Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | As a provider of SaaS solutions and an extensive user of a variety of technology services, we are subject to numerous risks from cybersecurity threats that have and could adversely affect us; however, to date none have materially affected us or our business strategy, results of operation or financial condition. Cybersecurity threats are ever-present and continuously evolving and we have and will continue to expend considerable resources to deliver solutions that are designed to comply with the stringent security and technical regulations and practices applicable to financial institutions and financial services providers and to safeguard our solutions and information systems against cybersecurity threats. For more information regarding the risks we face from cybersecurity threats, please see "Item 1A. Risk Factors." We have implemented a risk-based approach to identify and assess the cybersecurity threats that have and could affect our business and information systems, and this approach is incorporated into our overall enterprise risk management program. Our enterprise risk management program includes a formal, enterprise-wide inventory, categorization and assessment of risks, including risks associated with cybersecurity threats, overseen by the Risk and Compliance Committee, or RACC, of our Board of Directors. This program is managed by our Chief Risk Officer, or CRO, appointed by the RACC, and an Enterprise Risk Oversight Committee consisting of a cross-functional representation of senior leaders including our Chief Information Security Officer, or CISO. Our CRO has over ten years of senior risk management experience at large technology organizations, following a 20-year career in the U.S. Army. Our enterprise risk management team works in partnership with our security, information technology, compliance, internal audit, and third-party risk management functions, which collectively rely on a variety of internal resources and processes, as well as third-party consultants, auditors and applications, to identify, assess and manage cybersecurity risks, including cybersecurity threats related to third-party providers on which we rely. Our enterprise risk management function also extensively consults with senior management across our organization in identifying, assessing and managing risks.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | As a provider of SaaS solutions and an extensive user of a variety of technology services, we are subject to numerous risks from cybersecurity threats that have and could adversely affect us; however, to date none have materially affected us or our business strategy, results of operation or financial condition. Cybersecurity threats are ever-present and continuously evolving and we have and will continue to expend considerable resources to deliver solutions that are designed to comply with the stringent security and technical regulations and practices applicable to financial institutions and financial services providers and to safeguard our solutions and information systems against cybersecurity threats. For more information regarding the risks we face from cybersecurity threats, please see "Item 1A. Risk Factors." We have implemented a risk-based approach to identify and assess the cybersecurity threats that have and could affect our business and information systems, and this approach is incorporated into our overall enterprise risk management program. Our enterprise risk management program includes a formal, enterprise-wide inventory, categorization and assessment of risks, including risks associated with cybersecurity threats, overseen by the Risk and Compliance Committee, or RACC, of our Board of Directors. This program is managed by our Chief Risk Officer, or CRO, appointed by the RACC, and an Enterprise Risk Oversight Committee consisting of a cross-functional representation of senior leaders including our Chief Information Security Officer, or CISO. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our information security program is managed by a CISO, whose team is responsible for leading our enterprise-wide cybersecurity strategy, policy, standards, architecture and processes. Our CISO has more than 20 years of experience directing disparate teams across application and product security, cyber defense, risk management, information governance, information technology compliance, information technology training and sales. Our CISO is appointed by the RACC, which also oversees the implementation, monitoring and testing of our information security program. Our CISO and CRO provide periodic reports to the RACC, at least quarterly. These reports include updates on the Company's cybersecurity risks and threats, the status of projects to strengthen our information security posture, assessments of the information security program, and the emerging threat landscape. Our CISO and CRO also regularly meet separately with the chair of the RACC to provide similar updates. Our information security program includes incident response procedures designed to facilitate escalation of actual or potential cybersecurity incidents initially to members of our security team, and as appropriate to senior management and the RACC, to allow proper consideration, mitigation and remediation of, as well as evaluation of potential disclosure obligations with respect to, actual or potential cybersecurity incidents. Our information security program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the RACC. We also actively engage with key vendors, industry participants and intelligence and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security program.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our information security program is managed by a CISO, whose team is responsible for leading our enterprise-wide cybersecurity strategy, policy, standards, architecture and processes. Our CISO has more than 20 years of experience directing disparate teams across application and product security, cyber defense, risk management, information governance, information technology compliance, information technology training and sales. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our CISO is appointed by the RACC, which also oversees the implementation, monitoring and testing of our information security program. Our CISO and CRO provide periodic reports to the RACC, at least quarterly. These reports include updates on the Company's cybersecurity risks and threats, the status of projects to strengthen our information security posture, assessments of the information security program, and the emerging threat landscape. Our CISO and CRO also regularly meet separately with the chair of the RACC to provide similar updates. |
| Cybersecurity Risk Role of Management [Text Block] | Our CISO is appointed by the RACC, which also oversees the implementation, monitoring and testing of our information security program. Our CISO and CRO provide periodic reports to the RACC, at least quarterly. These reports include updates on the Company's cybersecurity risks and threats, the status of projects to strengthen our information security posture, assessments of the information security program, and the emerging threat landscape. Our CISO and CRO also regularly meet separately with the chair of the RACC to provide similar updates. Our information security program includes incident response procedures designed to facilitate escalation of actual or potential cybersecurity incidents initially to members of our security team, and as appropriate to senior management and the RACC, to allow proper consideration, mitigation and remediation of, as well as evaluation of potential disclosure obligations with respect to, actual or potential cybersecurity incidents. Our information security program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the RACC. We also actively engage with key vendors, industry participants and intelligence and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security program. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our information security program is managed by a CISO, whose team is responsible for leading our enterprise-wide cybersecurity strategy, policy, standards, architecture and processes. Our CISO has more than 20 years of experience directing disparate teams across application and product security, cyber defense, risk management, information governance, information technology compliance, information technology training and sales. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CISO has more than 20 years of experience directing disparate teams across application and product security, cyber defense, risk management, information governance, information technology compliance, information technology training and sales |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our CISO and CRO provide periodic reports to the RACC, at least quarterly. These reports include updates on the Company's cybersecurity risks and threats, the status of projects to strengthen our information security posture, assessments of the information security program, and the emerging threat landscape. Our CISO and CRO also regularly meet separately with the chair of the RACC to provide similar updates. Our information security program includes incident response procedures designed to facilitate escalation of actual or potential cybersecurity incidents initially to members of our security team, and as appropriate to senior management and the RACC, to allow proper consideration, mitigation and remediation of, as well as evaluation of potential disclosure obligations with respect to, actual or potential cybersecurity incidents. Our information security program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the RACC. We also actively engage with key vendors, industry participants and intelligence and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security program. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |