Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

The Company regards information and data as valuable assets. As a result, we have implemented safeguards to protect corporate informational and data assets. Associated and established technology resources maintain the integrity, availability, and privacy of confidential information of the respective assets. Additionally, we maintain a similar risk-based approach to our third-party vendors including identifying and overseeing cybersecurity risks they present.

Integration into Overall Risk Management System

The Company employs comprehensive methodologies for risk assessment and diligently identifies and evaluates potential cybersecurity threats and vulnerabilities across our systems, networks and data assets. This process involves regular examinations of emerging threats, conducting penetration tests, vulnerability scanning and thorough analysis of industry-specific risks.

The Company continues to expand investments in information technology security, including continuous end-user training, layered defenses, identifying and protecting critical assets, strengthening monitoring and alerting.

The Company’s Information Security Officer (“ISO”) is responsible for completing additional mandatory training to understand the processes, procedures, and technical requirements for securing information assets across the Company.

The Company has developed an Incident Response Plan to guide its actions in responding to real and suspected information security incidents. This includes unlawful, unauthorized, or unacceptable actions that involve a computer system or a computer network such as Distributed Denial of Service attacks, Corporate Account Takeover schemes, or ransomware. Cybersecurity threats that are identified and deemed material are escalated and communicated directly to the Incident Response Team, in collaboration with relevant information technology personnel, insurance providers, legal counsels and when necessary, external cybersecurity firms specializing in forensic investigations.

The Company sets forth enterprise-wide coordinated responses to identified threats, ensuring timely mitigation and remediation, and facilitating awareness and communication. Tabletop exercises are held regularly at the senior and executive management levels to validate roles and responsibilities, and response protocols respective to cybersecurity threats.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Governance

The Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has oversight responsibilities to ensure effective governance in managing these risks because it recognizes the significance of these threats to our operational integrity, shareholder and customer confidence and reputation.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Management’s Role in Managing Risk

The ISO plays a pivotal role in informing the Board of Directors on cybersecurity risks. The ISO, other information security staff, and members of senior management meet regularly as the Technology Steering Committee. Reports of their meetings are shared with the boards of our subsidiary banks. Committee reports provide comprehensive briefings to both the Board and the Audit Committee as part of managements reporting. These briefings encompass a broad range of topics, including:

●

Current cybersecurity landscape and emerging threats;

●

Status of ongoing cybersecurity initiatives and strategies;

●

Incident reports and issues identified from any cybersecurity events; and

●

Compliance with regulatory requirements and industry standards.

In addition to our regularly scheduled Board meetings, the ISO regularly communicates with senior staff regarding emerging or potential cybersecurity risks. They discuss any significant developments in the cybersecurity domain, which when reported to the Board, ensures the Board’s oversight is proactive and responsive. The Board actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into the broader strategic objectives of the Company. The Board closely reviews these reports of the Bank’s cybersecurity posture and the effectiveness of its risk management strategies prior to approval. This review helps in identifying areas for improvement and ensuring the alignment of cybersecurity efforts with the overall risk management framework.

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false