Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - FSEA

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. Risk Factors

Not applicable, as the Company is a “smaller reporting company.”

ITEM 1B. Unresolved Staff Comments

None.

ITEM 1C. Cybersecurity

Risk Management and Strategy

Our risk management program is designed to identify, assess, and mitigate risk across various aspects of our Company, including financial, operational, regulatory, reputational, and legal. Cybersecurity is a critical component of this program, given the increasing reliance on technology and potential of cyber threats. Our Senior Technology/Cybersecurity Officer is primarily responsible for this cybersecurity component and is a key member of the Company's Information Technology Governance, along with our Chief Finance/Information Security Officer, including the Enterprise Risk Management Committee ("ERM"), the Information Technology Steering Committee ("ITSC") and the Information Technology Advisory Committee ("ITAC"), reporting directly to the Chief Information Officer. Our Senior Technology/Cybersecurity Officer has substantial relevant expertise and formal training in the areas of information security and cybersecurity risk management, including 32 years of cybersecurity experience, seven of which was spent at the Company. The ITAC and ERM are board level committees with the ITSC consisting of members of management.

Our objective for managing cybersecurity risk is to avoid or minimize the impacts of external threat events or other efforts to penetrate, disrupt or misuse our systems or information. The structure of our information security program is designed around the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework, regulatory guidance, and other industry standards. In addition, we leverage certain industry and government associations, third-party benchmarking, audits, and threat intelligence feeds to facilitate and promote program effectiveness. Our Chief Finance/Information Security Officer and our Chief Information Officer, report directly to our Chief Executive Officer, and along with key members of their teams, regularly collaborate with peer banks, industry groups, and policymakers to discuss
cybersecurity trends and issues and identify best practices. The information security program is periodically reviewed by such personnel with the goal of addressing changing threats and conditions.

The Company employs an in-depth, layered, defensive strategy that embraces a “secure by design” philosophy when designing new products, services, and technology. We leverage people, processes, and technology as part of our efforts to manage and maintain cybersecurity controls. We also employ a variety of preventative and detective tools designed to monitor, block, and provide alerts regarding suspicious activity, as well as to report on suspected advanced persistent threats. We have established processes and systems designed to mitigate cyber risk, including regular and on-going education and training for employees, preparedness simulations and tabletop exercises, and recovery and resilience tests. We engage in regular assessments of our infrastructure, software systems, and network architecture, using internal cybersecurity experts and third-party specialists. We also maintain a third-party risk management program designed to identify, assess, and manage risks, including cybersecurity risks, associated with external service providers and our supply chain. We also actively monitor our email gateways for malicious phishing email campaigns and monitor remote connections as a portion of our workforce has the option to work remotely. We leverage internal auditors to periodically review our processes, systems, and controls,

27

including with respect to our information security program, to assess their design and operating effectiveness and make recommendations to strengthen our risk management program.

We maintain an Incident Response Plan ("IRP") that provides a documented framework for responding to actual or potential cybersecurity incidents, including timely notification of and escalation to the appropriate Board-approved management committees, as discussed further below. The IRP is coordinated through the Chief Finance/Information Security Officer, Senior Technology/Cybersecurity Officer and key members of management are embedded into the IRP by its design. The IRP facilitates coordination across multiple parts of our organization and is evaluated at least annually.

Notwithstanding our defensive measures and processes, the threat posed by cyber-attacks is severe. Our internal systems, processes, and controls are designed to mitigate loss from cyber-attacks and, while we have experienced cybersecurity incidents in the past, to date, risks from cybersecurity threats have not materially affected our Company.

