Thread Options Tools
#1103050 - 12/29/08 07:52 PM Board review and approval of policies
AuditorK Offline
Platinum Poster
Joined: Feb 2003
Posts: 962
Is there any guidance as to what policies need annual review/approval by the Board of Directors? Currently we have roughly 35 policies that get approved every year during different months. I know the BSA policy for one must be approved annually. Can we change to only having most of our policies reviewed/approved by Board only when changes are made? This would result in much less burden.

Return to Top
General Discussion
#1103449 - 12/30/08 02:09 PM Re: Board review and approval of policies AuditorK
Sinatra Fan Offline
Power Poster
Sinatra Fan
Joined: Jul 2002
Posts: 5,568
New Jersey
We have 34 policies that are reviewed/reapproved at least once every fiscal year. Various officers are responsible for writing and updating the policies.

While it would definitely be less work to review the policies only when a change is made, I believe that both our compliance auditor and our external auditor want us to review/reapprove every policy annually, whether or not it has been changed. I don't know if that is a regulatory requirement; it strikes me that it's more of a "best practice" recommendation.
Management is doing things right; leadership is doing the right things. Peter Drucker

Return to Top
#1106833 - 01/07/09 05:34 PM Re: Board review and approval of policies Sinatra Fan
Dazed and Confused Offline
Gold Star
Dazed and Confused
Joined: Feb 2006
Posts: 250
Big XII South
Here is an excerpt from the FDIC's Exam Manual:

Directors must provide a clear framework of objectives and policies within which executive officers operate and administer the bank's affairs. These objectives and policies should, at a minimum, cover investments, loans, asset/liability and funds management, profit planning and budgeting, capital planning, internal routine and controls, audit programs, conflicts of interest, code of ethics, and personnel. Specialty areas, such as the Bank Secrecy Act (BSA), Information Technology (IT), Trust Department activities, and consumer compliance should also be subject to similar appropriate oversight and internal guidelines.

(And don't forget policies related to information security standards.)

Return to Top