Here is an excerpt from the FDIC's Exam Manual:
Directors must provide a clear framework of objectives and policies within which executive officers operate and administer the bank's affairs. These objectives and policies should, at a minimum, cover investments, loans, asset/liability and funds management, profit planning and budgeting, capital planning, internal routine and controls, audit programs, conflicts of interest, code of ethics, and personnel. Specialty areas, such as the Bank Secrecy Act (BSA), Information Technology (IT), Trust Department activities, and consumer compliance should also be subject to similar appropriate oversight and internal guidelines.
(And don't forget policies related to information security standards.)