Risk Management

Risk Management

United Bank views effective risk management as identifying the nature, likelihood, and magnitude of risk, then determining which risks to accept, reject, or mitigate in order to find the optimal balance between risk and reward.

Our framework is not designed to avoid risk; rather, to guide management in maximizing business opportunities consistent with both United’s strategy and with the risk appetite that is established by UBSI’s Board of Directors. We take a proactive risk management approach.

United understands the importance of maintaining proper governance and oversight of risk management activities in order to deliver value to employees, customers, shareholders, and communities. Our mission, vision, core values, and standards of conduct set the tone for the risk culture and objectives of our organization.

The foundation of United’s risk culture is the “tone-at-the-top” established by our Board of Directors. Every employee is considered a risk manager and is accountable for understanding and identifying concerns to management. Executive leadership and the Board of Directors promote this culture which supports individual accountability. Our employees are encouraged to self-identify departures from regulation, policy, or proscribed process, and play an active role in discussing risks.

Enterprise Risk Management Framework

An Enterprise Risk Management (ERM) Program is implemented across United and assists in identifying and managing potential risks that may affect the Company. As the program is continually enhanced, United is incorporating climate-related risk into its existing ERM framework. Our common framework, applied by the three lines of defense, consist of:

This forms the basis for principal and emerging risks, which are challenged and validated by the various management and executive committees before being presented to the Board. In addition, executive and senior management reviews are in place to ensure risks are effectively assessed. Business line risk control self-assessments (RCSA) are completed, and results are presented to the Board Risk Committee. 

  1. Our Business and Operational Unit Managers make up our First Line of Defense. They support our risk management framework and culture and help ensure appropriate resources are allocated to risk management. The First Line of Defense is responsible for communicating risk policies to employees and incorporating them into daily operations.
  2. Our Second Line of Defense is Risk Management which provides a credible challenge to the First Line of Defense in identifying, assessing, and managing risks across the Institution. Risk Management independently assesses the design and effectiveness of the Company’s overall ERM Program, monitors compliance with legal and regulatory requirements and governs risk tolerance through policy reviews and approval as well as ensuring that appropriate resources are in place to identify, measure, monitor, and control the Company’s highest risk issues.
  3. Internal Audit serves as our Third Line of Defense and independently assesses the design and effectiveness of our ERM Program. They monitor compliance with and governance of legal and regulatory requirements and risk tolerance. This Line of Defense focuses on our highest risk issues and ensures processes and resources are in place to identify, measure, monitor, and control risk. Internal Audit acts as oversight on behalf of the Board and provides updates, as necessary.

United’s Risk Management team continuously builds expertise through external research, collaboration with consultants and third-party vendors, participating in industry peer groups and trade associations, conferences, and more. This prepares the Risk Management team to collaborate with business lines in identifying risks.

Identifying risk is a dynamic process. Risk assessments are an essential tool in identifying and evaluating material risks that may have a negative impact on the business. When performing iterations of risk assessments, United uses a cross functional team to make risk assessments more robust, increasing accuracy and ensuring consistency. Twenty-nine business lines or departments complete risk assessments. Collaborating with internal risk experts, they identify potential risks and then rank those risks based on probability, impact, and mitigation strategies.

Likelihood x Impact = Inherent Risk

Inherent Risk – Mitigation Strategies/Controls = Residual Risk

Inherent risks facing United will be effectively managed to an acceptable residual risk via our mitigation strategies and internal control structure, considering cost, efficiency, and client experience. The level of residual risk is measured as low, moderate, and high using the following definitions:

  • Low: The level of residual risk will not substantially impede the ability for United to achieve its mission, goals, or strategic objectives. Risk exposure can be reversed or modified with only negligible cost or difficulty. Sufficient controls, policies, processes, personnel, and capital are in place so that exposure to risk is nominal and commensurate United’s objectives.
  • Moderate: The level of residual risk is not expected to significantly affect United’s ability to achieve its mission, goals, or strategic objectives. Company initiatives in relation to risk may be elevated, but not overly aggressive and can be reversed or modified without significant cost or difficulty. Initiatives are supported by effectively designed policies, processes, personnel, and capital.
  • High: The level of residual risk may significantly impede the ability to achieve United’s mission, goals, or strategic objectives. Company initiatives in relation to risk may be overly aggressive. Policies, processes, personnel, or activities may not exist or be poorly designed.

Preventing Financial Crimes

United is committed to doing our part to prevent financial crimes.

Read more