Governance

Our Chief Finance/Information Security Officer has oversight of information security across the organization, with the Senior Technology/Cybersecurity Officer independently accountable for managing our enterprise information security department and delivering our information security program. The responsibility of this role includes cybersecurity risk assessment, defense operations, incident response, vulnerability assessment, threat intelligence, identity access governance, third-party risk management, and business resilience. The foregoing responsibilities are covered on a day-to-day basis by a first and second line of defense functions. The second line of defense function is separated from the first line of defense function through organizational structure and ultimately reports directly to the Chief Information Officer. The department consists of information security professionals with varying degrees of education and experience. Individuals within the department are generally subject to professional education and certification requirements. Our Senior Technology/Cybersecurity Officer has substantial relevant expertise and formal training in the areas of information security and cybersecurity risk management.

Our board of directors has approved management committees including the ITAC, which focuses on technology impact, and ERM, which focuses on business impact while the ITSC is an internal management committee providing direction and priorities to information technology strategies. These committees provide oversight and governance of the technology program and the information security program. The ITAC and ERM are chaired by certain members of the board of directors with senior management participation including the Chief Finance/Information Security Officer, Chief Information Officer, Senior Technology/Cybersecurity Officer as well as other key departmental managers from throughout the organization. These committees meet periodically to provide oversight of the risk management strategy, standards, policies, practices, controls, and mitigation and prevention efforts employed to manage security risks. More frequent meetings occur from time to time in accordance with the IRP in order to facilitate timely informing and monitoring efforts. The Senior Technology/Cybersecurity Officer reports summaries of key issues, including significant cybersecurity and/or privacy incidents, discussed at committee meetings and the actions taken to the ITAC on a quarterly basis (or more frequently as may be required by the IRP). The Senior Technology/Cybersecurity Officer reports summaries of key issues, including significant cybersecurity and/or 28 privacy incidents, discussed at committee meetings and the actions taken to the ITAC on a quarterly basis (or more frequently as may be required by the IRP).

The ITAC is responsible for overseeing our information security and technology programs, including management’s actions to identify, assess, mitigate, and remediate or prevent material cybersecurity issues and risks. Our Chief Finance/Information Security Officer, Senior Technology/Cybersecurity Officer and our Chief Information Officer provide quarterly reports to the ITAC and ERM regarding the information security program and the technology program, key enterprise cybersecurity initiatives, and other matters relating to cybersecurity processes. The ITAC reviews and approves our information security and technology budgets and strategies annually. Additionally, the ERM reviews our cyber security risk profile on a quarterly basis. The ITAC and ERM provide a report of their activities to the board of directors regularly.

Recently Filed
Click on a ticker to see risk factors
Ticker * File Date
SFDL 36 minutes ago
OVTZ an hour ago
UNB an hour ago
LFAC an hour ago
SWDR 2 hours ago
SLBK 2 hours ago
FSEA 5 hours ago
VSCO 6 hours ago
MIST 6 hours ago
DG 7 hours ago
AEVA 16 hours ago
OZ 17 hours ago
PELI 19 hours ago
YSS 19 hours ago
FLY 20 hours ago
ODYS 20 hours ago
SBXD 20 hours ago
STRW 20 hours ago
ASST 20 hours ago
SPIR 20 hours ago
ELDN 20 hours ago
COLA 20 hours ago
BKKT 21 hours ago
AWX 21 hours ago
NBY 21 hours ago
NLST 21 hours ago
COEP 21 hours ago
MSAI 21 hours ago
LUNR 21 hours ago
RCAT 21 hours ago
BFRG 21 hours ago
HRGN 21 hours ago
ECOR 21 hours ago
ZNOG 21 hours ago
WWR 21 hours ago
FIVE 21 hours ago
SAIL 21 hours ago
RLMD 21 hours ago
ALMS 21 hours ago
TPTA 21 hours ago
KOYN 21 hours ago
MOV 1 day, 3 hours ago
EQPT 1 day, 4 hours ago
PLBC 1 day, 5 hours ago
MREO 1 day, 5 hours ago
TSHA 1 day, 5 hours ago
SIG 1 day, 5 hours ago
MLCI 1 day, 6 hours ago
GRTX 1 day, 6 hours ago
ACRV 1 day, 6 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard