Prevent Financial Crimes

Preventing Financial Crimes

Customer Due Diligence: United is committed to doing our part to prevent financial crimes. We have an internal policy outlining responsibilities regarding the implementation of the Bank Secrecy Act (BSA), Anti-Money Laundering (AML), Office of Foreign Assets Control (OFAC) and related regulations. The BSA/AML/OFAC program includes internal controls for detecting and reporting activity such as large currency transactions, unusual funds transfers, Know Your Customer policies, Enhanced Due Diligence policies, or unusual employee activity. All employees are responsible for reporting suspicious activity to the Bank’s BSA Officer. United maintains an ongoing training program covering money laundering detection procedures for personnel in all departments. The BSA program, including the Bank’s BSA Officer, is formally approved by the Board of Directors. Each quarter the Board of Directors reviews program summaries and receives related training. United’s Internal Audit Department conducts thorough program reviews annually, and United is subject to periodic BSA regulatory examinations.

 

Data Security and Privacy Protection

Trust is crucial to any business – especially those in the banking industry. We are honored to hold the trust of our customers as we manage sensitive data. At United, we know that continuously investing in enhanced security measures is of the utmost importance to our stakeholders. Today’s new and innovative technology presents bold opportunities for the financial industry. However, we recognize that while the use of technology improves the customer experience, it is also inherently risky and could leave the organization and customers vulnerable to cyber-attacks.

At United, we believe that success requires accountability. Our Information Security Program has clearly defined and assigned roles and responsibilities, starting with oversight by the Board Risk Committee. The program is managed by a Chief Information Security Officer (CISO) and executed by qualified personnel.

Our team stays up to date on industry best practices and participates in industry threat intelligence feeds. The Information Security Program is integrated with vendor management, business continuity planning, disaster recovery, and incident response.  Our teams are working day and night to keep your information secure.

Additionally, we have a formal cybersecurity program that identifies and assesses cybersecurity risks. United employs an in-depth, layered, defensive approach that leverages people, processes, and technology to manage and maintain cybersecurity controls. We deploy a variety of preventative and detective tools to monitor, block, and provide alerts regarding suspicious activity. Details on associated risks, as well as any material breach of security should one occur, would be disclosed in our 10-K.

Our top-notch program includes thorough policies/procedures, employee training, and several layers of assessments that protect your information and our IT systems. We utilize “best in breed” security equipment, regularly patch software, and continuously monitor and remediate vulnerabilities.

 

Policies and Procedures: United Bankshares is compliant with the Gramm-Leach Bliley Act (GLBA), which requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. The Privacy Policy is available by request or on our website: https://www.bankwithunited.com.

Our Privacy Policy applies to all business lines, employees, and contractors. It describes how we collect, share, and protect personal information. We apply physical, technical, and administrative controls to ensure a comprehensive approach to security and confidentiality. We have strong access control processes in place, and system users are provisioned based upon the principle of least privilege (where permissions are only granted to those who need access in order to perform their work). 

Employees complete Privacy Incident Reports if there is suspicion that a customer’s personal privacy has been compromised, and the report is submitted to the Information Security Department for further investigation. A comprehensive incident response plan has been developed with designated response teams. Should we need it, a cyber insurance policy is in place.

 

Training: Every United employee is responsible for protecting customer information. All employees are required to complete training on privacy and security practices annually. Trainings are continuously updated to prepare employees for the threats that have been most recently identified through our risk assessments. Employees are also tested through monthly simulated phishing attacks.

 

Assessments: Regulatory agencies and United’s Internal Audit regularly assess the Information Security Program, including established security controls. Risk assessments identify, estimate, and prioritize system risks of products, services, and equipment. United conducts regular vulnerability scans of our environment and annually contracts with third-party security firms to perform penetration testing/ vulnerability assessments. While results of these assessments are confidential, they are reported to the Board of Directors.

 

Vendor Management: We are aware that the vulnerabilities of our vendors can be vulnerabilities to United. We maintain a strong Vendor Management Program that vets and continuously monitors our third-party providers. This includes reviewing our vendors’ security controls and conducting independent assessments.