Based on Microsoft's architecture for Microsoft Entra ID Protection, the answer is: You can configure only one User Risk Policy per tenant.

 Policy Type Limitation:

Microsoft Entra ID Protection allows exactly one instance of each core policy type per tenant:

1 User Risk Policy (targets risky user accounts)

1 Sign-In Risk Policy (targets risky sign-in events)

1 MFA Registration Policy (ensures MFA enrollment)