Annual report [Section 13 and 15(d), not S-K Item 405]

Cybersecurity Risk Management and Strategy Disclosure

v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Cybersecurity risk management processes are integrated into Guild’s overall risk management systems and processes. Accordingly, we manage cybersecurity risk through our enterprise-wide risk framework as described below.
Within our enterprise-wide risk framework, we maintain programs that assess, identify, and manage information technology (“IT”) risk generally and material risks from cybersecurity threats specifically. Our cybersecurity risk program is designed by our IT governance team in collaboration with our risk committee and executive officers to ensure that risks from cybersecurity threats are identified, multiple layers of protection are operating effectively, detection and response to cyber security threats are in place, and recovery of core business processes and systems is documented and tested. Our cybersecurity risk program follows the National Institute of Standards and Technology Cyber Security Framework (“NIST CSF”). We also use third-party service providers to help enhance our cybersecurity capabilities and to assist us with cybersecurity program assessments and penetration testing, including providing the function of a Chief Information Security Officer.
Specific features of our cybersecurity risk program include (i) periodic assessment of risks arising from cybersecurity threats, including a NIST CSF risk assessment, application risk assessment, and a business continuity and disaster recovery impact assessment; (ii) initiatives relating to the design, operation and monitoring of the IT risk management program and the cybersecurity risk program; (iii) creation and maintenance of redundancies for core business systems such as Guild’s originations and servicing systems; (iv) training for all personnel on aspects of cybersecurity threats, cybersecurity awareness campaigns company wide, and additional training for certain other employee groups; (v) an incident response plan that outlines the steps we will take to respond to a cybersecurity incident; and (vi) periodic cybersecurity exercises and internal cybersecurity incident simulations.
While the majority of the technology used throughout our company is proprietary, we use third parties to provide IT applications or IT infrastructure that maintain or support our operations. For certain third parties, we have processes to oversee and identify risk from cybersecurity threats through our contract management process.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
Cybersecurity risk management processes are integrated into Guild’s overall risk management systems and processes. Accordingly, we manage cybersecurity risk through our enterprise-wide risk framework as described below.
Within our enterprise-wide risk framework, we maintain programs that assess, identify, and manage information technology (“IT”) risk generally and material risks from cybersecurity threats specifically. Our cybersecurity risk program is designed by our IT governance team in collaboration with our risk committee and executive officers to ensure that risks from cybersecurity threats are identified, multiple layers of protection are operating effectively, detection and response to cyber security threats are in place, and recovery of core business processes and systems is documented and tested. Our cybersecurity risk program follows the National Institute of Standards and Technology Cyber Security Framework (“NIST CSF”).
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board of Directors and Audit Committee oversee our risk management program which includes cybersecurity risk.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors and Audit Committee oversee our risk management program which includes cybersecurity risk.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Information provided covers various aspects of our cyber defense including incident analysis and third party reports. We have processes in place so that information regarding potentially material cybersecurity incidents is escalated to the Board of Directors and the Audit Committee. Other information provided covers various aspects of our cyber defense including incident analysis and third party reports.
Cybersecurity Risk Role of Management [Text Block]
The company is responsible for assessing and managing cybersecurity risks by establishing and maintaining processes and programs designed to assess, identify, prevent, manage, detect, respond to, and mitigate potential cybersecurity threats as described above.
Our Chief Information Officer leads our information security department, which is primarily responsible for implementing and maintaining our cybersecurity risk management program. The Chief Information Officer (“CIO”) has over 30 years of experience in information technology in the mortgage origination and servicing industry, including prior service as the CIO for other mortgage institutions. The cybersecurity risk management program includes teams focused on information security, IT governance and IT operations. The information security program is also supported by personnel in legal and compliance, and application development. Guild personnel that work on cybersecurity risk management have achieved such professional certifications as Certified Information Systems Security Professional (“CISSP”) and Certified Cloud Security Professional (“CCSP”).
The Chief Information Officer also is a member of our risk committee. The risk committee oversees on an enterprise-wide basis Guild’s risk management framework, including cybersecurity risk. The IT security and IT governance teams report regularly to the risk committee on key risk indicators (“KRIs”) that track Guild’s monitoring of key cybersecurity risks and remediation initiatives. The other members of the risk committee include the Chief Executive Officer, President and Chief Operating Officer, Chief Financial Officer, and Chief Compliance Officer.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
Our Chief Information Officer leads our information security department, which is primarily responsible for implementing and maintaining our cybersecurity risk management program. The Chief Information Officer (“CIO”) has over 30 years of experience in information technology in the mortgage origination and servicing industry, including prior service as the CIO for other mortgage institutions. The cybersecurity risk management program includes teams focused on information security, IT governance and IT operations. The information security program is also supported by personnel in legal and compliance, and application development. Guild personnel that work on cybersecurity risk management have achieved such professional certifications as Certified Information Systems Security Professional (“CISSP”) and Certified Cloud Security Professional (“CCSP”).
The Chief Information Officer also is a member of our risk committee. The risk committee oversees on an enterprise-wide basis Guild’s risk management framework, including cybersecurity risk. The IT security and IT governance teams report regularly to the risk committee on key risk indicators (“KRIs”) that track Guild’s monitoring of key cybersecurity risks and remediation initiatives. The other members of the risk committee include the Chief Executive Officer, President and Chief Operating Officer, Chief Financial Officer, and Chief Compliance Officer.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Chief Information Officer (“CIO”) has over 30 years of experience in information technology in the mortgage origination and servicing industry, including prior service as the CIO for other mortgage institutions.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] The Chief Information Officer also is a member of our risk committee. The risk committee oversees on an enterprise-wide basis Guild’s risk management framework, including cybersecurity risk. The IT security and IT governance teams report regularly to the risk committee on key risk indicators (“KRIs”) that track Guild’s monitoring of key cybersecurity risks and remediation initiatives.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true