Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Jun. 30, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Notwithstanding our defensive measures and processes, the threat posed by cyber-attacks is severe. Our internal systems, processes and controls are designed to mitigate loss from cyber-attacks and, to date, risks from cybersecurity threats have not materially affected the Company. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Board of Directors reviews and approves the ISP. The EVP and Information Security Officer reports to the Board at least annually. The report includes material matters related to the ISP, addressing issues such as risk assessment and management, implementation of internal controls to detect and protect against cybersecurity threats, third-party cybersecurity controls, test results, staff and board training, security breaches or violations and management responses, and recommendations for changes in the ISP. The EVP and Information Security Officer and EVP Chief Operating Officer each have over 20 years’ experience managing information security and cybersecurity programs Notwithstanding our defensive measures and processes, the threat posed by cyber-attacks is severe. Our internal systems, processes and controls are designed to mitigate loss from cyber-attacks and, to date, risks from cybersecurity threats have not materially affected the Company. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Committee monitors risk management practices and procedures, external vulnerability testing and internal staff information security training and testing. Members are responsible for ensuring compliance with all ISP related policies, controls and procedures within their respective departments or functions. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Board of Directors reviews and approves the ISP. The EVP and Information Security Officer reports to the Board at least annually. The report includes material matters related to the ISP, addressing issues such as risk assessment and management, implementation of internal controls to detect and protect against cybersecurity threats, third-party cybersecurity controls, test results, staff and board training, security breaches or violations and management responses, and recommendations for changes in the ISP. The EVP and Information Security Officer and EVP Chief Operating Officer each have over 20 years’ experience managing information security and cybersecurity programs |
| Cybersecurity Risk Role of Management [Text Block] | The Company has established an Information Security Program (“ISP”) and various related policies, controls and procedures, to assess, identify and mitigate risks from cybersecurity threats. The ISP is based on the National Institute of Standards and Technology Cybersecurity Framework. Critical information assets and processes have been identified, and internal and third-party controls have been implemented to prevent and detect external attacks. These controls include computer scanning, intrusion prevention services,
firewalls, end-point detection and response, data loss prevention, access controls, internal and external penetration testing, security monitoring, anti-virus, internet content filtering, server event logging, and firewall event management. Publications from FS-ISAC, SANS Institute and US-CERT are reviewed, and alerts are monitored daily. Our Business Continuity Plan includes the documented and tested critical steps required to recover a system or software application in the event of a cybersecurity incident. The ISP is reviewed and modified at least annually or whenever required to respond to changes in cybersecurity conditions. The Executive Vice President and Information Security Officer, and the Executive Vice President and Chief Operating Officer are primarily responsible for managing the ISP. The Information Technology Committee, whose members include the CEO and senior management from loan operations, deposit operations, and accounting in addition to the EVP Chief Operating Officer and EVP Information Security Officer, provide support and enforcement of the ISP. The Committee meets quarterly to review and approve ISP related policies, procedures, and controls including disaster recovery, incident response, and cybersecurity. The Committee monitors risk management practices and procedures, external vulnerability testing and internal staff information security training and testing. Members are responsible for ensuring compliance with all ISP related policies, controls and procedures within their respective departments or functions. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The EVP and Information Security Officer and EVP Chief Operating Officer each have over 20 years’ experience managing information security and cybersecurity programs |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Information Technology Committee, whose members include the CEO and senior management from loan operations, deposit operations, and accounting in addition to the EVP Chief Operating Officer and EVP Information Security Officer, provide support and enforcement of the ISP. The Committee meets quarterly to review and approve ISP related policies, procedures, and controls including disaster recovery, incident response, and cybersecurity. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |