Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

Risk Factors - HFBL

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors

Not applicable.

Item 1B. Unresolved Staff Comments

Not applicable.

Item 1C. Cybersecurity

The Bank has implemented an information security program that encompasses the Bank’s cybersecurity efforts as part of its risk management process. Risk assessments, including Information Technology and Cybersecurity Risk, are conducted annually by the Chief Risk Officer, Information Technology Officer and Information Security Officer to identify, assess and mitigate risks. The Bank recognizes the need for sound physical and internal controls over its critical financial data, confidential information and digital assets to ensure the accuracy, integrity, and confidentiality of the processed information. As regulated financial institutions, the Company and Bank are also subject to financial privacy laws and their cybersecurity practices are subject to oversight by the federal banking agencies.

The Boards of Directors of the Company and Bank and the Audit Committee of the Company are responsible for ultimate oversight of cybersecurity risks managed daily by management pursuant to the Bank’s information security program. The Boards of Directors annually approve this information security program and regularly receive reports from the Bank’s Information Security Officer and Information Technology Officer that outline the steps undertaken to protect the information and data assets of the Bank and Company. Additionally, the Information Security Officer and Information Technology Officer update the Boards of Directors through supplementary reports on issues related to Cybersecurity readiness.

The Bank’s information security program is developed and implemented by the Bank’s Information Security Officer, Information Technology Officer and Chief Risk Officer. Together with the Bank’s Electronic Data Processing (EDP) Committee, comprised of relevant information technology and business unit stakeholders within Bank management, the Information Security and Information Technology Officers of the Bank work to manage, control and mitigate cybersecurity risks. The Bank’s employees are regularly trained on cybersecurity awareness, and testing is performed to monitor the success of the training. The Board of Directors receives training annually.

The Bank engages a third party to audit and examine its processes, conduct vulnerability assessments, and review the security of its network infrastructure consistent with FFIEC (Federal Financial Institutions Examination Council) Information Technology Audit guidelines, regulatory requirements and federal banking agency expectations. Trusted third parties are engaged to assist the Bank in improving its cybersecurity readiness. The Bank engages third party vendors to monitor and assist in maintaining its network infrastructure. These third-party vendors take an active role in ensuring that the Bank’s systems are protected by testing, reviewing and advising the Bank to strengthen cybersecurity controls when necessary.

The Bank has a vendor oversight risk management process that helps to validate the security and integrity of information collected and maintained by third party vendors that the Bank uses to provide banking services. A key goal of the Bank’s vendor management program includes assessing risks, which include but are not limited to operational, strategic, reputational, cyber, and credit risks. These processes are supported by a specialized vendor that assists the Bank’s management and Board of Directors with properly assessing these risks. Finally, the Bank also has an incident response and business continuity program that is intended to address operational concerns, including cybersecurity risks, during contingency scenarios that may create unknown circumstances. This program is tested annually.

Although the Company and Bank have not, as of the date of this Annual Report on Form 10-K, experienced a cybersecurity threat or incident that materially affected their business strategy, results of operations or financial condition, there can be no guarantee that the Company or Bank will not experience such an incident in the future.
Recently Filed
Click on a ticker to see risk factors
Ticker * File Date
NRHI 1 day, 23 hours ago
QDMI 2 days, 12 hours ago
PETV 2 days, 12 hours ago
ECIA 2 days, 13 hours ago
CAG 2 days, 13 hours ago
KALV 2 days, 13 hours ago
AIHS 2 days, 13 hours ago
MEI 3 days, 13 hours ago
AIDG 3 days, 16 hours ago
AVAI 4 days, 12 hours ago
ORIB 4 days, 17 hours ago
ADTI 1 week, 2 days ago
BUKS 1 week, 2 days ago
MFBI 1 week, 2 days ago
HGYN 1 week, 2 days ago
PODC 1 week, 3 days ago
AAQL 1 week, 3 days ago
FIZZ 1 week, 3 days ago
KEQU 1 week, 3 days ago
AERT 1 week, 3 days ago
CRDO 1 week, 4 days ago
MSBI 1 week, 4 days ago
NCL 1 week, 5 days ago
QLGN 1 week, 5 days ago
CNVS 1 week, 5 days ago
PMNT 1 week, 5 days ago
STEK 1 week, 5 days ago
PTCO 1 week, 5 days ago
FATN 1 week, 5 days ago
ZCAR 1 week, 5 days ago
SUND 1 week, 5 days ago
ELTP 1 week, 5 days ago
RGPX 1 week, 5 days ago
ELRE 1 week, 5 days ago
PCSV 1 week, 5 days ago
ATXG 1 week, 5 days ago
EZBC 1 week, 5 days ago
EZET 1 week, 5 days ago
FGDL 1 week, 5 days ago
OMCC 2 weeks, 1 day ago
MXC 2 weeks, 1 day ago
AIRT 2 weeks, 1 day ago
IGC 2 weeks, 1 day ago
MSN 2 weeks, 1 day ago
KFY 2 weeks, 1 day ago
GENC 2 weeks, 1 day ago
XITO 2 weeks, 1 day ago
CGEH 2 weeks, 2 days ago
ETST 2 weeks, 2 days ago
STRZ 2 weeks, 2 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard