Policies and
Procedures- Not Just a “throw-Away” Item
As we start a relationship with a client, one of the first
documents that we ask for is a copy of the most recent policies and procedures
that cover the area being audited. More often than we would like to think, the
documents that we receive are either outdated, unused, disorganized or forms
that have been purchased from a vendor that have yet to be edited for the individual
banks use.
Oftentimes, the compliance officer will offer apologetically
something like “the policies are currently being re-viewed and re-written” or
“we really depend on the experience of our staff more than the policies and
procedures” as an explanation for the poor state of the policies and
procedures.
While it is understandable that the job of conducting
business on a daily basis must be the priority of bank staff, it is also the
case that comprehensive and clear policies and procedures are an essential part
of a strong compliance program.
One of the Pillars of a Strong Compliance Program
Today’s regulatory environment for banks focuses heavily on the inherent risk within an institution. The means for determining risk is detailed in the examination handbooks published by the bank regulatory agencies. In summary, the risk-based approach to bank supervision focuses on the “assess[ment] of the quality of the financial institution’s compliance risk management systems and its policies and procedures for implementing its program. [1]
The components of a compliance system include training,
internal audit, information systems and the policies
and procedures established by the board of directors. As regulators are making this assessment, they
weigh heavily the extent to which the board is aware of the business
environment in which the bank operates as well as the business plan that has
been established. It is the bank’s policies and procedures that documents the
board’s synthesis of these two concepts and directs senior management and staff
on parameters for successful operations.
Ultimately, without strong and dynamic policies and
procedures, a strong compliance system is unattainable. Staff may
conscientiously and diligently collect information, complete training and
perform audits, but without a clear directive from the Board, they do so based
on their own understanding of what is important.
Directors Duties
Some regulations directly require the development of policies by the board; BSA/AML regulations for example require policies, procedures and training. Other regulations don’t necessarily specify a need for policies and procedures, but the overall safety and soundness of an institution requires that at a minimum, broad policies in the major areas of operation of the bank be developed. The failure to develop these policies is a failure of the board of its basic duties to the bank. [1][2]
Further, it is a good practice to review policies and
procedures on a regular basis to ensure that they reflect the current business
practices of the bank. Many problem banks have as one of their problems,
policies and procedures that have not been updated for several years and no
longer reflect the current practices of the bank. [2]
Policy Content
It is not necessarily the duty of the board to lay out in detail how the daily operations of the bank should function. However, the board should set general parameters and designate an accountable party to make sure that matching procedures are developed and presented to the board for review and approval.
Though it is virtually impossible to cover each and every
variation of a transaction that is possible, a good rule of thumb is to write
policies and procedures that would allow an entry level employee to understand
his/her duties and responsibilities. Procedure manuals that are merely a copy
of a regulation do little to give guidance to the staff member who is trying to
figure out how to process a wire request!
In addition to being clear, policies and procedures should
be dynamic. The banking industry continues to go through significant regulatory
change and as a result, policies and procedures must be flexible and
dynamic.
Policies and Training
A robust training program for employees that is tailored to the job duties of the staff is a strong compliment to policies and procedures. In fact, through training classes, staff members can get a clear understanding of the applicable regulations and how they apply to the bank. This understanding can then be augmented and applied to individual banks by the policies and procedures manual. In banks that have exceptional compliance programs, the policies and procedures are directly augmented by the training program
Policies and procedures are ultimately the directors’ ways of establishing whether or not certain behavior is within the limits that they have established as safe and sound for the institution. It is critical that the Board establish clear policies and procedures, review them on a regular basis and allow the process of policy development to be dynamic.
No comments:
Post a Comment