We believe that having a Board of Directors (the “Board”) that is comprised of members of different backgrounds, skills and perspectives ensures an effective governing body. Our Board values the insights brought through diversity in professional experience and diversity in gender, racial, ethnic and national backgrounds. Our Nominating and Corporate Governance Committee assesses these factors in the director selection and nomination process.
Key Demographics of our 2025 Board:
- Female Board of Directors: 33%
- Nationality/Ethnic Diversity: 44%
- Average Age: 64
- Independence: 89%
- C-Suite Experience: 89%
- Average Board Tenure: 8.9 years
Eight of our nine directors are independent. The Board has elected a Lead Independent Director who presides over executive sessions at each regular board meeting with the non-management directors.
The Board members annually complete a self-evaluation with key topics such as board composition and culture; information and resources; and effectiveness and oversight. Through this evaluation process, the directors assess performance, identify areas for improvement and provide feedback.
For additional information, please refer to the 2025 Proxy Statement.
Our Board of Directors has adopted several governing documents to establish an effective and robust governance framework:
- The Corporate Governance Guidelines addresses the composition and functions of the Board, director independence, compensation of directors, management succession and review, Board committees and selection of new directors.
- The Code of Conduct provides a clear statement of our mission and values and applies to all directors, officers, employees, agents (including consultants and contractors) and temporary personnel of the Company.
- The Code of Ethics for Principal Executive and Senior Financial Officers promotes high ethical standards of conduct and compliance with laws for our principal executive officer, principal financial officer, principal accounting officer and controller (or persons performing similar functions).
- The Insider Trading Policy governs the purchase, sale and other dispositions of our securities by our directors, officers, associates, and employees, affiliates, advisors and consultants, including certain family members and related parties.
The Board oversees our "three lines of defense" risk management framework, including the company-wide approach to risk management, carried out by management. Our Board determines the appropriate levels of risk for the Company generally, assesses the specific risks faced by us and reviews the steps taken by management to manage those risks. While the full Board of Directors maintains the ultimate oversight responsibility for risk management, the Board committees oversee risk in specific areas.
Risk Governance Key Documents
The Enterprise Risk Management (ERM) Framework establishes enterprise-wide governance and risk management requirements for monitoring nine categories of risk: strategic risk, credit risk, interest rate risk, liquidity risk, operational risk, compliance risk, BSA/AML risk, reputation risk and price risk.
The Risk Appetite Statement sets forth guidelines for the aggregate levels of acceptable risk across multiple dimensions and forms the basis of the Company's enterprise risk management framework. It further defines the boundaries for the type and amount of risk that may be undertaken by the Company in pursuing business objectives and initiatives.
Board Committees and Risk Oversight
The Risk Committee plays a key role in the risk oversight function. The Risk Committee assists the Board in providing oversight and guidance related to the Company’s risk management framework. Management reports periodically to the Risk Committee on the execution of the ERM Framework and compliance with the Risk Appetite Statement in carrying out the strategies and business objectives of the Company. The Risk Committee oversees the risk assessment process to assist the Board and management in identifying emerging risks that could potentially impact the Company's strategic objectives and business plan.
The Audit Committee supports the Board's risk management oversight responsibilities through its oversight of the Company's financial reporting risks and the guidelines, policies and processes for managing such risks, including internal controls over financial reporting. The Audit Committee engages in reviewing management's assessment of the Company's internal control over financial reporting and reviewing and approving the Company's significant accounting policies. The Company's independent registered public accounting firm regularly discusses risks and related mitigation measures that may come to their attention during its regular reviews and audits of the Company's financial statements. The Audit Committee regularly meets in separate executive sessions with the Company's Chief Audit Executive and the Company's independent registered public accounting firm.
The Compensation Committee is responsible for overseeing the management of risks relating to our executive compensation plans and practices, as well as the incentives created by the compensation awards it administers. The Compensation Committee reviews the Company’s incentive plans to ensure that they appropriately balance risk and reward and do not encourage inappropriate risk taking.
