Posted by Lucy Griffin in Lucy and Nancys Common Sense Compliance
Policies—we have to have them. But what, exactly is a policy?
What should it do and what should it look like?
The challenge for banks is that examiners seem to have an idea in their heads about what a policy should look like-but this isn't necessarily what banks think a policy should be. When examination ratings are based on the content and structure of policies, rather than actual compliance performance, it is time to take a hard look at what is going on.
Defining the term, as we used to think of "policies"
Let's start with a definition. The American Heritage Dictionary of the English Language, third edition, defines policy as: "a plan or course of action ... intended to influence and determine decisions, action and other matters." The secondary definition is "a course of action, guiding principle, or procedure considered expedient, prudent or advantageous."
So basically, a policy is a statement of what the business is about and how the business will go about doing business.
Sound simple? Don't get too excited.
It used to be simple. A policy was a one-paragraph to one-page document that described the bank's business philosophy. This could constitute a statement of principles about fair lending or about providing timely and accurate disclosures. This type of document was easy to write.
But far more important than being relatively easy to write, it was easy to read and understand.
Because these old-style policies were short and to-the-point, they actually communicated a business philosophy to the staff of the business. And best of all, directors actually could read and understand them before adopting them.
Using a different dictionary
Examiners, however, take a different approach. Examiners are charged with making certain that the bank has a policy on a specific topic so they want to see the connection. A broad statement about timely disclosures or fair lending isn't enough. They aren't certain what to check off on their checklist.
Examiners are driven by regulations, and checklists derived from those regulations. Since that is how they work, they expect everyone to do the same.
How does this play out? They want to see your policy on Regulation B.
But a general statement about the business policy of fair lending is not enough.
Examiners expect you to show them where the policy addresses signatures, and adverse action notices, and providing appraisals, and keeping records, and collecting monitoring information without collecting prohibited information. And your policy had better address protected income! And it also must specifically identify what types of discrimination are prohibited and against whom. Phew!
When the examiners are finished with it, the policy is no longer a clear and easily understood "plan or course of action." It is no longer merely a guiding principle. It even goes far beyond being a course of action.
By the time examiners are finished with it, a policy is a detailed discussion of the regulation.
In fact, you practically have to restate the regulation word-for-word to satisfy the examiner. When they see this, then they know what boxes to check on their checklist.
How to approach policy writing
When developing or reviewing policies, there are two key questions.
1. Will the examiners like it? If your policy has all the definitions and requirements of the regulation, the examiners should love it. Your policy should get good grades.
2. What is the impact and effectiveness of the policy? This question is more difficult- and more important.
Now we have an entirely different question. To answer this one, we are not looking at the details of the regulation. This question turns on whether or not bank staff gets, understands, and heeds the message.
There is a significant difference between a policy that states, simply and directly, what the goals and standards of the business are to be, and a policy that uses the regulation as a skeleton.
The first type sets the standard for product design and delivery, as well as for customer service. Such a clear and direct document communicates. And everyone knows that the Board has looked at and considered the issue.
Yes, banking has lots of details. Details are addressed in procedures. The policy states the basic philosophy and goal of fair lending or customer service. The procedures carry that out.
The second type of policy, the policy that is designed around the specific requirements of a regulation, is more of an agreement to comply than a policy for the business.
It constitutes some bizarre form of proof that at least someone has read the regulation and identified all the requirements. But does it work? Who besides the compliance and audit staff is actually going to read the thing? Can you imagine branch staff reading and discussing such a document on their breaks?
For all practical purposes, such a policy is the regulation, just restated.
Can these attitudes be reconciled?
How should these two very different approaches be made compatible?
It can work if you have an introduction to the policy that, as a practical matter, does what the old-fashioned policy did.
It simply states the philosophy and the goal. After this-perhaps even in smaller print-come the definitions and details to keep the examiners happy.
When presenting the package to the Board and to staff, call their attention to the spirit part of the policy and briefly state that the additional details contain or refer to specific regulatory requirements. This serves the basic policy goal of establishing the business approach and philosophy while it also satisfies the examiners by walking them through their checklist.
Finished? Not quite.
Next, you take the detail portion of the policy and copy it into a new document.
This gets you part way to completing procedures.
This is where you really want to deal with specific regulatory requirements.
Since you have already laid them out in the policy, you have given yourself a head start!
About Lucy Griffin
"Lucy and Nancy's Common Sense Compliance" is blogged by both Lucy Griffin and Nancy Derr-Castiglione, both longtime ABA Banking Journal contributing editors on compliance.
- Lucy, a Certified Regulatory Compliance Manager, has over 30 years experience in compliance. She began as a regulator, including stints with the Federal Reserve Board, the Federal Trade Commission, and the Federal Home Loan Bank Board. For many years she managed the ABA Compliance Division. Since 1993 she has served as a compliance consultant as president of Compliance Resources, Inc., Reston, Va. She is also editor of Compliance Action newsletter and senior advisor with Paragon Compliance Group, a compliance training firm.
In addition to serving as a Contributing Editor of ABA Banking Journal, Lucy serves on the faculty of ABA's National Compliance Schools board. For more than a decade she developed and administered the case study at ABA's National Graduate School of Compliance Management. She can be reached at email@example.com
From ABA Government Relations:
Follow developments with the Dodd-Frank Act's implementation with ABA's Dodd-Frank Tracker. Learn more, and sign up for alert services now
- Community Bank Compliance Officers: Be sure to check out our other compliance blog, "AML, Fraud, and Other Things." BSA expert John Byrne blogs on money-laundering and related matters with a definite point of view. Check it out
- For ABA Member Banks Only: Get regular compliance news updates with ABA's Compliance Source E-Letter
- ABA member-bank employees have access to almost three dozen ABA news and information e-bulletins on important industry topics. One e-bulletin, THE Compliance Source, is dedicated to becoming your source for compliance information in the electronic world. Compliance Source is published each Monday throughout the year. In this changing regulatory environment, every compliance professional should subscribe THE Compliance Source. It will link you to recent compliance developments and alert you to upcoming compliance events. In addition to regular sections on "What's New in Review" and "On the Compliance Horizon," THE Compliance Source will have rotating sections including analysis of compliance issues by ABA staff in the "ABA Reports" section.
- To subscribe, click here