Cybersecurity Risk Management, Strategy and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Item 1C. Cybersecurity.
Cybersecurity Risk, Management and Strategy The Company’s cybersecurity program is integrated within its overall risk management function. The Company engages third parties, including an outsourced cybersecurity team and additional vendors that conduct cybersecurity testing, 24/7 scanning, monitoring and tracking. All critical vendors of the Company, including its cybersecurity vendors, are subject to the requirements of its vendor management policy and processes. The Company is a regulated entity and undergoes regulatory reviews to ensure the Bank remains in compliance with all appropriate standards, including related to its management of third-party vendors.
Internally, the cybersecurity program is managed by the Company’s Senior Vice President and Chief Information Officer. She has held senior management positions in information technology, management information systems and information security for over 30 40 years. She reports regularly to the risk and audit committees of the Board of Directors about the prevention, detection, mitigation, and remediation of cybersecurity activities and incidents. Additionally, the full board annually assesses all critical risks of the Company, including cybersecurity risks, and also receives periodic updates relating to key cybersecurity issues as part of their oversight.
The Company’s Senior Vice President and Chief Information Officer also regularly reports to the Company’s IT Steering Committee and executive risk management (“ERM”) committee, which oversees Company-wide risk at the management level, regarding cybersecurity risks. Members of the ERM committee include our President and Chief Executive Officer.
While to date, we have not had a major cyber incident, nor experienced significant data loss or any material financial losses related to cybersecurity attacks, it is possible that we could experience a significant event in the future. Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats. See Item 1A. “Risk Factors.” – “We face significant operational risks because the financial services business involves a high volume of transactions and increased reliance on technology, including risk of loss related to cyber security breaches.” for further discussion of potential risks related to cybersecurity incidents. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | The Company’s cybersecurity program is integrated within its overall risk management function. The Company engages third parties, including an outsourced cybersecurity team and additional vendors that conduct cybersecurity testing, 24/7 scanning, monitoring and tracking. All critical vendors of the Company, including its cybersecurity vendors, are subject to the requirements of its vendor management policy and processes. The Company is a regulated entity and undergoes regulatory reviews to ensure the Bank remains in compliance with all appropriate standards, including related to its management of third-party vendors. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | The Company’s cybersecurity program is integrated within its overall risk management function. The Company engages third parties, including an outsourced cybersecurity team and additional vendors that conduct cybersecurity testing, 24/7 scanning, monitoring and tracking. All critical vendors of the Company, including its cybersecurity vendors, are subject to the requirements of its vendor management policy and processes. The Company is a regulated entity and undergoes regulatory reviews to ensure the Bank remains in compliance with all appropriate standards, including related to its management of third-party vendors.
Internally, the cybersecurity program is managed by the Company’s Senior Vice President and Chief Information Officer. She has held senior management positions in information technology, management information systems and information security for over 30 40 years. She reports regularly to the risk and audit committees of the Board of Directors about the prevention, detection, mitigation, and remediation of cybersecurity activities and incidents. Additionally, the full board annually assesses all critical risks of the Company, including cybersecurity risks, and also receives periodic updates relating to key cybersecurity issues as part of their oversight.
The Company’s Senior Vice President and Chief Information Officer also regularly reports to the Company’s IT Steering Committee and executive risk management (“ERM”) committee, which oversees Company-wide risk at the management level, regarding cybersecurity risks. Members of the ERM committee include our President and Chief Executive Officer. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Internally, the cybersecurity program is managed by the Company’s Senior Vice President and Chief Information Officer. She has held senior management positions in information technology, management information systems and information security for over 30 40 years. She reports regularly to the risk and audit committees of the Board of Directors about the prevention, detection, mitigation, and remediation of cybersecurity activities and incidents. Additionally, the full board annually assesses all critical risks of the Company, including cybersecurity risks, and also receives periodic updates relating to key cybersecurity issues as part of their oversight. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Additionally, the full board annually assesses all critical risks of the Company, including cybersecurity risks, and also receives periodic updates relating to key cybersecurity issues as part of their oversight. |
| Cybersecurity Risk Role of Management [Text Block] | Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats. See Item 1A. “Risk Factors.” – “We face significant operational risks because the financial services business involves a high volume of transactions and increased reliance on technology, including risk of loss related to cyber security breaches.” for further discussion of potential risks related to cybersecurity incidents. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Internally, the cybersecurity program is managed by the Company’s Senior Vice President and Chief Information Officer. She has held senior management positions in information technology, management information systems and information security for over 30 40 years. She reports regularly to the risk and audit committees of the Board of Directors about the prevention, detection, mitigation, |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | She has held senior management positions in information technology, management information systems and information security for over 30 40 years. She reports regularly to the risk and audit committees of the Board of Directors about the prevention, detection, mitigation, and remediation of cybersecurity activities and incidents. Additionally, the full board annually assesses all critical risks of the Company, including cybersecurity risks, and also receives periodic updates relating to key cybersecurity issues as part of their oversight. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The Company’s Senior Vice President and Chief Information Officer also regularly reports to the Company’s IT Steering Committee and executive risk management (“ERM”) committee, which oversees Company-wide risk at the management level, regarding cybersecurity risks. Members of the ERM committee include our President and Chief Executive Officer. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |