We are a state member bank. Other than what might be found in state law, is there any regulation or rule that all officers, or a certain level of officer and above must be approved by the Board annually? It appears the BSA Officer and Security Officer must be appointed by the Board and most likely the FACTA/Red Flags Officer. The Chief Information Security Officer can be designated by management. I did not locate any specific guidance relating to the Fair Lending Officer, Compliance Officer or CRA Officer. Is there any other guidance on specific officers that must be approved by the Board?

Personally never heard of a FACTA/Red Flags Officer. We use the following for guidance.

https://www.federalreserve.gov/boarddocs/supmanual/cbem/5000.pdf

§334.90(e) requires involvement of the Board of Directors, an appropriate committee or a designated senior level employee (a “FACT Act Officer”) in the oversight, initial/ongoing development, implementation and administration (to include an annual report to the Board of Directors) of the Program;

I am designated as the person responsible for FACT act compliance but the board has not "officially approved" that actual title nor is that in their meeting minutes. The policy lists my title and the policy is board approved and that has been sufficient.

Thanks PQ, that would explain why I have never heard of that position.