Cybersecurity Risk Management, Strategy, and Governance |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | ITEM 16K. Cybersecurity
As cybersecurity risks increase in both frequency and impact, IFS and its subsidiaries have implemented a cyber resilience strategy designed to protect, identify, and respond to cybersecurity threats, as well as actions for the recovery of technology and operational processes to ensure business continuity in the event of a cybersecurity breach. This strategy includes the implementation of tools, procedures, and teams of cybersecurity experts operating under a management framework based on industry standards such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ISO 27001, and PCI DSS. It also considers new industry trends, current regulations, and definitions established by IFS and its subsidiaries. The following is a summary of the cybersecurity risk management and strategy in each of our segments. Banking Segment Risk management and strategy While the Cybersecurity Division of Interbank leads the management of cybersecurity risks, this responsibility is shared across the organization and involves close coordination with multiple stakeholders, including Business Units, Technology, Legal, Compliance, Risk Management (including Operational Risk), and Internal Audit.
Both the cybersecurity strategy and the cybersecurity risk management framework are developed and executed considering the business strategy, applicable cybersecurity regulations, the institution's risk appetite, and the global cybersecurity threat landscape, ensuring an integrated and aligned approach to risk management at the organizational level.
The cybersecurity risk management framework is designed to establish capabilities and responsibilities across different layers of control, including: • Teams, tools, and procedures for the systematic identification, assessment, treatment, and mitigation of cybersecurity risks; • A governance model that defines the cybersecurity management framework and provides guidance, oversight and relevant information to senior management to support informed decision-making; and • An independent audit model that oversees the design and effective execution of the cybersecurity management framework. The Cybersecurity Division is responsible for defining methodologies, procedures, and tools for managing cybersecurity risks and for defining policies approved by Interbank’s board of directors. Both Interbank’s board of directors and the executive level seek to ensure adequate resource allocation (people, technology, and processes) for this purpose. They also promote the development of a culture around strong cybersecurity habits throughout the organization.
The sophistication of techniques used for attacks, coupled with the hybrid work environment extending the security perimeter to multiple locations and devices, the growing adoption of the cloud, and emerging technologies such as AI, create a challenging and ever-changing environment for cybersecurity management.
Interbank’s cybersecurity strategy to address this environment focuses on: • Strengthening capabilities to enable a secure hybrid work environment for employees and third parties involved in our operations, regardless of their location when accessing organizational resources. Technologies such as Secure Web Gateway (SWG) for web browsing security, Cloud Access Security Broker (CASB) for SaaS access and Zero Trust Network Access (ZTNA) for remote secure access, have been implemented. Additionally, this strategy includes strengthening capabilities for preventing data leakage (DLP) as a complement to these actions. • Consolidating a Security Operations Center (SOC), managed by IBM X-Force, which includes capabilities for protection, detection, and response to cybersecurity threats through technologies such as Endpoint and Network Detection and Response (EDR/NDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR), as part of our Extended Detection and Response (XDR) journey. • Enhancing our digital channels security, especially authentication mechanisms and their software development lifecycle through securing software development lifecycle controls, including static (SAST), dynamic (DAST), and third-party component (SCA) security testing approaches to ensure the security quality of the services provided to customers. • Use of AI to evolve across the board our capabilities of detection and response. Applied in different layers, from the network, identity, data and endpoint to analize anomalies and respond in automatic playbooks.
In 2025, Interbank implemented a series of initiatives to further strengthen its cybersecurity strategy. These initiatives included organization-wide cybersecurity awareness and training programs, encompassing internal communication campaigns using audiovisual media, informative bulletins, expert-led sessions, formal security training courses, and simulated social engineering exercises.
These efforts were designed to enhance employee awareness of cybersecurity threats, assess detection capabilities, and promote timely and effective incident reporting. In addition, Interbank conducted tabletop and cyber range exercises involving senior management and technical incident response teams to further strengthen the organization's preparedness and reponse capabilities.
In 2025, Interbank did not experience any cybersecurity incidents that materially affected, or were reasonably likely to materially affect the company.
Governance Interbank’s board of directors has established oversight committees responsible for the supervision of cybersecurity risk management, including the Integrated Risk Management Committee and the Information Security and Cybersecurity Committee. These committees oversee the effectiveness of cybersecurity management, provide guidance on the development and updates of relevant policies, and support decision-making related to cybersecurity matters. The board of directors approves cybersecurity-related policies and monitors the cybersecurity management program through regular reports from these committees. In addition, one of Interbank’s directors (Marcia Nogueira de Mello, see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Board of Directors”) has been designated, since 2023, as the director responsible for overseeing the effectiveness of Interbank’s information security and cybersecurity framework. In this role, she periodically evaluates performance, provides guidance, and reports to the board on the overall state of cybersecurity management. This governance structure is designed to ensure effective cybersecurity risk oversight and to enable the board of directors to maintain a clear and informed understanding of the organization's cybersecurity posture. Through the Integrated Risk Management Committee, which includes board members, the board receives information on Interbank's cybersecurity risk exposure profile, the level of alignment with the defined risk appetite and tolerance, and the mitigation measures implemented. Through the Audit Committee, which also includes board members, the board receives information on independent assessments of the cybersecurity management framework and on progress against remediation and improvement plans arising from those assessments. The Information Security and Cybersecurity Committee is responsible for aligning the cybersecurity strategy with Interbank's business strategy and defined risk appetite and tolerance objectives. This committee monitors the execution of the cybersecurity strategy, remains informed of relevant cybersecurity incidents, and oversees the implementation of mitigation actions and the incorporation of lessons learned. It also ensures that material cybersecurity risks and related mitigation actions are communicated to the board of directors through established reporting channels. This committee is composed of: • Alfonso Alejandro Díaz Tordoya. Executive Vice President of Operations and Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Julio Del Valle Montero.Executive Vice President of Human Resources (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Alexander Woodman Navarrete. Executive Vice President of Retail Banking and Channels (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Víctor Cárcamo Palacios.Executive Vice President for Commercial Banking (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Marcelo do Amaral Fernandes de Sousa currently serving as Chief Information Security Officer(CISO) at Interbank since January 2026. He has held CISO positions at leading Brazilian financial institutions, including Banco Safra, XP Inc., BTG Pactual and B3 (Brazil's stock exchange and main financial market infrastructure company in Latin America). Insurance Segment Risk management and strategy Interseguro has a framework for comprehensive risk management, including cybersecurity risks. The framework establishes procedures for the identification, assessment, mitigation, and communication of cybersecurity risks. While the Information Security and Cybersecurity unit is responsible for providing methodological support for cybersecurity risk management and defining control policies and procedures, the function extends across business and support units, which are accountable for the risks. Additionally, an audit layer has been established to independently assess the performance of the defined management framework. Interseguro’s strategy focuses on the implementation of measures to prevent, detect, respond and recover from cybersecurity threats in a global environment where the materialization of cybersecurity risks continues to increase. These measures have primarily centered around improving identity and access management controls, both in preventive aspects and monitoring activities. Additionally, the governance framework has been strengthened through the updating of information security policies and associated procedures, along with the reinforcement of vulnerability identification processes through red team exercises. In 2025, Interseguro developed the following main cybersecurity initiatives to further consolidate its posture to face cybersecurity risks: • A 360° social engineering program was implemented to strengthen human factor resilience, reducing the success rate of phishing and vishing attacks through simulations. • A DLP tool was deployed to bolster control over sensitive information, ensuring asset protection and compliance with personal data protection regulations. • Artificial Intelligence was integrated into the secure development lifecycle (S-SDLC) to automate code review, enabling early identification of vulnerabilities from the design phase.
In 2025, Interseguro carried out awareness initiatives, including internal communications through informative bulletins and simulated social engineering attack campaigns. These efforts aimed to enhance employee awareness of such threats, assess their ability to recognize them, and promote effective reporting. Additionally, Interseguro conducted a tabletop exercise with senior management and technical incident response teams to strengthen the organization's capabilities in responding to potential security breaches. In 2025, Interseguro did not have any cybersecurity incidents that materially affected it or were reasonably likely to materially affect it. Governance Interseguro’s board of directors has established a Risk Committee to oversee risk management within the organization, including cybersecurity risks, with the participation of certain of Interseguro board members. This committee approves and oversees the implementation of the strategy, policies and procedures for cyber risk management, reports information on pertinent vulnerabilities and their corresponding correction plans and communicates incidents as they occur. The board of directors has also set up an Audit Committee, with the participation of certain board members, to which the Interseguro internal audit unit reports on assessments of the cybersecurity management model and on the compliance with improvement plans related to these assessments. Additionally, Interseguro’s management has established a Cyber and Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Gonzalo José Basadre Brazzini Chief Executive Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Sergio Jhasmany Soliz Bilbao Vice President of Information Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Carlos Vereau Montenegro has served as Risk Manager since July 2011. Mr. Vereau received a bachelor’s degree in economics from Universidad del Pacífico and holds a master's in administration from Universidad del Pacífico. • Carlos Campos Cabrera has served as Interseguro’s Head of Information Security and Cybersecurity since March 2023. Mr. Campos received a bachelor’s degree systems engineering from Universidad San Ignacio de Loyola and holds a master's in business administration from Universidad Peruana de Ciencias Aplicadas. Additionally, he holds certifications as a ISO 27032 Lead Cybersecurity Manager and ISO 27001 ISMS Lead Implementer from the Professional Evaluation and Certification Board (PECB). Wealth Management Segment Risk management and strategy Inteligo has a framework for comprehensive risk management, including cybersecurity risks. The framework establishes procedures for the identification, assessment, mitigation, and communication of cybersecurity risks. While the Information Security unit is responsible for providing methodological support for cybersecurity risk management and defining control policies and procedures, the function extends across business and support units, which are accountable for the risks. Additionally, an audit layer has been established to independently assess the performance of the defined management framework. As a part of its cybersecurity strategy, Inteligo has strengthened its identification, protection, detection and action cybersecurity plans, which reduced the occurrence of attacks and mitigated the risk of cyber threats. This strategy is based on the cybersecurity framework of the National Institute of Standards and Technology (NIST), and other standards such as ISO 27001:2022. Inteligo’s cybersecurity strategy includes improvements to security on different fronts, including mobile devices, workstations, identity, application, in the cloud and on premises. Inteligo uses updated technology such as behavior analysis and artificial intelligence, which allow its human resources to reduce time spent on threat detection and analysis. In 2025, Inteligo implemented the following main cybersecurity initiatives to further strengthen its stance in addressing cybersecurity risks: Strengthening cyber resilience, enhancing threat detection and incident response capabilities, protecting critical information and digital assets, and reinforcing cybersecurity governance aligned with internationally recognized frameworks such as NIST and ISO/IEC 27001. The strategy incorporates security‑by‑design principles across technology and business initiatives, integrates cybersecurity considerations into system architecture and development processes, and is designed to support the organization’s ongoing efforts toward compliance and certification under ISO/IEC 27001:2022. This approach enables risk‑based decision‑making at executive and board levels and supports preparedness against evolving cyber threats, including ransomware, cloud‑related risks, and third‑party exposures. In 2025, Inteligo executed awareness actions including simulated social engineering attack campaigns, and newsletters and informative bulletins.
In 2025, Inteligo did not have any cybersecurity incidents that materially affected it or were reasonably likely to materially affect it. Governance Inteligo’s board of directors has established a Risk Management Committee to oversee risk management within the organization, including cybersecurity risks, with board members participating. This committee approves and oversees the implementation of the strategy policies and procedures for cyber risk management, reports information on pertinent vulnerabilities and their corresponding correction plans and communicates incidents as they occur. In addition to the Directors who make up the committee, the following executive officers and managers are committee members: • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers”). • Cesar Pasara Ponce has served as Corporate Risk Officer since April 2021. Mr. Pasara received a bachelor’s degree in industrial engineering from Pontificia Universidad Católica del Perú and holds a master's in business administration from IE Business School. • Nellyreth Reyes has served as Finance and Accounting Manager since January, 2025. Ms. Reyes holds a bachelor’s degree in Banking, Finance, and Accounting from the Universidad Santa María La Antigua in Panama, as well as a master’s degree in Strategic Management with a specialization in International Business and Marketing. In 2011, she earned a certificate from NIFF. • Coralia Montenegro, an attorney with over 20 years of experience who has been working in the banking sector since 2010. She has served as Legal Manager at Inteligo Bank since January 2016 and has been responsible for Corporate Governance since January 2024. She holds a certification in Corporate Governance from the Wharton School.
The board of directors has also set up an Audit Committee, with the participation of certain board members, to which the Inteligo internal audit unit reports on assessments of the cybersecurity management model and on the compliance with improvement plans related to these assessments.
Additionally, Inteligo’s management has established an Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers.”) • Josué Meneses has served as Information Security Manager since January 2010. Mr. Meneses received a bachelor’s degree in systems engineering from Universidad Tecnológica de Panamá and holds a master’s degree in Informatic Management from Universidad Latina de Panamá. • Alfredo Castro has served as Information Technology Manager since September 2022. Mr. Castro received a bachelor’s degree in systems engineering from Universidad Latina de Panamá and holds a master’s in business administration from Universidad de Chile. • Rogelio Chavez Lopez has served as Risk Manager since December 2013. Mr. Chavez received a bachelor’s degree in economics and finance from Universidad de Panamá and holds a master's in business administration from Universidad Interamericana de Panamá. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Both the cybersecurity strategy and the cybersecurity risk management framework are developed and executed considering the business strategy, applicable cybersecurity regulations, the institution's risk appetite, and the global cybersecurity threat landscape, ensuring an integrated and aligned approach to risk management at the organizational level. The strategy incorporates security‑by‑design principles across technology and business initiatives, integrates cybersecurity considerations into system architecture and development processes, and is designed to support the organization’s ongoing efforts toward compliance and certification under ISO/IEC 27001:2022. |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Governance Interbank’s board of directors has established oversight committees responsible for the supervision of cybersecurity risk management, including the Integrated Risk Management Committee and the Information Security and Cybersecurity Committee. These committees oversee the effectiveness of cybersecurity management, provide guidance on the development and updates of relevant policies, and support decision-making related to cybersecurity matters. The board of directors approves cybersecurity-related policies and monitors the cybersecurity management program through regular reports from these committees. In addition, one of Interbank’s directors (Marcia Nogueira de Mello, see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Board of Directors”) has been designated, since 2023, as the director responsible for overseeing the effectiveness of Interbank’s information security and cybersecurity framework. In this role, she periodically evaluates performance, provides guidance, and reports to the board on the overall state of cybersecurity management. This governance structure is designed to ensure effective cybersecurity risk oversight and to enable the board of directors to maintain a clear and informed understanding of the organization's cybersecurity posture. Through the Integrated Risk Management Committee, which includes board members, the board receives information on Interbank's cybersecurity risk exposure profile, the level of alignment with the defined risk appetite and tolerance, and the mitigation measures implemented. Through the Audit Committee, which also includes board members, the board receives information on independent assessments of the cybersecurity management framework and on progress against remediation and improvement plans arising from those assessments. The Information Security and Cybersecurity Committee is responsible for aligning the cybersecurity strategy with Interbank's business strategy and defined risk appetite and tolerance objectives. This committee monitors the execution of the cybersecurity strategy, remains informed of relevant cybersecurity incidents, and oversees the implementation of mitigation actions and the incorporation of lessons learned. It also ensures that material cybersecurity risks and related mitigation actions are communicated to the board of directors through established reporting channels. This committee is composed of: • Alfonso Alejandro Díaz Tordoya. Executive Vice President of Operations and Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Julio Del Valle Montero.Executive Vice President of Human Resources (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Alexander Woodman Navarrete. Executive Vice President of Retail Banking and Channels (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Víctor Cárcamo Palacios.Executive Vice President for Commercial Banking (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Marcelo do Amaral Fernandes de Sousa currently serving as Chief Information Security Officer(CISO) at Interbank since January 2026. He has held CISO positions at leading Brazilian financial institutions, including Banco Safra, XP Inc., BTG Pactual and B3 (Brazil's stock exchange and main financial market infrastructure company in Latin America). Governance Interseguro’s board of directors has established a Risk Committee to oversee risk management within the organization, including cybersecurity risks, with the participation of certain of Interseguro board members. This committee approves and oversees the implementation of the strategy, policies and procedures for cyber risk management, reports information on pertinent vulnerabilities and their corresponding correction plans and communicates incidents as they occur. The board of directors has also set up an Audit Committee, with the participation of certain board members, to which the Interseguro internal audit unit reports on assessments of the cybersecurity management model and on the compliance with improvement plans related to these assessments. Additionally, Interseguro’s management has established a Cyber and Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Gonzalo José Basadre Brazzini Chief Executive Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Sergio Jhasmany Soliz Bilbao Vice President of Information Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Carlos Vereau Montenegro has served as Risk Manager since July 2011. Mr. Vereau received a bachelor’s degree in economics from Universidad del Pacífico and holds a master's in administration from Universidad del Pacífico. • Carlos Campos Cabrera has served as Interseguro’s Head of Information Security and Cybersecurity since March 2023. Mr. Campos received a bachelor’s degree systems engineering from Universidad San Ignacio de Loyola and holds a master's in business administration from Universidad Peruana de Ciencias Aplicadas. Additionally, he holds certifications as a ISO 27032 Lead Cybersecurity Manager and ISO 27001 ISMS Lead Implementer from the Professional Evaluation and Certification Board (PECB). Governance Inteligo’s board of directors has established a Risk Management Committee to oversee risk management within the organization, including cybersecurity risks, with board members participating. This committee approves and oversees the implementation of the strategy policies and procedures for cyber risk management, reports information on pertinent vulnerabilities and their corresponding correction plans and communicates incidents as they occur. In addition to the Directors who make up the committee, the following executive officers and managers are committee members: • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers”). • Cesar Pasara Ponce has served as Corporate Risk Officer since April 2021. Mr. Pasara received a bachelor’s degree in industrial engineering from Pontificia Universidad Católica del Perú and holds a master's in business administration from IE Business School. • Nellyreth Reyes has served as Finance and Accounting Manager since January, 2025. Ms. Reyes holds a bachelor’s degree in Banking, Finance, and Accounting from the Universidad Santa María La Antigua in Panama, as well as a master’s degree in Strategic Management with a specialization in International Business and Marketing. In 2011, she earned a certificate from NIFF. • Coralia Montenegro, an attorney with over 20 years of experience who has been working in the banking sector since 2010. She has served as Legal Manager at Inteligo Bank since January 2016 and has been responsible for Corporate Governance since January 2024. She holds a certification in Corporate Governance from the Wharton School.
The board of directors has also set up an Audit Committee, with the participation of certain board members, to which the Inteligo internal audit unit reports on assessments of the cybersecurity management model and on the compliance with improvement plans related to these assessments.
Additionally, Inteligo’s management has established an Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers.”) • Josué Meneses has served as Information Security Manager since January 2010. Mr. Meneses received a bachelor’s degree in systems engineering from Universidad Tecnológica de Panamá and holds a master’s degree in Informatic Management from Universidad Latina de Panamá. • Alfredo Castro has served as Information Technology Manager since September 2022. Mr. Castro received a bachelor’s degree in systems engineering from Universidad Latina de Panamá and holds a master’s in business administration from Universidad de Chile. • Rogelio Chavez Lopez has served as Risk Manager since December 2013. Mr. Chavez received a bachelor’s degree in economics and finance from Universidad de Panamá and holds a master's in business administration from Universidad Interamericana de Panamá. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Interbank’s board of directors has established oversight committees responsible for the supervision of cybersecurity risk management, including the Integrated Risk Management Committee and the Information Security and Cybersecurity Committee. These committees oversee the effectiveness of cybersecurity management, provide guidance on the development and updates of relevant policies, and support decision-making related to cybersecurity matters. Interseguro’s board of directors has established a Risk Committee to oversee risk management within the organization, including cybersecurity risks, with the participation of certain of Interseguro board members. This committee approves and oversees the implementation of the strategy, policies and procedures for cyber risk management, reports information on pertinent vulnerabilities and their corresponding correction plans and communicates incidents as they occur. Inteligo’s board of directors has established a Risk Management Committee to oversee risk management within the organization, including cybersecurity risks, with board members participating. This committee approves and oversees the implementation of the strategy policies and procedures for cyber risk management, reports information on pertinent vulnerabilities and their corresponding correction plans and communicates incidents as they occur. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The board of directors approves cybersecurity-related policies and monitors the cybersecurity management program through regular reports from these committees. In addition, one of Interbank’s directors (Marcia Nogueira de Mello, see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Board of Directors”) has been designated, since 2023, as the director responsible for overseeing the effectiveness of Interbank’s information security and cybersecurity framework. In this role, she periodically evaluates performance, provides guidance, and reports to the board on the overall state of cybersecurity management. |
| Cybersecurity Risk Role of Management [Text Block] | Through the Integrated Risk Management Committee, which includes board members, the board receives information on Interbank's cybersecurity risk exposure profile, the level of alignment with the defined risk appetite and tolerance, and the mitigation measures implemented. Through the Audit Committee, which also includes board members, the board receives information on independent assessments of the cybersecurity management framework and on progress against remediation and improvement plans arising from those assessments. The Information Security and Cybersecurity Committee is responsible for aligning the cybersecurity strategy with Interbank's business strategy and defined risk appetite and tolerance objectives. This committee monitors the execution of the cybersecurity strategy, remains informed of relevant cybersecurity incidents, and oversees the implementation of mitigation actions and the incorporation of lessons learned. It also ensures that material cybersecurity risks and related mitigation actions are communicated to the board of directors through established reporting channels. This committee is composed of: • Alfonso Alejandro Díaz Tordoya. Executive Vice President of Operations and Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Julio Del Valle Montero.Executive Vice President of Human Resources (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Alexander Woodman Navarrete. Executive Vice President of Retail Banking and Channels (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Víctor Cárcamo Palacios.Executive Vice President for Commercial Banking (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Marcelo do Amaral Fernandes de Sousa currently serving as Chief Information Security Officer(CISO) at Interbank since January 2026. He has held CISO positions at leading Brazilian financial institutions, including Banco Safra, XP Inc., BTG Pactual and B3 (Brazil's stock exchange and main financial market infrastructure company in Latin America). The board of directors has also set up an Audit Committee, with the participation of certain board members, to which the Interseguro internal audit unit reports on assessments of the cybersecurity management model and on the compliance with improvement plans related to these assessments. Additionally, Interseguro’s management has established a Cyber and Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Gonzalo José Basadre Brazzini Chief Executive Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Sergio Jhasmany Soliz Bilbao Vice President of Information Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Carlos Vereau Montenegro has served as Risk Manager since July 2011. Mr. Vereau received a bachelor’s degree in economics from Universidad del Pacífico and holds a master's in administration from Universidad del Pacífico. • Carlos Campos Cabrera has served as Interseguro’s Head of Information Security and Cybersecurity since March 2023. Mr. Campos received a bachelor’s degree systems engineering from Universidad San Ignacio de Loyola and holds a master's in business administration from Universidad Peruana de Ciencias Aplicadas. Additionally, he holds certifications as a ISO 27032 Lead Cybersecurity Manager and ISO 27001 ISMS Lead Implementer from the Professional Evaluation and Certification Board (PECB). In addition to the Directors who make up the committee, the following executive officers and managers are committee members: • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers”). • Cesar Pasara Ponce has served as Corporate Risk Officer since April 2021. Mr. Pasara received a bachelor’s degree in industrial engineering from Pontificia Universidad Católica del Perú and holds a master's in business administration from IE Business School. • Nellyreth Reyes has served as Finance and Accounting Manager since January, 2025. Ms. Reyes holds a bachelor’s degree in Banking, Finance, and Accounting from the Universidad Santa María La Antigua in Panama, as well as a master’s degree in Strategic Management with a specialization in International Business and Marketing. In 2011, she earned a certificate from NIFF. • Coralia Montenegro, an attorney with over 20 years of experience who has been working in the banking sector since 2010. She has served as Legal Manager at Inteligo Bank since January 2016 and has been responsible for Corporate Governance since January 2024. She holds a certification in Corporate Governance from the Wharton School.
The board of directors has also set up an Audit Committee, with the participation of certain board members, to which the Inteligo internal audit unit reports on assessments of the cybersecurity management model and on the compliance with improvement plans related to these assessments.
Additionally, Inteligo’s management has established an Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers.”) • Josué Meneses has served as Information Security Manager since January 2010. Mr. Meneses received a bachelor’s degree in systems engineering from Universidad Tecnológica de Panamá and holds a master’s degree in Informatic Management from Universidad Latina de Panamá. • Alfredo Castro has served as Information Technology Manager since September 2022. Mr. Castro received a bachelor’s degree in systems engineering from Universidad Latina de Panamá and holds a master’s in business administration from Universidad de Chile. • Rogelio Chavez Lopez has served as Risk Manager since December 2013. Mr. Chavez received a bachelor’s degree in economics and finance from Universidad de Panamá and holds a master's in business administration from Universidad Interamericana de Panamá. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The Information Security and Cybersecurity Committee is responsible for aligning the cybersecurity strategy with Interbank's business strategy and defined risk appetite and tolerance objectives. This committee monitors the execution of the cybersecurity strategy, remains informed of relevant cybersecurity incidents, and oversees the implementation of mitigation actions and the incorporation of lessons learned. It also ensures that material cybersecurity risks and related mitigation actions are communicated to the board of directors through established reporting channels. This committee is composed of: • Alfonso Alejandro Díaz Tordoya. Executive Vice President of Operations and Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Julio Del Valle Montero.Executive Vice President of Human Resources (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Alexander Woodman Navarrete. Executive Vice President of Retail Banking and Channels (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Víctor Cárcamo Palacios.Executive Vice President for Commercial Banking (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Marcelo do Amaral Fernandes de Sousa currently serving as Chief Information Security Officer(CISO) at Interbank since January 2026. He has held CISO positions at leading Brazilian financial institutions, including Banco Safra, XP Inc., BTG Pactual and B3 (Brazil's stock exchange and main financial market infrastructure company in Latin America). Additionally, Interseguro’s management has established a Cyber and Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Gonzalo José Basadre Brazzini Chief Executive Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Sergio Jhasmany Soliz Bilbao Vice President of Information Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Carlos Vereau Montenegro has served as Risk Manager since July 2011. Mr. Vereau received a bachelor’s degree in economics from Universidad del Pacífico and holds a master's in administration from Universidad del Pacífico. • Carlos Campos Cabrera has served as Interseguro’s Head of Information Security and Cybersecurity since March 2023. Mr. Campos received a bachelor’s degree systems engineering from Universidad San Ignacio de Loyola and holds a master's in business administration from Universidad Peruana de Ciencias Aplicadas. Additionally, he holds certifications as a ISO 27032 Lead Cybersecurity Manager and ISO 27001 ISMS Lead Implementer from the Professional Evaluation and Certification Board (PECB). Additionally, Inteligo’s management has established an Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. This committee is composed by: • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers.”) • Josué Meneses has served as Information Security Manager since January 2010. Mr. Meneses received a bachelor’s degree in systems engineering from Universidad Tecnológica de Panamá and holds a master’s degree in Informatic Management from Universidad Latina de Panamá. • Alfredo Castro has served as Information Technology Manager since September 2022. Mr. Castro received a bachelor’s degree in systems engineering from Universidad Latina de Panamá and holds a master’s in business administration from Universidad de Chile. • Rogelio Chavez Lopez has served as Risk Manager since December 2013. Mr. Chavez received a bachelor’s degree in economics and finance from Universidad de Panamá and holds a master's in business administration from Universidad Interamericana de Panamá. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | • Alfonso Alejandro Díaz Tordoya. Executive Vice President of Operations and Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Julio Del Valle Montero.Executive Vice President of Human Resources (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Alexander Woodman Navarrete. Executive Vice President of Retail Banking and Channels (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Víctor Cárcamo Palacios.Executive Vice President for Commercial Banking (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interbank—Executive Officers”). • Marcelo do Amaral Fernandes de Sousa currently serving as Chief Information Security Officer(CISO) at Interbank since January 2026. He has held CISO positions at leading Brazilian financial institutions, including Banco Safra, XP Inc., BTG Pactual and B3 (Brazil's stock exchange and main financial market infrastructure company in Latin America). • Gonzalo José Basadre Brazzini Chief Executive Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Sergio Jhasmany Soliz Bilbao Vice President of Information Technology (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Interseguro—Executive Officers”). • Carlos Vereau Montenegro has served as Risk Manager since July 2011. Mr. Vereau received a bachelor’s degree in economics from Universidad del Pacífico and holds a master's in administration from Universidad del Pacífico. • Carlos Campos Cabrera has served as Interseguro’s Head of Information Security and Cybersecurity since March 2023. Mr. Campos received a bachelor’s degree systems engineering from Universidad San Ignacio de Loyola and holds a master's in business administration from Universidad Peruana de Ciencias Aplicadas. Additionally, he holds certifications as a ISO 27032 Lead Cybersecurity Manager and ISO 27001 ISMS Lead Implementer from the Professional Evaluation and Certification Board (PECB). • Victor Vinatea Cámere Chief Executive Officer of the Panamanian Branch and Inteligo’s Chief Operations Officer (see “Item 6. Directors, Senior Management and Employees—Directors and senior management—Inteligo—Executive Officers.”) • Josué Meneses has served as Information Security Manager since January 2010. Mr. Meneses received a bachelor’s degree in systems engineering from Universidad Tecnológica de Panamá and holds a master’s degree in Informatic Management from Universidad Latina de Panamá. • Alfredo Castro has served as Information Technology Manager since September 2022. Mr. Castro received a bachelor’s degree in systems engineering from Universidad Latina de Panamá and holds a master’s in business administration from Universidad de Chile. •
Rogelio Chavez Lopez has served as Risk Manager since December 2013. Mr. Chavez received a bachelor’s degree in economics and finance from Universidad de Panamá and holds a master's in business administration from Universidad Interamericana de Panamá. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Through the Integrated Risk Management Committee, which includes board members, the board receives information on Interbank's cybersecurity risk exposure profile, the level of alignment with the defined risk appetite and tolerance, and the mitigation measures implemented. Through the Audit Committee, which also includes board members, the board receives information on independent assessments of the cybersecurity management framework and on progress against remediation and improvement plans arising from those assessments. Additionally, Inteligo’s management has established an Information Security Committee which monitors the development of the defined strategy, analyzes information about relevant vulnerabilities and the related correction plans, and to which the occurrence of incidents is communicated. |