Quiet Friday, but I'm still here!
The Board has to approve any "material" changes to your BSA Policy. CIP is now defined as part of BSA. So the addition of a CIP requires a material change to your BSA Policy.
Most of us are adding a line or two to the BSA Policy document, incorporating the CIP by reference, and then writing up all the stuff the Reg says "the CIP must include..." as an attachment / addendum to the BSA Policy.
Both pieces have to be presented to the Board for approval - with the CIP in sufficient detail for the Board to be able to determine that you will be meeting all the requirements and are able to "form a reasonable belief that [you] know the true identity of the customer."
Ground-level procedures do not need Board approval, just the high-level policy (and the few specifics required by the Reg). Let your unit managers design their detailed procedures to fit into your policy. They know what works best for their staffs and can adjust if it's not working.
Our BSA piece is only 2 pages, and the CIP is currently at 6 pages. I know the auditors won't care how long it is - they'll probably think the longer, the better so everything gets covered - but the VP's (who want to stick their fingers in the pie before it gets to the Board) are complaining that it's too long...