Home Federal Bancorp, Inc. of Louisiana 10-K Cybersecurity GRC - 2024-09-30

Page last updated on October 1, 2024

Home Federal Bancorp, Inc. of Louisiana reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-30 16:01:46 EDT.

Filings

10-K filed on 2024-09-30

Home Federal Bancorp, Inc. of Louisiana filed a 10-K at 2024-09-30 16:01:46 EDT
Accession Number: 0001140361-24-042337

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity for annual disclosures herein. Federal Home Loan Bank System. Home Federal Bank is a member of the Federal Home Loan Bank of Dallas, which is one of 11 regional Federal Home Loan Banks that administer a home financing credit function primarily for its members. Each Federal Home Loan Bank serves as a reserve or central bank for its members within its assigned region. The Federal Home Loan Bank of Dallas is funded primarily from proceeds derived from the sale of consolidated obligations of the Federal Home Loan Bank System. It makes loans to members ( i.e. , advances) in accordance with policies and procedures established by the board of directors of the Federal Home Loan Bank. At June 30, 2024, Home Federal Bank had no advances from the Federal Home Loan Bank and $186.4 million available on its credit line with the Federal Home Loan Bank. As a member, Home Federal Bank is required to purchase and maintain stock in the Federal Home Loan Bank of Dallas. At June 30, 2024, Home Federal Bank had $1.4 million in Federal Home Loan Bank stock, which was in compliance with the applicable requirement. The Federal Home Loan Banks are required to provide funds for the resolution of troubled savings institutions and to contribute to affordable housing programs through direct loans or interest subsidies on advances targeted for community investment and low- and moderate-income housing projects. These contributions have adversely affected the level of Federal Home Loan Bank dividends paid in the past and could do so in the future. These contributions also could have an adverse effect on the value of Federal Home Loan Bank stock in the future. Federal Reserve System. The Federal Reserve Board requires all depository institutions to maintain reserves against their transaction accounts (primarily NOW and Super NOW checking accounts) and non-personal time deposits. In response to the COVID-19 pandemic, the Federal Reserve reduced reserve requirement ratios to zero percent effective May 26, 2020 to support lending to households and businesses. The required reserves must be maintained in the form of vault cash or an account at a Federal Reserve Bank. At June 30, 2024, Home Federal Bank was not required to maintain any reserve balances. TAXATION Federal Taxation General. Home Federal Bancorp and Home Federal Bank are subject to federal income taxation in the same general manner as other corporations with some exceptions listed below. The following discussion of federal and state income taxation is only intended to summarize certain pertinent income tax matters and is not a comprehensive description of the applicable tax rules. Home Federal Bank’s tax returns have not been audited during the past five years. Method of Accounting. For federal income tax purposes, Home Federal Bank reports income and expenses on the accrual method of accounting and used a June 30 tax year in 2024 for filing its federal income tax return. Bad Debt Reserves. The Small Business Job Protection Act of 1996 eliminated the use of the reserve method of accounting for bad debt reserves by savings associations, effective for taxable years beginning after 1995. Prior to that time, Home Federal Bank was permitted to establish a reserve for bad debts and to make additions to the reserve. These additions could, within specified formula limits, be deducted in arriving at taxable income. In addition, federal legislation required the recapture over a six year period of the excess of tax bad debt reserves at December 31, 1995 over those established as of December 31, 1987. Taxable Distributions and Recapture. Prior to the Small Business Job Protection Act of 1996, bad debt reserves created prior to January 1, 1988 were subject to recapture into taxable income if Home Federal Bank failed to meet certain thrift asset and definitional tests. New federal legislation eliminated these savings association related recapture rules. However, under current law, pre-1988 reserves remain subject to recapture should Home Federal Bank make certain non-dividend distributions or cease to maintain a bank charter. At June 30, 2024, the total federal pre-1988 reserve was approximately $3.3 million. The reserve reflects the cumulative effects of federal tax deductions by Home Federal Bank for which no federal income tax provisions have been made. Corporate Dividends-Received Deduction. Home Federal Bancorp may exclude from its income 100% of dividends received from Home Federal Bank as a member of the same affiliated group of corporations. The corporate dividends received deduction is 65% in the case of dividends received from corporations which a corporate recipient owns less than 80% but at least 20% of the distribution corporation. Corporations which own less than 20% of the stock of a corporation distributing a dividend may deduct only 50 % of dividends received. State and Local Taxation Home Federal Bancorp is subject to the Louisiana Corporation Income Tax based on our Louisiana taxable income. The Corporation Income Tax applies at graduated rates from 4% upon the first $25,000 of Louisiana taxable income to 8% on all Louisiana taxable income in excess of $200,000. For these purposes, “Louisiana taxable income” means net income which is earned by us within or derived from sources within the State of Louisiana, after adjustments permitted under Louisiana law, including a federal income tax deduction. In addition, Home Federal Bank is subject to the Louisiana Shares Tax which is imposed on the assessed value of a company’s stock. The formula for deriving the assessed value is to calculate 15% of the sum of: (a) 20% of our capitalized earnings, plus (b) 80% of our taxable stockholders’ equity, minus (c) 50% of our real and personal property assessment. Various items may also be subtracted in calculating a company’s capitalized earnings. Item 1A. Risk Factors Not applicable. Item 1B. Unresolved Staff Comments Not applicable. Item 1C. Cybersecurity The Bank has implemented an information security program that encompasses the Bank’s cybersecurity efforts as part of its risk management process. Risk assessments, including Information Technology and Cybersecurity Risk, are conducted annually by the Chief Risk Officer, Information Technology Officer and Information Security Officer to identify, assess and mitigate risks. The Bank recognizes the need for sound physical and internal controls over its critical financial data, confidential information and digital assets to ensure the accuracy, integrity, and confidentiality of the processed information. As regulated financial institutions, the Company and Bank are also subject to financial privacy laws and their cybersecurity practices are subject to oversight by the federal banking agencies. The Boards of Directors of the Company