Skip to content
BOL Conferences Top Gun 23
Thread Options
#1486984 - 12/29/10 06:38 PM Separating Policy from Procedures for CIP
Valley Girl Offline
100 Club
Joined: Feb 2008
Posts: 142
Our bank is considering separating our CIP Policy from our CIP Procedures. Currently the policy and procedures are one document. However, it would be much easier to make changes to the procedures if they were not part of the policy (due to Board approval).

Has anyone else taken this approach? If so, have examiners been critical?

Thanks!

Return to Top
BSA/AML/CIP/OFAC Forum
#1486989 - 12/29/10 06:40 PM Re: Separating Policy from Procedures for CIP Valley Girl
Kelsey D Offline
Platinum Poster
Joined: Aug 2006
Posts: 516
Ohio
We've always had our policy separated from our procedures with no criticism. The policy says what we do; the procedures say how we do it.
_________________________
Don't make me say, "I told you so!" Sincerely, your friendly Compliance Officer.

Return to Top
#1486996 - 12/29/10 06:42 PM Re: Separating Policy from Procedures for CIP Kelsey D
Y'all Comply Offline
100 Club
Y'all Comply
Joined: Aug 2010
Posts: 214
Land of Pears
My current bank and my last bank separated policy from procedures and examiners have never had any issues.
_________________________
CRCM, CAMS - Be Grateful!!

FKA Jenabq

Return to Top
#1487019 - 12/29/10 07:21 PM Re: Separating Policy from Procedures for CIP Valley Girl
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
While I think it is essential to separate procedures from policy, individual examiners have differing opinions. You can hedge your bets by indicating the procedures are an exhibit or appendix to the policy, making it clear the board does not vote on modifications.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#1487329 - 12/30/10 03:01 PM Re: Separating Policy from Procedures for CIP Elwood P. Dowd
jross Offline
100 Club
Joined: Dec 2009
Posts: 184
TX
I have always been a little confused about exhibits to policies.

So, exhibits are not approved, only the policy is approved? We could then change or add exhibits and not need board approval?
_________________________
My employer doesn't agree with anything I say.

Return to Top
#1487388 - 12/30/10 04:13 PM Re: Separating Policy from Procedures for CIP jross
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Make no mistake, making procedures an exhibit to a policy is simply pandering to field examiners who:
1)have a personal opinion they want to see reflected in the bank's actions or
2) do not think the BSA/AML policy by itself meets an appropriate length or weight requirement.

As for those who allow themselved to be forced on to this path, they can do it any way they wish; e.g. approve the policy with the "current" procedures attached.

As stated, my personal opinion, very strongly held is that policies and procedures are two different things. The policy should mandate written procedures in key areas and say who should be responsible for developing them, not dabble in reciting them.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#1487407 - 12/30/10 04:36 PM Re: Separating Policy from Procedures for CIP Elwood P. Dowd
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,292
I agree with Ken and have separated policies and procedures for many years, including while running the policy and procedure area of a very large bank. I did come up against an examiner a few years ago who actually told me she had never ever seen separate policies and procedures and it was totally wrong.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#1488702 - 01/03/11 10:17 PM Re: Separating Policy from Procedures for CIP Elwood P. Dowd
Doug Hendrickson Offline
Power Poster
Doug Hendrickson
Joined: Oct 2009
Posts: 3,927
Agreed. Policies should be short and sweet and state WHAT needs to be done, while procedures can be as long or short as necessary to state HOW things should be done to comply with policy. For example, our SAFE policy is literally a one-pager, stating the fact that management will comply with the appropriate regulation/law (cited) and then recaping the nine items that management needs to address. The procedures will then expand on the processes that will enforce that policy (e.g., who are MLOs in our organization and why, what vendor do we use for fingerprints and how do we submit them, etc.).
_________________________
I hear and I forget. I see and I remember. I do and I understand.--Confucius

Return to Top
#1488792 - 01/04/11 01:20 PM Re: Separating Policy from Procedures for CIP Doug Hendrickson
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 80,355
Galveston, TX
Yes, but I don't think that is really going to cut it for CIP. The Board cannot pass a CIP policy just saying that the bank will comply with the regulation and delegate the details to management.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1488872 - 01/04/11 02:59 PM Re: Separating Policy from Procedures for CIP rlcarey
Doug Hendrickson Offline
Power Poster
Doug Hendrickson
Joined: Oct 2009
Posts: 3,927
The BSA/AML/OFAC and CIP/CDD policies are, not surprisingly, the biggest ones. A little too much detail, in my opinion, but I agree that on these 'more is more'.
_________________________
I hear and I forget. I see and I remember. I do and I understand.--Confucius

Return to Top
#1491324 - 01/07/11 03:06 PM Re: Separating Policy from Procedures for CIP Doug Hendrickson
happyauditor Offline
Platinum Poster
happyauditor
Joined: Nov 2004
Posts: 809
NY
I agree with rlcarey and cite the following:

http://files.ots.treas.gov/25175.pdf (OTS CEO Letter # 175 issued 5/9/2003 and attached 68 Fed. Reg. 25090 which includes regulatory staff guidance)

"The board of director’s responsibility to oversee bank compliance with section 326 of the Act is a part of a board’s conventional supervisory BSA compliance responsibilities that cannot be delegated to bank management. Therefore, a bank’s board of directors must be responsible for approving a CIP described in detail sufficient for the board to determine that (1) the bank’s CIP contains the minimum requirements of this final rule; and (2) the bank’s identity verification procedures are designed to enable the bank to form a reasonable belief that it knows the true identity of the customer. Nevertheless, responsibility for the development, implementation, and day-to-day administration of the CIP may be delegated to bank management."

In my opinion the words "in detail sufficient for the board" are key. However, is stating in the policy that you perform "documentary verification obtaining two forms of approved (meaning acceptable as listed in procedures developed by the bank's BSA officer) unexpired identification documents, one of which must be a government issued ID with photo" sufficient, or does the board need to see and approve the list of types of ID deemed acceptable by the bank?

Any insight would be much appreciated. Thanks.
_________________________
* My opinion is not necessarily that of my employer.

Return to Top

Moderator:  Andy_Z