I. INTRODUCTION
This article is intended as a starting point for your institution as you adopt or amend your compliance policies. The three articles that follow present overviews of compliance management and compliance policy creation, which when considered with this article, are intended to provide a broad base of information in which to adopt or amend your institution’s compliance policies.
This portion of the NBA Compliance Handbook is devoted to offering guidelines, suggestions and sample policies, plans and programs to use in your institution. Each item which follows should be crafted based upon the individual judgments of the management of your institution. All of the policies, plans and programs should be adopted with the objective that they be effective, clearly understood and uniformly applied.
A. Uniqueness of Your Bank
A compliance policy should be tailored to fit the uniqueness of your bank. A compliance policy used by another institution, even one similar to the size of your bank and in the same geographical market, may not fit your needs. Be cautious to draft your compliance policy after considering your institution’s organizational structure, business strategies, risk tolerance, present market environment, the background of your staff and regulatory expectations.
B. Comprehensive and Complete The policy designed by your institution should meet extraordinary situations, but also answer everyday issues. Ideally, the policy for each area addressed should pull from the overall philosophy of the compliance program which is used to ensure transactions are carried out correctly, monitors operations to enforce conformity with bank policies, periodically audits performance of staff and makes staff accountable, corrects problem areas and is updated regularly to provide current training.
C. Timely and Current If any of the areas of policies, plans and programs that must be kept current – it certainly is your institution’s compliance policy. Because there are frequent changes to laws and regulations, it stands to reason that the policy should be reviewed, evaluated and modified on an annual basis. Therefore, regular monitoring and updating of the policy must occur.
D. Available to Your Staff Since your institution must demand and expect your employees to understand the importance of managing risk through compliance, each staff member must have access to and fully understand the policy. Make sure you have a method of distributing compliance policy updates and providing staff with training to implement the amendments.
E. Keep it Simple Banking, as we know, has technical terms and references which must be mastered to effectively manage your bank. Take time to draft the policies so that they are understood by the full range of your staff that must be involved in compliance operations. F. Hierarchy of Accountability and Responsibility The compliance policy must succinctly describe who is responsible for oversight of compliance risk management. Each compliance activity listed should also list the institution’s staff with primary responsibility. Evaluation, reporting to supervisors and reporting to the board should be clearly stated in the policy.