and Bank and the Audit Committee of the Company are responsible for ultimate oversight of cybersecurity risks managed daily by management pursuant to the Bank’s information security program. The Boards of Directors annually approve this information security program and regularly receive reports from the Bank’s Information Security Officer and Information Technology Officer that outline the steps undertaken to protect the information and data assets of the Bank and Company. Additionally, the Information Security Officer and Information Technology Officer update the Boards of Directors through supplementary reports on issues related to Cybersecurity readiness. The Bank’s information security program is developed and implemented by the Bank’s Information Security Officer, Information Technology Officer and Chief Risk Officer. Together with the Bank’s Electronic Data Processing (EDP) Committee, comprised of relevant information technology and business unit stakeholders within Bank management, the Information Security and Information Technology Officers of the Bank work to manage, control and mitigate cybersecurity risks. The Bank’s employees are regularly trained on cybersecurity awareness, and testing is performed to monitor the success of the training. The Board of Directors receives training annually. The Bank engages a third party to audit and examine its processes, conduct vulnerability assessments, and review the security of its network infrastructure consistent with FFIEC (Federal Financial Institutions Examination Council) Information Technology Audit guidelines, regulatory requirements and federal banking agency expectations. Trusted third parties are engaged to assist the Bank in improving its cybersecurity readiness. The Bank engages third party vendors to monitor and assist in maintaining its network infrastructure. These third-party vendors take an active role in ensuring that the Bank’s systems are protected by testing, reviewing and advising the Bank to strengthen cybersecurity controls when necessary. The Bank has a vendor oversight risk management process that helps to validate the security and integrity of information collected and maintained by third party vendors that the Bank uses to provide banking services. A key goal of the Bank’s vendor management program includes assessing risks, which include but are not limited to operational, strategic, reputational, cyber, and credit risks. These processes are supported by a specialized vendor that assists the Bank’s management and Board of Directors with properly assessing these risks. Finally, the Bank also has an incident response and business continuity program that is intended to address operational concerns, including cybersecurity risks, during contingency scenarios that may create unknown circumstances. This program is tested annually. Although the Company and Bank have not, as of the date of this Annual Report on Form 10-K, experienced a cybersecurity threat or incident that materially affected their business strategy, results of operations or financial condition, there can be no guarantee that the Company or Bank will not experience such an incident in the future.
Item 1C. Cybersecurity The Bank has implemented an information security program that encompasses the Bank’s cybersecurity efforts as part of its risk management process. Risk assessments, including Information Technology and Cybersecurity Risk, are conducted annually by the Chief Risk Officer, Information Technology Officer and Information Security Officer to identify, assess and mitigate risks. The Bank recognizes the need for sound physical and internal controls over its critical financial data, confidential information and digital assets to ensure the accuracy, integrity, and confidentiality of the processed information. As regulated financial institutions, the Company and Bank are also subject to financial privacy laws and their cybersecurity practices are subject to oversight by the federal banking agencies. The Boards of Directors of the Company and Bank and the Audit Committee of the Company are responsible for ultimate oversight of cybersecurity risks managed daily by management pursuant to the Bank’s information security program. The Boards of Directors annually approve this information security program and regularly receive reports from the Bank’s Information Security Officer and Information Technology Officer that outline the steps undertaken to protect the information and data assets of the Bank and Company. Additionally, the Information Security Officer and Information Technology Officer update the Boards of Directors through supplementary reports on issues related to Cybersecurity readiness. The Bank’s information security program is developed and implemented by the Bank’s Information Security Officer, Information Technology Officer and Chief Risk Officer. Together with the Bank’s Electronic Data Processing (EDP) Committee, comprised of relevant information technology and business unit stakeholders within Bank management, the Information Security and Information Technology Officers of the Bank work to manage, control and mitigate cybersecurity risks. The Bank’s employees are regularly trained on cybersecurity awareness, and testing is performed to monitor the success of the training. The Board of Directors receives training annually. The Bank engages a third party to audit and examine its processes, conduct vulnerability assessments, and review the security of its network infrastructure consistent with FFIEC (Federal Financial Institutions Examination Council) Information Technology Audit guidelines, regulatory requirements and federal banking agency expectations. Trusted third parties are engaged to assist the Bank in improving its cybersecurity readiness. The Bank engages third party vendors to monitor and assist in maintaining its network infrastructure. These third-party vendors take an active role in ensuring that the Bank’s systems are protected by testing, reviewing and advising the Bank to strengthen cybersecurity controls when necessary. The Bank has a vendor oversight risk management process that helps to validate the security and integrity of information collected and maintained by third party vendors that the Bank uses to provide banking services. A key goal of the Bank’s vendor management program includes assessing risks, which include but are not limited to operational, strategic, reputational, cyber, and credit risks. These processes are supported by a specialized vendor that assists the Bank’s management and Board of Directors with properly assessing these risks. Finally, the Bank also has an incident response and business continuity program that is intended to address operational concerns, including cybersecurity risks, during contingency scenarios that may create unknown circumstances. This program is tested annually. Although the Company and Bank have not, as of the date of this Annual Report on Form 10-K, experienced a cybersecurity threat or incident that materially affected their business strategy, results of operations or financial condition, there can be no guarantee that the Company or Bank will not experience such an incident in the future.

Company Information