I realize that we can all go over to bankpolicies.com and spend a lot of money for policies and forms, but since each one of us has all the required policies in place or are at various stages of preparing new policies, what about a more formal policy exchange. Every once in a while someone posts the they are willing to forward a policy and that post is really popular and helpful. It just seems like we are not effectively using collective resources to avoid vendor involvement and the related cost.

I know that RCS - Kirchman has posted policies for free..they are pretty helpful when you are trying to develop a policy. I agree with this...we should try and develop a policy section under the tools.

Good, Hopefully soon

Mickey - Kirchman is helpful in many ways, but their policies are a little simplistic. The truth be known, there are some of us that have a natural talent for writing policy statements and some that don't.

Real luck is when you run across a policy that is so well done it simply needs a bank name change and very little editing - that's a real find.

I just went through an FDIC audit in a new bank setting, so I'm now working on a Disaster Recovery Plan, Information Security Plan and a few revisions to policies that are in place. The vendors want $300-$650 for these plans, but what you get is a lot of theory and not much in the way of a usable policy statement.

Vegan - sometimes the FDIC will help you write these. If you have an examiner you can talk to/trust, you might start there. And I know for example that the necessary elements of a compliance policy are actually set out in the examination manual, and banks can get that manual. So if the same is true for Safety & Soundness (which I can't remember, it's been a number of years since I did that side of it), all you'd need to do is track down the manual.

Thanks for post, but it's the steps that you outlined that represent the redundancy that could be eliminated as more than a few posters have already gone through that process.

I'm thinking that a new bank should be able to sign on to this site and download all of the required policies - all written with a new bank in mind, one level for a in-house primary system and another level covering an outsourced primary system as those scenarios have a lot of impact on policy statements.

At this point, my bet is that most posters will not share policies.

While I love this idea, and in general policies have to follow the applicable regulation, it would be very hard to get policies posted on a site that you could use without major revision. My bank's procedures would not be your bank's procedures simply because of location, procucts, bank size, etc. However, it would be great just to see what info is in other banks' policies to compare to ours. Did we leave something out? Is your policy worded better than mine?

And if I am at the beginning of updating a policy and there are already 3 posted that I could review, think of how much time it would save! We could post them with the bank names deleted. And if we could post them anonymously I bet more people would share their policies. It would be helpful if the posted policies had all passed regulatory inspection too!

FDIC help you write a policy????? You have got to be kidding! I think the only help we can count on here is each other.....fellow bankers that is.

The idea is the have all basic policies posted. If your bank is engaged in, for example, security sales, purchase of derivatives, etc., you would need to complement the basic policies.

One of the most difficult areas of policy development relating to a new bank with no funds for an auditor, inside or outsourced. Writing policy statement with that factor in mind is a difficult task, at best. Separation of duties, etc. beocmes a a big issue.

As you stated, it's not just downloading a policy, it's the opportunity to look at how someone has dealt with the issues, given various circumstances that is most helpful.

OK, so who out there would be willing to share policies minus the bank name? I think this is a great idea and would BankersOnline be willing to set this up??? I would be willing to share knowing that we had a multitude of others that are also willing to share. THere are so many scenarios out there that will fit someones bank....why should we reinvent the wheel? Let's help each other out...after all we are all in this together!

If you post your policy questions in these forums, one by one, over the next few weeks, you will obtain some really expert advice.

I'll start this off with not a policy, but an IRR Annual Review that I recently completed with Bankers Bank inserted for that name of my bank - Start up bank that already has an A&L Management Policy in place, along with GAP reports.

Circumstances: No funds to pay for an external IRR audit, but someone available internally that is not directly involved in IRR measurement activities that can access and report on the IRR process. No funds to purchase A&L Management software.

I realize that a Tools posting would be much better, but let's just see if this goes anywhere and if nowhere nothing is lost.

Subject: IRR ANNUAL INDEPENDENT PROCESS REVIEW/AUDIT

The Joint Agency Policy Statement: Interest Rate Risk states, in part:

Internal Control, Review, and Audit of the Risk Management Process

A bank's internal control structure is critical to the safe and sound functioning of the organization generally, and to its interest rate risk management process in particular. Establishing and maintaining an effective system of controls, including the enforcement of official lines of authority and the appropriate separation of duties, are two of management's more important responsibilities.

Individuals responsible for evaluating risk monitoring and control procedures should be independent of the function they are assigned to review.

Effective control of the interest rate risk management process includes independent review and, where appropriate, internal and external audit. The bank should conduct periodic reviews of its risk management process to ensure its integrity, accuracy and reasonableness. Items that should be reviewed and validated include:

• The adequacy of, and personnel's compliance with, the bank's internal control system.
• The appropriateness of the bank's risk measurement system given the nature, scope and complexity of its activities.
• The accuracy and completeness of the data inputs into the bank's risk measurement system.
• The reasonableness and validity of scenarios used in the risk measurement system.
• The validity of the risk measurement calculations. The validity of the calculations is often tested by comparing actual versus forecasted results.

The scope and formality of the review and validation will depend on the size and complexity of the bank. At large banks, internal and external auditors may have their own models against which the bank's model is tested. Banks with complex risk measurement systems should have their models or calculations validated by an independent source--either an internal risk control unit of the bank or by outside auditors or consultants. The findings of this review should be reported to the board on an annual basis. The report should provide a brief summary of the bank's interest rate risk measurement techniques and management practices. It also should identify major critical assumptions used in the risk measurement process, discuss the process used to derive those assumptions and provide an assessment of the impact of those assumptions on the bank's measured exposure.

The undersigned has completed the required annual review with the following findings.

REVIEW DATE: July 31, 2002

General Comments
As generally outlined by FDIC and State Banking Department examiners during the recent examination of the bank, Bankers Bank is considered non-complex, maintaining a low level of Interest Rate Risk at June 30, 2002.

Therefore, the goal of this annual audit was to assure that the elements and conditions as outlined within the bullet points noted above and within the regulation are evident within the system utilized by Bankers Bank to comply with the regulation.

I. The adequacy of, and personnel's compliance with, the bank's internal control system.

Bankers Bank’s A&L Management/Funds Management Policy states (at pages 3-4):

“Rate-sensitive assets divided by rate-sensitive liabilities within 85 percent to 115 percent on a cumulative static basis at the six (6) to twelve (12) month period. Management will attempt to generate a positive GAP (100+) when market rates are increasing and a negative GAP (-100) when market rates are declining (GAP guidelines) — Long-term goal: 100 percent (including: the projected payment stream from I.L. loans with maturities beyond one year, i.e., allocated to GAP categories up to one (1) year)

EARNINGS-AT-RISK (or Interest Rate Risk – IRR) (Ref: OCC Section 401.1 — Page 5)

The Bank’s exposure to an adverse change in interest rates will be established and limited through the following process:

a. The cumulative static GAP at the >6—12 month period will be calculated at least quarterly.

b. The resulting dollar positive or negative GAP will be multiplied by various market rate increase and decrease scenarios from 1.0% through 3.0%.

c. The current cumulative static dollar GAP at the >6—12 month period multiplied by market rate increase or decrease of 1.0% will not exceed a maximum dollar amount. The current maximum is $25,000.

The SVP-CFO is designated as the Interest Rate Risk Officer.

The result of the above noted calculation will represent the Bank’s exposure to an immediate market rate increase or decrease of 1.0% as applied to the cumulative static dollar GAP at the >6—12 month period. Management will attempt to work within month-to-month market rate exposure guidelines, depending on market rate projections through the noted time period. The Board will adjust maximum dollar exposure from time to time to take advantage of special situations.”

A review of the Board Financial Report of at July 31, 2002, Page 7 A-B, Schedule of Maturities and Repricing Opportunities (cumulative-static), reveals that Bankers Bank is maintaining the internal control parameters as noted above, primarily: GAP at 97%, current static dollar GAP at $3,940 at 1%. Currently, GAP measurements are calculated and reported monthly.

II. The appropriateness of the bank's risk measurement system given the nature, scope and complexity of its activities.

As noted above, the FDIC and State Banking Department examined Bankers Bank at 06-30-02, finding the bank as adequately and satisfactorily addressing the measurement of interest rate risk.

The GAP is compared to the Funds Management Policy current maximums of 85% (negative) and 115% (positive) to assure that that GAP is within policy guidelines. In addition, the dollar GAP is calculated against the impact of a market rate change from 1% to 3% annualized. The 1% market rate change calculation is compared to the maximum IRR guideline, currently $25,000, to assure that that amount is within guidelines.

III. The accuracy and completeness of the data inputs into the bank's risk measurement system.
Bankers Bank utilizes the following Fiserv Reports to gather financial asset and liability information.

a. Loan Accounting System LAS/6013-012 (Report by Remaining Maturity with Nonaccrual Loans Excluded).

b. Certificate Accounting System COD/6006-003 (Analysis of Balance Subject to Rate Charges – Fixed Rate) Under $100,000; Certificate Accounting System COD/6006-006 (Analysis of Balance Subject to Rate Charges – Fixed Rate) $100,000 and Over.

These reports provide data on financial assets and liabilities that have a fixed term beyond 1 business day with assets and liabilities listed by scheduled maturity within the following time frames (maturity buckets).

a. 1 day to 3 months c. 13-36 months e. 5 years +
b. 4 months to 12 months d. 3 year to 5 years

The reports include totals within each time frame and within each type of financial asset or liability, as well as interest rate yields.

Investment maturities, within the above noted time frames are gathered from the Investment Report. Noninterest bearing assets and noninterest paying liability data is gathered from the General Ledger.

Fiserv provides maturity projection reports that are easily reconcilable to the General Ledger. The Schedule of Maturities and Repricing Opportunities report is submitted to management and the Board on a monthly basis for review.

Gathered data is posted within the appropriate maturity buckets with only financial assets and liabilities included, e.g. those assets and liabilities that are interest bearing or interest paying, either variable or fixed rate.

An MS Excel spreadsheet has been developed to automatically calculate the variance between financial assets and financial liabilities. That variance, also noted as the GAP on the Schedule of Maturities and Repricing Opportunities report, is expressed in dollars and as a percentage on the bottom of the report. The GAP is accumulated through the one (1) year period maturity bucket and, as noted within the Bankers Bank Funds Management Policy, established as the IRR Gap at that date. In other words, the maturity variance between financial assets and liabilities during the period of the next twelve (12) months represents an IRR to Bankers Bank in that the bank will be unable to reprice financial assets or liabilities in that time period, up or down.

Totals within the above noted reports are reconcilable to the General Ledger, as well as all other noninterest assets/liabilities, prior to inclusion in the Schedule of Maturities and Repricing Opportunities report.

As of the review date, the elements that are incorporated in the IRR calculation at July 31, 2002, reconcile to ancillary reports, providing a complete and accurate interest rate risk measurement.

I think this is a great start and am currently working on editing our current policies to submit. The point I would like to clarify is that general policies should be the same for EVERY bank i.e. we will not discriminate against a protected class. The "how" (Policies) will be different for each bank depending on their size, system etc. While both are needed, I have the Board approve policies but not procedures.

I'd be interested whether anyone has worked on the addition to their BSA policy of the CIP needed by October. We're going through a complete conversion and time is very limited.

Here is a rough draft of my CIP Policy. It is a combination of things that I found on BOL, and a little creative writing. I know it still needs polishing, but it's a start. Any and all suggestions are welcomed.

CUSTOMER IDENTIFICATION POLICY

As part of Bank's overall compliance with Bank Secrecy Act, it is the policy of bank to have a clear and concise understanding of all bank customer practices in order to avoid criminal exposure to the bank by any customer who would use the bank's resources for illicit purposes. The objective of this policy is to attempt to ensure the immediate detection and identification of customers and any suspicious activity at the institution.

The bank recognizes that appearances can be deceiving. Potential customers of a financial institution may appear to be legitimate, but in reality could be conducting illicit activities through the financial institution. Accordingly, it is the policy of the bank to incorporate the following principles into its business practices:
It is the Policy of Bank to Identify bank customers as prescribed by 12 CFR 21 and maintain maximum compliance with the US PATRIOT Act. This is done through:
1. Internal policies, procedures, and controls
2. Designation of _____________as Compliance Officer
3. Ongoing employee training
4. Independent audit function


The term “Account” will include deposit accounts, transaction or asset accounts, and credit accounts or other extensions of credit. (LIMITED to ongoing transactions and services)

The term “Customer” will include individuals, corporations, partnerships, trusts, and any signatory on an account.

I. Internal policies, procedures, and controls

Procedures for identifying customers are set out below and will include:
1. Verifying the identity of any person seeking to open an account,
2. Maintaining records of the information used to verify the persons identity, including name, address, and other identifying information,
3. Determining whether the person appears on any government lists.

Considerations for maintaining compliance will include but are not limited to the following:

a. Verification procedures will be risk-based
b. Acceptable forms of Identification will be outlined below
c. Physical address, if different from mailing address, will be documented
d. Business accounts may be opened if Tax ID number has been applied for but not yet received. In such an instance, a copy of the application must be obtained before the account is opened, or a signatory is added. If the number is not received after 5 weeks, the account will be closed.
e. Identifying information will be verified within a reasonable amount of time, depending on:
i. What type of account has been opened,
ii. Whether all parties are present at opening,
iii. Type of Identification presented.


An integral part of banks Customer Identification Policy is a good knowledge of the transactions carried out by the customers of the bank. Internal systems shall be developed to assist in determining inconsistent activity on behalf of the customer.

