Internal control and risk management

At the United Bankers Group, internal control and risk management comprise a key component of the Group’s governance system and good governance practices. The objective is to ensure the efficient, reliable and compliant operations of the Group, as well as the consistent identification, assessment, management and reporting of risks throughout the organisation.

Well-functioning risk management supports the long-term strategy of the Group, secures capital adequacy and solidifies confidence in the operations of the United Bankers Group among customers, investors and supervisory authorities.

The Boards of Directors of United Bankers Plc and its subsidiaries bear the responsibility for ensuring that internal control and risk management procedures are arranged in the appropriate manner. The Board of Directors of United Bankers Plc affirms the principles of risk management, division of responsibilities, risk limits and other general guidelines that steer the arrangement of risk management and internal control. The subsidiaries confirm the principles and guidelines as binding upon themselves and arrange their risk management in accordance with these principles and guidelines, considering the specific characteristics of their own business. The Board of Directors affirms the business strategy, objectives set for the business operations, as well as the general principles concerning risk appetite and capital management.

The internal control of the United Bankers Group is based on a model of three lines of defence:

The first line of defence consists of the business operations of the Group companies, responsible for identifying, managing and reporting the risks of their own operations. The business units must ensure that their operations comply with the Group's guidelines, risk management principles and applicable regulations.

The second line of defence consists of independent control functions, risk management and compliance functions. The second line of defence is tasked with monitoring and steering risk management at the Group level, supporting business functions in identifying and managing risks, along with reporting findings and risk profiles to the Board of Directors and management.

The task of the risk management function is to ensure the functionality, efficiency and quality of the Group's risk management procedures. The function is responsible for maintaining and developing the risk management framework and principles, risk assessment in cooperation with the business operations, as well as for monitoring and reporting the Group's risk profile. The risk management function reports regularly directly to the Boards of Directors and executive management of United Bankers Plc and its subsidiaries, ensuring that the management is kept up to date concerning the risks encountered by the United Bankers Group and the management thereof.

The compliance function ensures the Group's regulatory compliance and ethical operations. It oversees that the Group's operations and internal procedures comply with the applicable regulations, official guidelines and the Group's internal policies. The compliance function actively monitors regulatory changes, assesses the impacts thereof and supports business functions in regulatory interpretations. Moreover, it regularly reports to the Boards of Directors of United Bankers Plc and its subsidiaries, as well as to the executive management, concerning any detected deviations and areas for improvement.

The third line of defence comprises the internal audit function, which acts as independent support for the Board of Directors and senior management. It audits the companies' operations, internal control, risk management, management and governance processes, as well as compliance with regulations and internal guidelines on a risk-based basis. Audits and observations are reported to the Board of Directors and management. The internal audit has been outsourced to a third-party service provider.