As a general rule, if you have a policy it would be board approved. Procedures are not board approved.
Although the need and applicability of policies varies between institutions depending on size, products, activities, etc., the following is a basic list that regulators may expect an institution to document either as a separate policy or as part of a larger policy. Note: Policies marked with an asterisk (*) are specifically required by regulation.
* Bank Secrecy Act including Anti-Money Laundering, Enhanced Customer Diligence, USA Patriot Act, Customer Identification Program, Office of Foreign Assets Control
* Information Security including response program for unauthorized access to customer information, and disposal of records
* Bank Protection/Security
* Branch Closing (if applicable)
Compliance Program
Fair Credit Reporting Act / FACT Act / Identity Theft Program
Fair Lending / Anti-Discrimination
Community Reinvestment Act
Insiders and Affiliates (Reg. O and Reg. W)
Privacy
Right to Financial Privacy
Customer Complaint Resolution
Information Technology Management
Vendor Management
Expedited Funds Availability
Disaster Recovery
Loan Policy – including appraisal, internal loan review procedures, asset quality, credit risk management, allowance for Loan Losses
Capital Adequacy
Daylight Overdraft Policy
Investments
Liquidity
Asset-liability/funds management
Profit planning and budget
Capital planning
Risk Management - including supervision and internal controls
Audit program
Code of ethics and Conflicts of interest
Human Resources Policy including Vacation Policy and Affirmative Action