Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | We use a variety of processes to assess, identify, manage, and mitigate material risks from cybersecurity threats. Our cybersecurity risk management process has been integrated into the Company’s overall Enterprise Risk Management framework as well as our Internal Audit plan. Our cybersecurity program regularly monitors external and internal threats to assess cybersecurity risk and engages in risk-based remediation. Our program is aligned to the Federal Financial Institutions Examination Council and other applicable industry standards. We conduct regular security awareness training, phishing exercises, and other security awareness programs to keep employees engaged and informed on ways to mitigate cybersecurity risk. The Company’s Chief Information Security Officer (“CISO”) is primarily responsible for developing, monitoring, and implementing our Information Security Program (the “ISP”) and coordinating with relevant parts of our business. Our program is organized around six key functions: (1) security operations and incident response, (2) security engineering and architecture, (3) threat and vulnerability management, (4) information technology/information security – governance, risk and controls, (5) security awareness and training, and (6) identity and access management. We engage third-party services to conduct penetration testing as well as other regular evaluations of our security protocols and processes. Additionally, we assess and monitor the cybersecurity controls of third party service providers and partners. Ongoing and regular monitoring of our third parties is also managed through our ISP team’s protocols in partnership with the vendor management, enterprise risk management, and internal audit departments. Cybersecurity incidents are managed as part of our ISP. Notwithstanding the focus we place on cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on the Company. As of the date of this Form 10-K, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition that are required to be reported in this Form 10-K. For further discussion, please see Item 1A. “Risk Factors” for a discussion of cybersecurity risks.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We use a variety of processes to assess, identify, manage, and mitigate material risks from cybersecurity threats. Our cybersecurity risk management process has been integrated into the Company’s overall Enterprise Risk Management framework as well as our Internal Audit plan. Our cybersecurity program regularly monitors external and internal threats to assess cybersecurity risk and engages in risk-based remediation. Our program is aligned to the Federal Financial Institutions Examination Council and other applicable industry standards. We conduct regular security awareness training, phishing exercises, and other security awareness programs to keep employees engaged and informed on ways to mitigate cybersecurity risk. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Risk and Compliance Committee of our Board of Directors (the “Board”), in consultation with and regular reporting to our full Board, oversees enterprise technology and its associated risks including cybersecurity. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Risk and Compliance Committee of our Board of Directors (the “Board”), in consultation with and regular reporting to our full Board, oversees enterprise technology and its associated risks including cybersecurity. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CISO provides quarterly reports and an annual report to the Board and the Risk and Compliance Committee on cybersecurity matters. |
| Cybersecurity Risk Role of Management [Text Block] | Our CISO, who has over twenty-five years of experience managing information security programs across banking and technology companies, is responsible for the Company's ISP and reports to our Chief Information Officer. The CISO receives reports on cybersecurity threats from a number of experienced information security officers responsible for various parts of the business on an ongoing basis and in conjunction with senior management, regularly reviews risk management measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. Our CISO provides quarterly reports and an annual report to the Board and the Risk and Compliance Committee on cybersecurity matters. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our CISO, who has over twenty-five years of experience managing information security programs across banking and technology companies, is responsible for the Company's ISP and reports to our Chief Information Officer. The CISO receives reports on cybersecurity threats from a number of experienced information security officers responsible for various parts of the business on an ongoing basis and in conjunction with senior management, regularly reviews risk management measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO, who has over twenty-five years of experience managing information security programs across banking and technology companies, is responsible for the Company's ISP and reports to our Chief Information Officer. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our CISO, who has over twenty-five years of experience managing information security programs across banking and technology companies, is responsible for the Company's ISP and reports to our Chief Information Officer. The CISO receives reports on cybersecurity threats from a number of experienced information security officers responsible for various parts of the business on an ongoing basis and in conjunction with senior management, regularly reviews risk management measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. Our CISO provides quarterly reports and an annual report to the Board and the Risk and Compliance Committee on cybersecurity matters. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |