Cybersecurity risk management is an integral component of our enterprise-wide risk management framework and is embedded across our technology-driven operations, including both customer-facing platforms and internal systems. Our cybersecurity program is designed to align with recognized industry practices and focuses on protecting customer data, safeguarding financial transactions and ensuring the resilience of our digital infrastructure.

We have implemented a multi-layered security architecture that includes endpoint and network protection through advanced firewalls, intrusion prevention systems and encrypted virtual private networks. Our cloud and infrastructure environments are supported by leading third-party providers, including Amazon Web Services, Microsoft Azure and IBM Security, which provide cloud-native security capabilities and support the protection of our systems and data. We utilize Security Information and Event Management (SIEM) tools to enable real-time monitoring, threat intelligence and vulnerability management, and Security Orchestration, Automation and Response (SOAR) capabilities to integrate threat detection with incident response processes and automate workflows, enhancing the speed and effectiveness of our response to potential security events. In addition, our identity and access management (IAM) framework is designed to ensure secure authentication and mitigate fraud risks across our digital platforms.

Our board of directors has overall oversight responsibility for risk management, including cybersecurity risk, and receives periodic updates on cybersecurity matters. Day-to-day responsibility for cybersecurity is managed by specialized teams within our technology and risk functions, which are responsible for monitoring threats, managing incidents and maintaining our security controls. These teams also coordinate with third-party service providers and assess the effectiveness of our cybersecurity measures, including through the review of reports and security certifications provided by such third parties.

We maintain programs designed to promote cybersecurity awareness among our employees, including periodic training on information security, data protection and the identification and mitigation of cybersecurity risks. We also implement access controls and authentication protocols across our systems to reduce the risk of unauthorized access.

In 2025, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, cybersecurity threats continue to evolve in sophistication and frequency, and we cannot eliminate all risks associated with such threats or guarantee that we have not experienced undetected incidents. For additional information regarding cybersecurity risks, see “Item 3. Key Information—Risk Factors—We and our customers have been and could in the future be the target of attempted cyberattacks and other internet-based scams, which may materially and adversely affect our business and day-to-day operations.”