is important to our operations and business strategy.  To this end, we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are informed in part by industry standards, principles and frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework, and are managed and monitored by a dedicated information technology team, which is led by our Director of Information Technology, and includes mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and to maintain a stable information technology environment.  For example, we conduct penetration and vulnerability tests, data recovery tests, security audits, and ongoing risk assessments, including due diligence on our key technology vendors, contractors, and suppliers. We conduct regular employee training on cybersecurity and information security, among other topics.  In addition, we consult with outside advisors and experts, when appropriate, on a regular basis to assist with assessing, identifying, and managing cybersecurity risks, including anticipated future threats and trends, and their estimated impact on the Company’s risk environment.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are informed in part by industry standards, principles and frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework, and are managed and monitored by a dedicated information technology team, which is led by our Director of Information Technology, and includes mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and to maintain a stable information technology environment.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of internet banking, mobile banking and other technology‑based products and services by us and our customers.
Cybersecurity Risk Board of Directors Oversight [Text Block]
Our Director of Information Technology, who reports to the Chief Financial Officer, has over 15 years of experience managing information technology and cybersecurity matters and is experienced in cloud, infrastructure management, business operations, and cybersecurity, and, together with our Information Technology Steering Committee, is responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. We have not identified risks from known cybersecurity threats, including those resulting from prior cybersecurity incidents, that have materially affected us, and we face ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us.  Additional information on cybersecurity risks we face is discussed in Part I, Item 1A “Risk Factors.” under the heading “Systems failures, interruptions and cybersecurity breaches in our information technology and telecommunications systems and of third-party service providers could have a material adverse effect on us.”
The Board, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate cybersecurity risks. The Risk and Compliance Committee is a board-level committee designated by our Board to oversee cybersecurity risks. The Risk and Compliance Committee receives updates on cybersecurity matters at least quarterly, and our processes require ad hoc updates within two days of a breach as part of the Bank’s cybersecurity risk management strategy designed to protect the information and assets that are critical to our business.  The full Board receives an Annual Report from the Director of Information Technology on the Bank’s Information Technology Systems, including cybersecurity risk.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Risk and Compliance Committee is a board-level committee designated by our Board to oversee cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Risk and Compliance Committee receives updates on cybersecurity matters at least quarterly, and our processes require ad hoc updates within two days of a breach as part of the Bank’s cybersecurity risk management strategy designed to protect the information and assets that are critical to our business.  The full Board receives an Annual Report from the Director of Information Technology on the Bank’s Information Technology Systems, including cybersecurity risk.
Cybersecurity Risk Role of Management [Text Block]
The Board, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate cybersecurity risks. The Risk and Compliance Committee is a board-level committee designated by our Board to oversee cybersecurity risks. The Risk and Compliance Committee receives updates on cybersecurity matters at least quarterly, and our processes require ad hoc updates within two days of a breach as part of the Bank’s cybersecurity risk management strategy designed to protect the information and assets that are critical to our business.  The full Board receives an Annual Report from the Director of Information Technology on the Bank’s Information Technology Systems, including cybersecurity risk.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Director of Information Technology, who reports to the Chief Financial Officer, has over 15 years of experience managing information technology and cybersecurity matters and is experienced in cloud, infrastructure management, business operations, and cybersecurity, and, together with our Information Technology Steering Committee, is responsible for assessing and managing cybersecurity risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our Director of Information Technology, who reports to the Chief Financial Officer, has over 15 years of experience managing information technology and cybersecurity matters and is experienced in cloud, infrastructure management, business operations, and cybersecurity
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Risk and Compliance Committee receives updates on cybersecurity matters at least quarterly, and our processes require ad hoc updates within two days of a breach as part of the Bank’s cybersecurity risk management strategy designed to protect the information and assets that are critical to our business.  The full Board receives an Annual Report from the Director of Information Technology on the Bank’s Information Technology Systems, including cybersecurity risk.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true