We are a medium sized lender located in the Midwest. Recently, we decided to redraft our policies and procedures. However, we want to be sure we cover important features of a policy. It came to our attention that you provide policies and procedures for your clients. So, I am writing on behalf of my company to get your view. What are some specific components of policies and procedures?
Although there is a tendency to standardize the structure of policies and procedures, there are many instances where one size does not fit all. Nevertheless, in my view there are twelve basic features of a well-designed policy document.
Before drafting the policies, it is important to consider many factors, such as the institutions size, risk, and complexity; the nature and frequency of information updates; and the technology to be used in implementation. I could provide an outline of the steps involved in determining the choice of policies needed by a financial institution as well as how best to establish their implementation. But your question asks for the specific components of policies and procedures, so I will offer the twelve features that we recommend. If you need guidance in this matter, we offer cost-effective compliance support. Contact us HERE.
Here are the twelve basic components to a policy and procedure.
1.Outline the system that is appropriate to the nature, size, complexity, and scope of the business operations, as it pertains to a regulatory, statutory, Best Practices, or institutional policy solution.
2.Use standard data reporting formats and standard procedures for compiling, maintaining, monitoring, and furnishing information.
3.Maintain records for a reasonable period of time but not less than required by statute or any applicable record keeping requirement.
4.Establish and implement internal controls regarding the accuracy and integrity of information, such as periodic, preferably independent, internal audits, and provide standard procedures and means to verify random reviews.
5.Train staff involved in activities relating to the policy and procedure requirements, with attention given also to the reporting or filing requirements that may be mandated.
6.Provide appropriate and effective oversight of relevant service providers whose activities affect the fulfillment of the policy initiatives.
7.Ensure that information is specific to the financial institution; however, be mindful that mergers, acquisitions, change in corporate structure, and other obligations may affect re-aging and reporting.
8.Delete, update, and correct information, as appropriate, to avoid inaccurate information, and be sure to state the date of the update.
9.Conducting investigations, reviews, audits, procedural remedies, and process undertakings whenever there is an apparent breach of the policy, so as to ensure that the policy has accounted for any systemic failures.
10.Provide technological methods or other means to prevent a compromise of the Compliance Management System.
11.Keep information ready for periodic updating of the policy’s approved content and reporting requirements, and be sure to review all information with management, including an understanding that management will ratify the update.
12.Conduct a periodic evaluation of the practices, acquired information, disputed information, corrections of inaccurate information, means of communication, and other factors, that may affect the fulfillment of the policy’s purpose.
Track and document any practices or activities that may compromise accuracy or integrity of information. This means you need to review existing practices and activities, technologies, and other methods. Review historical records, too, and consider any previous disputes. Consider feedback from consumers, regulatory agencies, federal and state statutory frameworks. Include all relevant company departments in the discussion. Finally, meet periodically with management and affected company departments to review the policies.
Lenders Compliance Group