Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Our business and support functions utilize information systems that provide critical services to both our employees and our customers. We have an integrated team of professionals who manage and support our communication platforms, transaction-management systems, and analytics and reporting capabilities, including the development of proprietary solutions like REMS©. We use both cloud-based platforms and services and off-site, secure data centers in North America and Europe for our core applications. Information security and privacy are important concerns, with an escalating cyber-threat environment and evolving regulatory requirements driving continued investment in this area. Our information security program is designed to meet or exceed industry best practices and is integrated into our broader ERM framework. We are subject to a number of cybersecurity and data privacy laws and regulations, such as those promulgated by the BMA, Office of the Privacy Commission, NYDFS, MIA, and the EU. Pursuant to applicable regulations, we have established and maintain a cybersecurity program designed to protect our information technology systems and data. Our program is designed to comply with all applicable cybersecurity regulatory requirements, including disclosure requirements, and we continue to evaluate and assess our compliance in the changing regulatory environment. It is likely that we will be subject to new regulations that could adversely affect our operations or ability to write business profitably in one or more jurisdictions. We cannot predict what, if any, regulatory actions may be taken with regard to “big data” or emerging technologies, such as artificial intelligence, but any actions could have a material impact on our business, business processes, financial condition, and results of operations. In addition, we have at times obtained certain cybersecurity certifications, supported by independent third-party assessments. We have in place, and seek to continuously improve, a comprehensive system of security controls, managed by a dedicated staff. We also engage reputable third parties to perform a variety of services, including continuous monitoring of our information systems, incident response or management services, cyber-forensic investigation services, and periodic security penetration testing. In addition, we are subject to independent assessment and review by regulators and external auditors, as well as periodic audits of our security controls by our independent internal audit team. We provide regular security risk education and awareness training sessions for all staff. We maintain an ongoing internal third-party cybersecurity risk assessment program to identify potential cybersecurity threats associated with our use of third-party service providers, and consider these assessments when selecting and engaging service providers with periodic re-evaluations. See “Part I, Item 1A. Risk Factors” for additional information on information technology and cybersecurity-related risks that may impact us and our financial results.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Our business and support functions utilize information systems that provide critical services to both our employees and our customers. We have an integrated team of professionals who manage and support our communication platforms, transaction-management systems, and analytics and reporting capabilities, including the development of proprietary solutions like REMS©. We use both cloud-based platforms and services and off-site, secure data centers in North America and Europe for our core applications.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our Board is responsible for overseeing enterprise-wide risk management and is actively involved in the monitoring of risks that could affect us, including cybersecurity risks. Pursuant to its charter, one of the key responsibilities of the Audit Committee of our Board is oversight of our information and cybersecurity programs and it receives regular reports on cybersecurity, information technology and other related matters and risks. The Audit Committee regularly briefs the Board on matters relating to its information technology and cybersecurity risk oversight.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board is responsible for overseeing enterprise-wide risk management and is actively involved in the monitoring of risks that could affect us, including cybersecurity risks. Pursuant to its charter, one of the key responsibilities of the Audit Committee of our Board is oversight of our information and cybersecurity programs and it receives regular reports on cybersecurity, information technology and other related matters and risks. The Audit Committee regularly briefs the Board on matters relating to its information technology and cybersecurity risk oversight.
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee regularly briefs the Board on matters relating to its information technology and cybersecurity risk oversight. |
| Cybersecurity Risk Role of Management [Text Block] | Our Board is responsible for overseeing enterprise-wide risk management and is actively involved in the monitoring of risks that could affect us, including cybersecurity risks. Pursuant to its charter, one of the key responsibilities of the Audit Committee of our Board is oversight of our information and cybersecurity programs and it receives regular reports on cybersecurity, information technology and other related matters and risks. The Audit Committee regularly briefs the Board on matters relating to its information technology and cybersecurity risk oversight. Our Board and its Audit Committee are supported in their oversight of information technology and cybersecurity matters and risks by two management committees, the Operational Risk and Resilience Committee and the Information Security Steering Committee (the “ISSC”), both of which regularly report to the Audit Committee. Our management team typically reports to the Board on cybersecurity matters on a quarterly basis. The ISSC is responsible for providing management oversight for our cybersecurity risk management program, and its membership includes our Chief Technology Officer and Chief Information Security Officer, among other members of senior management.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our Board and its Audit Committee are supported in their oversight of information technology and cybersecurity matters and risks by two management committees, the Operational Risk and Resilience Committee and the Information Security Steering Committee (the “ISSC”), both of which regularly report to the Audit Committee. Our management team typically reports to the Board on cybersecurity matters on a quarterly basis. The ISSC is responsible for providing management oversight for our cybersecurity risk management program, and its membership includes our Chief Technology Officer and Chief Information Security Officer, among other members of senior management.
|
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our Chief Technology Officer and Chief Information Security Officer have each served in various roles in information technology and/or information security for many years, and have extensive information technology and cybersecurity experience. The Chief Technology Officer, and Chief Information Security Officer, alongside other multidisciplinary teams across the Company, work to implement the prevention, detection, mitigation and remediation of cybersecurity incidents. The broad, cross-functional management team leverages significant experience and expertise across a range of areas, including risk management, technology, and legal and regulatory affairs, among others, for assessing and managing cybersecurity risks. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Audit Committee regularly briefs the Board on matters relating to its information technology and cybersecurity risk oversight. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |