RYVYL Inc. 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

RYVYL Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 17:09:44 EDT.

Filings

10-K filed on 2025-03-28

RYVYL Inc. filed a 10-K at 2025-03-28 17:09:44 EDT
Accession Number: 0001185185-25-000244

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into our overall risk management systems, as overseen by our Board, primarily through its audit committee. These processes also include overseeing and identifying risks from cybersecurity threats associated with the use of third-party service providers. We conduct risk assessments of certain third-party providers before engagement and have established monitoring procedures in an effort to assess and mitigate potential data security exposures originating from third parties. We from time to time engages third-party consultants, legal advisors, and audit firms in evaluating and testing our risk management systems and assessing and remediating certain potential cybersecurity incidents as appropriate. Governance Board of Directors The audit committee of our Board oversees, among other things, the adequacy and effectiveness of our internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is informed of material risks from cybersecurity threats pursuant to the escalation criteria, as set forth in our disclosure controls and procedures. Further, at least once per year, our management team reports on cybersecurity matters, including material risks and threats, to the audit committee, and the audit committee provides updates to the Board at regular Board meetings. Our management team also provides updates annually or more frequently as appropriate to the Board. Management Under the oversight of the audit committee of the Board , and as directed by our Chief Executive Officer (“CEO”), the Head of IT is primarily responsible for the assessment and management of material cybersecurity risks and the Company’s annual security audits to meet the payment industry expectations. Our management team holds a regular cybersecurity and business continuity reviews to evaluate data security exposures, control effectiveness and necessary remediation actions. The Head of IT is also supported by a third-party IT consulting services provider who helps oversee our IT systems and provides cross-functional support for cybersecurity risk management and facilitates the response to any cybersecurity incidents. Our Head of IT oversees our cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. Our Head of IT also coordinates with our legal counsel and third parties, such as consultants and legal advisors, to assess and manage material risks from cybersecurity threats. Our management team is informed about the effectiveness of the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in our incident response plan and related processes. Our audit committee is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. Our Head of IT, or a delegate, informs the CEO of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in our incident response plan and related processes. The CEO is also primarily responsible for advising our Chief Financial Officer regarding cybersecurity disclosures in public filings. The CEO also notifies the audit committee chair of any material cybersecurity incidents. As of the date of this Report, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this Report. For further discussion of the risks associated with cybersecurity incidents, see the cybersecurity risk factor included in the section entitled “Item 1A. Risk Factors” in this Report. Impact of Cybersecurity Threats Our results of operations and financial condition have not been materially affected by cybersecurity threats or incidents to date. However, to assess, identify, and manage material risks from cybersecurity threats, including as a result of previous cybersecurity incidents, we have invested and expect to continue to invest significant resources to sustain and enhance our information security and controls or to investigate and mitigate security vulnerabilities. Although we believe that we maintain a robust program of information security and controls and that none of the cybersecurity incidents that we have encountered to date have materially affected us, we cannot be certain that the security measures and procedures we have in place to detect security incidents and protect sensitive data will be successful or sufficient to counter all current and emerging risks and threats. The impact of a material cybersecurity incident involving our systems and data, or those of our clients, partners or vendors, could have a material adverse effect on our business strategy, results of operations and financial condition.

Company Information