Responsible Business & Corporate Governance

A Message from Atlantic Union Bankshares Corporation Board Chair Ronald Tillett

I take a great deal of pride in continuing to serve as the Chair of the Board of Directors of Atlantic Union Bankshares Corporation. It was an honor to join the Board in 2003, and an even greater honor to be selected as Chair in 2019.

As we continue to grow our strong presence in the Mid-Atlantic region, we remain committed to operating with a high degree of integrity. It’s a commitment that the team knows is essential and embraces with confidence and accountability. Our community expects us to be responsible corporate citizens and to listen and respond to feedback. It’s an expectation that we work hard to uphold each and every day.

Each year I continue to be impressed, not only with the results of our community impact efforts, but also by our unwavering commitment to making a difference in the communities we serve. The desire to help is contagious, and the efforts of our Teammates are inspiring.

We expect the year ahead will continue this positive momentum.

Warm regards,

Ronald Tillett
Atlantic Union Bankshares Corporation, Board Chair

Corporate Responsibility Practices

Our Board actively oversees current and emerging corporate social responsibility and governance matters that are relevant to our business, operations, or that are otherwise pertinent to us and our shareholders, Teammates, customers and parties with whom we do business. The Nominating and Corporate Governance Committee of our Board is the primary committee responsible for monitoring, evaluating and overseeing the implementation of our strategy on environmental, social and governance ("ESG") matters. The Nominating and Corporate Governance Committee oversees the activities of our management-level ESG Steering Committee, comprised of senior leaders from our major business functions, including our CEO, CFO, General Counsel, Chief Human Resources Officer, Chief Risk Officer and CRA Officer. The ESG Steering Committee is actively engaged in managing our approach and governance. This committee convened four times in 2024, and regularly reports on our activities and emerging opportunities and risks to the Nominating and Corporate Governance Committee, or full Board, as appropriate.

We have established an ESG Risk Program as a component of our enterprise risk management framework that is designed to assist us in aligning with evolving regulatory expectations while driving strategic identification of key risk exposures and opportunities across multiple business functions. ESG Risk Program activities are reported periodically both to the ESG Steering Committee and the Operational Risk Committee (a management-level risk committee that falls under the purview of our Management Risk Committee and Board Risk Committee).

Committed to Responsible Marketing

Our marketing reﬂects our unwavering commitment to our customers, Teammates and communities. Marketing is a tool for connection, education and empowerment, and we hold ourselves accountable to the highest ethical standards in all we do.

Customer-Centric Approach
Our communications are designed to inform, inspire and empower customers to make conﬁdent ﬁnancial decisions.

Transparency and Trust
We are dedicated to clear communication, and seek to ensure that all materials accurately represent our products and services.

Accessibility
We strive to reﬂect the diversity of the communities we serve in our marketing and ensure our services are accessible.

Community Focus
At the heart of our marketing is an effort to connect with our communities, fostering economic growth and stability.

Financial Well-being and Security
We handle customer data in a secure and ethical manner, and we advocate for ﬁnancial literacy, sustainability, cybersecurity and fraud protection.

By upholding these principles, we seek to ensure that our marketing efforts drive business success and contribute meaningfully to the communities we serve. Our Marketing and Compliance teams work closely to ensure fair and responsible communications in service of our customers.

We work to ensure our marketing builds trust, drives positive change and strengthens our communities by aligning our efforts with ethical practices and shared values.

Marketing Purpose:

The Marketing team ampliﬁes our brand, drives growth and deepens relationships to be a trusted partner for our customers, Teammates and communities.

Customer Care

AUB established a formal Customer Experience discipline over 20 years ago, and currently executes a Voice of the Customer program that includes the Office of the President, Business Line Experience and Enterprise Incident Management.

Office of the President

Oversees and administers our enterprise Complaints & Dissatisfactions Program, as well as manages all Regulatory, Executive, Social Media and Digital channels of feedback. All AUB Teammates who interact with customers use the Complaints & Dissatisfactions system to document feedback and obtain assistance in resolving customer concerns. We strive to address, track and resolve customer issues quickly according to our high standard Service Level Agreements (SLAs).

Business Line Experience (BLE)

Analyzes feedback from our customers through complaints, dissatisfactions and survey work to provide insights and action plans to our executive management team to prioritize and take action on ways to improve our customer experiences. The BLE team also conducts design sessions and journey mapping to discover ways to resolve pain points and create better experiences and outcomes for our customers.

Enterprise Incident Management

Centralizes events and issues that may impact the customer experience and deploys teams to quickly resolve, remediate and communicate as needed. Additionally, root cause analysis is conducted to work towards preventing repetitive issues in the future.

Privacy and Cybersecurity

We strive to protect the privacy and security of the sensitive information our customers entrust to our care. The cybersecurity threat environment is volatile and dynamic, requiring a robust framework to reduce and mitigate risk. We seek to mitigate cybersecurity risk and associated reputational and compliance risk by:

maintaining oversight of our information security program by senior management, our board–level Risk Committee and our Board of Directors;
conducting annual mandatory training for Teammates on information security and providing ongoing information security education and awareness (online training classes, mock phishing attacks and information security awareness materials);
maintaining privacy policies, management oversight, accountability structures and technology design processes to protect private and personal data;
using independent third parties to perform penetration testing of our infrastructure to help us better understand the effectiveness of our controls and improve defenses, and to conduct independent assessments of our program for compliance with regulatory requirements and industry guidelines; and
maintaining an incident response program intended to enable us to mitigate the impact of, and recover from, any cyberattacks and facilitate communication to internal and external stakeholders, as needed.

Teammates completed over 23,000 hours of security related learning in 2024

Teammate Learning

We are committed to investing in the growth and development of every Teammate – our human capital is our most important asset. To that end, we support a wide range of training opportunities, from development programs and courses to resources and materials – all designed to foster growth and development, enhance Teammate skill sets and prepare Teammates to be successful in their roles.

In addition to job-specific training opportunities, all Teammates must complete mandatory annual compliance courses in response to regulatory requirements and changes, including anti-money laundering practices, consumer financial protection practices and anti-bribery and fair advertising policies. Training is delivered in multiple modalities: e-learning, job aids, videos, instructor-led and on-the-job practice supported by certified mentors.

In 2024, our Teams completed 51,415 hours of training, with 23,298 hours directly related to the Bank Secrecy Act (BSA) and compliance.

Caution Regarding Forward–Looking Statements

This report contains certain forward–looking statements, including, but not limited to, certain plans, expectations, goals, projections, and statements, which are not historical facts and are subject to numerous assumptions, risks, and uncertainties. Statements that do not describe historical or current facts, including statements about beliefs and expectations, are forward–looking statements. Forward–looking statements may be identified by words such as “expect,” “seek to,” “strive to,” “anticipate,” “vision,” “committed,” “believe,” “intend,” “estimate,” “continue,” “plan,” “target,” “goal,” or similar expressions, or future or conditional verbs such as will, may, might, should, would, could, or similar variations. The forward–looking statements are intended to be subject to the safe harbor provided by Section 27A of the Securities Act of 1933, Section 21E of the Securities Exchange Act of 1934, and the Private Securities Litigation Reform Act of 1995. While there is no assurance that any list of risks and uncertainties or risk factors is complete, below are certain factors which could cause actual results to differ materially from those contained or implied in the forward–looking statements: changes in general economic, political, or industry conditions particularly in the markets in which we operate and which our loans are concentrated, including the effects of declines in real estate values, an increase in unemployment levels and slowdowns in economic growth; changes in market interest rates and their related impact on macroeconomic conditions, customer and client behavior, our funding costs, and our loan and securities portfolio; volatility and disruptions in capital and credit markets; inflation and its impact on economic growth and customer and client behavior; competitive pressures on product pricing and services; success, impact, and timing of our business strategies; the nature, extent, timing, and results of governmental actions, examinations, reviews, reforms, regulations, and interpretations; potential claims, damages, and fines related to litigation or government actions; cybersecurity risks and the vulnerability of our network and online banking portals, and the systems of parties with whom we contract, to unauthorized access, computer viruses, phishing schemes, spam attacks, human error, and other security breaches that could adversely affect or disrupt our business and financial performance or reputation; and the adverse effects of events beyond our control that may have a destabilizing effect on financial markets and the economy, such as epidemics and pandemics, war or terrorist activities, essential utility outages, deterioration in the global economy, instability in the credit markets, disruptions in our customers’ supply chains or disruption in transportation. Additional factors that could cause results to differ materially from those described above can be found in Part I, Item 1A. “Risk Factors” and Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations” of our Annual Report on Form 10–K for the year ended December 31, 2024, and in our subsequent Securities and Exchange Commission (“SEC”) filings, which are on file with the SEC and available on the SEC’s website at http://www.sec.gov. All forward–looking statements speak only as of the date they are made and are based on information available at that time. We do not assume any obligation to update forward–looking statements to reflect circumstances or events that occur after the date the forward–looking statements were made or to reflect the occurrence of unanticipated events except as required by federal securities laws. As forward–looking statements involve significant risks and uncertainties, caution should be exercised against placing undue reliance on such statements.