The Nominating and Corporate Governance Committee assists the Board in establishing and maintaining effective corporate governance policies and practices. The Nominating and Corporate Governance Committee also assists with matters related to Board composition, leadership, independence, and structure and with respect to management succession planning. The Nominating and Corporate Governance oversees Director orientation and continuing education, which may cover current and emerging risks.
Risk Management Execution
At the Board level, the Risk Committee is responsible for the oversight responsibilities over the Company’s execution of the ERM Framework and the overall governance structure that supports it.
The Board has delegated certain risk management functions to specific management level committees at the BankUnited, N.A. (the “Bank”) level. The primary role of these committees is to oversee the operational implementation of our business strategies and objectives and ensure alignment with the Board's stated risk appetite.
At the Bank level, the Enterprise Risk Management Committee (“ERMC”), composed of executive and senior members of management, provides general oversight, guidance and monitoring related to design, administration and implementation of the policies, processes and controls intended to carry out the purposes of the framework and ensure compliance with applicable laws and regulations.
The Ethics Committee is a Bank level committee that promotes and assist in maintaining a culture of ethical responsibility. The Ethics Committee reports periodically to the Audit Committee of the Board. We have established a 24-hour ethics hotline which can be used to report suspected violations of the Code of Conduct, accounting, audit or internal accounting control matters. The Company encourages any employee to report such conduct openly, if desired, or anonymously, without fear of retaliation.
Information Security and Cybersecurity Risk Oversight
Our Board oversees the management of cybersecurity risk and ratifies on an annual basis our information security policies and programs, which include our Cybersecurity Framework. The Chief Information Security Officer has primary operational responsibility for establishing, maintaining and overseeing the Company's cybersecurity program. The Chief Information Security Officer reports administratively to our Chief Risk Officer and has a direct line of reporting to the Risk Committee. The Risk Committee receives regular reporting from the Chief Information Security Officer on cybersecurity risks and the execution of the cybersecurity program. At the Bank management committee level, the Enterprise Risk Management Committee (ERMC) provides oversight over the governance framework for our information security and cybersecurity programs, and the Operational Risk Management Committee (ORMC) provides oversight over the operational execution of the programs.
In 2025, Clarium Managed Services, LLC conducted a Cybersecurity Assessment for BankUnited, N.A. The assessment gauged the overall Cybersecurity Risk Posture of BankUnited, N.A. and resulted in a score of 5 on a scale of 0 to 5.
We engage with our shareholders throughout the year. The Board recognizes the importance of maintaining strong relationships with our shareholders and values their perspectives in helping to shape our priorities, policies and practices. We regularly have discussions with shareholders, potential shareholders, proxy advisory services and investment analysts. Our CEO and CFO participate in investor conferences and other one-on-one in person and virtual meetings with shareholders and potential shareholders throughout the year.
Any interested parties desiring to communicate with the Board of Directors or any of the independent directors regarding the Company may directly contact such directors by delivering such correspondence to such directors (or the entire Board) in care of the Company's Corporate Secretary at BankUnited, Inc., 14817 Oak Lane, Miami Lakes, FL 33016.
The Audit Committee has established procedures for the receipt, retention and treatment of complaints received by us regarding accounting, internal control over financial reporting and auditing matters and the confidential, anonymous submission by our employees of concerns regarding questionable accounting or auditing matters. Persons wishing to communicate with the Audit Committee may do so by writing in care of the Chairman, Audit Committee, BankUnited, Inc., 14817 Oak Lane, Miami Lakes, FL 33016.
Engagement with Our Regulators
We routinely engage with our regulators through regularly scheduled meetings with senior management, examinations, on-going supervisory activities and an established reporting framework. We believe our regulatory relations are strong.
Protecting our Customers’ Privacy and Data
BankUnited is committed to protecting our customers through our privacy policies. Our Privacy Notice and Online and Mobile Privacy Policy Statement explain what personal information we collect about consumers, why we collect it, how we protect it and how and why in certain cases we may share it.
We maintain security standards and procedures to help prevent unauthorized access to confidential information about our customers and update and test the technology to improve the protection of our information.
Details of our commitment to privacy can be found on our website at https://www.bankunited.com/privacy.