QUESTION
We are a medium sized lender located in the Midwest. Recently, we
decided to redraft our policies and procedures. However, we want to be sure we
cover important features of a policy. It came to our attention that you provide
policies and procedures for your clients. So, I am writing on behalf of my
company to get your view. What are some specific components of policies and
procedures?
ANSWER
Although there is a tendency to standardize the structure of policies
and procedures, there are many instances where one size does not fit all.
Nevertheless, in my view there are twelve basic features of a well-designed
policy document.
Before drafting the policies, it is important to consider many factors,
such as the institutions size, risk, and complexity; the nature and frequency
of information updates; and the technology to be used in implementation. I
could provide an outline of the steps involved in determining the choice of policies
needed by a financial institution as well as how best to establish their implementation.
But your question asks for the specific
components of policies and procedures, so I will offer the twelve features
that we recommend. If you need guidance in this matter, we offer cost-effective
compliance support. Contact us HERE.
Here are the twelve basic components to a policy and procedure.
1.Outline the system that is appropriate to the
nature, size, complexity, and scope of the business operations, as it pertains
to a regulatory, statutory, Best Practices, or institutional policy solution.
2.Use standard data reporting formats and standard
procedures for compiling, maintaining, monitoring, and furnishing information.
3.Maintain records for a reasonable period of time
but not less than required by statute or any applicable record keeping
requirement.
4.Establish and implement internal controls
regarding the accuracy and integrity of information, such as periodic, preferably
independent, internal audits, and provide standard procedures and means to
verify random reviews.
5.Train staff involved in activities relating to
the policy and procedure requirements, with attention given also to the
reporting or filing requirements that may be mandated.
6.Provide appropriate and effective oversight of
relevant service providers whose activities affect the fulfillment of the
policy initiatives.
7.Ensure that information is specific to the financial
institution; however, be mindful that mergers, acquisitions, change in
corporate structure, and other obligations may affect re-aging and reporting.
8.Delete, update, and correct information, as
appropriate, to avoid inaccurate information, and be sure to state the date of
the update.
9.Conducting investigations, reviews, audits,
procedural remedies, and process undertakings whenever there is an apparent
breach of the policy, so as to ensure that the policy has accounted for any
systemic failures.
10.Provide technological methods or other means to
prevent a compromise of the Compliance Management System.
11.Keep information ready for periodic updating of
the policy’s approved content and reporting requirements, and be sure to review
all information with management, including an understanding that management
will ratify the update.
12.Conduct a periodic evaluation of the practices,
acquired information, disputed information, corrections of inaccurate
information, means of communication, and other factors, that may affect the
fulfillment of the policy’s purpose.
Track and document any practices or activities
that may compromise accuracy or integrity of information. This means you need
to review existing practices and activities, technologies, and other methods.
Review historical records, too, and consider any previous disputes. Consider
feedback from consumers, regulatory agencies, federal and state statutory
frameworks. Include all relevant company departments in the discussion. Finally,
meet periodically with management and affected company departments to review
the policies.
Jonathan Foxx
Managing Director
Lenders Compliance Group
