This forms the basis for principal and emerging risks, which are challenged and validated by the various management and executive committees before being presented to the Board. In addition, executive and senior management reviews are in place to ensure risks are effectively assessed. Business line risk control self-assessments (RCSA) are completed, and results are presented to the Board Risk Committee.
- Our Business and Operational Unit Managers make up our First Line of Defense. They support our risk management framework and culture and help ensure appropriate resources are allocated to risk management. The First Line of Defense is responsible for communicating risk policies to employees and incorporating them into daily operations.
- Our Second Line of Defense is Risk Management which provides a credible challenge to the First Line of Defense in identifying, assessing, and managing risks across the Institution. Risk Management independently assesses the design and effectiveness of the Company’s overall ERM Program, monitors compliance with legal and regulatory requirements and governs risk tolerance through policy reviews and approval as well as ensuring that appropriate resources are in place to identify, measure, monitor, and control the Company’s highest risk issues.
- Internal Audit serves as our Third Line of Defense and independently assesses the design and effectiveness of our ERM Program. They monitor compliance with and governance of legal and regulatory requirements and risk tolerance. This Line of Defense focuses on our highest risk issues and ensures processes and resources are in place to identify, measure, monitor, and control risk. Internal Audit acts as oversight on behalf of the Board and provides updates, as necessary.
United’s Risk Management team continuously builds expertise through external research, collaboration with consultants and third-party vendors, participating in industry peer groups and trade associations, conferences, and more. This prepares the Risk Management team to collaborate with business lines in identifying risks.
Identifying risk is a dynamic process. Risk assessments are an essential tool in identifying and evaluating material risks that may have a negative impact on the business. When performing iterations of risk assessments, United uses a cross functional team to make risk assessments more robust, increasing accuracy and ensuring consistency. Twenty-nine business lines or departments complete risk assessments. Collaborating with internal risk experts, they identify potential risks and then rank those risks based on probability, impact, and mitigation strategies.