As a general rule, the bank shall not establish a business relationship until the identity of the potential customer is satisfactorily established. It is understood that a community bank such as bank has a strong knowledge of the community and the customers it serves; therefore, limited exceptions may be made only when authorized and signed by a senior officer. In all other instances, the following guidelines will be observed.


1. At a minimum, the following information will be collected prior to opening or adding a signatory to any type of account:
a. Name
b. For individuals, date of birth
c. (i) For individuals, residence and, if different, mailing address; or
(ii) For persons other than individuals, such as corporations, partnerships, and trusts: principal place of business and, if different, mailing address;

d. (i) For U.S. persons, a U.S. taxpayer identification number (e.g., social security number, individual taxpayer identification number, or employer identification number); or
(ii) For non-U.S. persons, one or more of the following: a U.S. taxpayer identification number; passport number and country of issuance; alien identification card number; or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.

Identification presented to Bank will be verified pursuant to paragraph (b)(2)(i)(A)§103.121, in the following ways:

Verification through documents:
NOTE: Verification procedures will be risk-based. If an existing customer seeks to open a new account, identification was previously verified, and the bank has a reasonable belief that it knows the true identity of the customer, verification of identification need not be obtained again.

PERSONAL ACCOUNTS

Identification card -
Un-expired government issued identification evidencing nationality or residence and bearing a photograph or similar safeguard. The following will be taken into consideration:

§ The customer's residence or place of business. If it is not in the area served by the bank or branch, ask why the customer is opening an account at that location.


§ The source of funds used to open the account.

§ Service bureau reports.


§ Follow-up with calls to the customer's residence or place of employment thanking the customer for opening account.


A customer may be a referral from a bank employee or one of the bank's accepted customers. In this instance, a referral alone is not itself sufficient to identify the customer.

BUSINESS ACCOUNTS

For corporations, partnerships, trusts and persons other than individuals: documents showing the existence of the entity, such as registered articles of incorporation, a government-issued business license, partnership agreement, or trust instrument.


§ Check the name of a commercial enterprise with a reporting agency and check prior bank references.

§ Follow-up calls to the customer's business thanking the customer for opening the account.

§ When circumstances allow, perform a visual check of the business to verify the actual existence of the business.

§ Consider the source of funds used to open the account.


Non-documentary verification:
Any time that:
§ an individual is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard;
§ the bank is not familiar with the documents presented;
§ the account is opened without obtaining documents;
§ the account is not opened in a face-to-face transaction; and
§ the type of account increases the risk that the bank will not be able to verify the true identity of the customer through documents
Other verification methods may be used, including:
§ contacting a customer;
§ independently verifying documentary information through:
a. credit bureaus
b. public databases or other sources
c. checking references with other financial institutions; and
d. obtaining a financial statement.


Lack of Verification:
Depending upon the type of account requested, limited transactions may be permitted in some instances while the identity of the customer is being verified. For example, a personal checking account, opened with funds from a Social Security check, for an individual’s personal use, could be allowed to begin using the account immediately, while identity is being verified. However, an account opened by a business with several signatories that is opened with a variety of funds and a pending tax ID number could be denied access until Identification procedures have been completed, and funds have been collected. Risk will determine final policy decisions when there is a lack of ID verification.

In the case of Indirect Lending aka: Dealer Loans, faxed identification and notarized signatures will be requested at the time of application.

When the bank cannot form a reasonable belief that it knows the true identity of a customer, an account will not be opened.

2. Pursuant to §103.121(b)(3) Record keeping

Bank will maintain a record of the identifying information provided by the customer. When a document is used to verify the identity, a copy of that document including any identifying information it contains, will be maintained. At a minimum, name, address, and other identifying information will be maintained. Documentation of any additional methods of identification will also be maintained. The resolution of any discrepancy in the identifying information obtained will be kept as well. All of these records will be kept for a period of 5 years after the date the account is closed. Under no circumstances will any collection or retention of identifying information be used to make credit decisions on any prohibited basis under the Equal Credit Opportunity Act.


3. A determination of whether the applicant appears on any government list will be made at the time of account opening. If at any time in the process a name matches any government list, all procedures will be stopped and the senior compliance officer will be notified. Further investigating will be done before the account opening process resumes. If at any time a legitimate hit is confirmed on any government list, the proper Regulatory Agency will be notified immediately. Documentation will be maintained to show that the above process is strictly adhered to.




II. Designation of _____________as Compliance Officer.


__________________________Has been appointed by the Board of Directors to maintain compliance with all aspects of the Customer Identification Policy.

III. Ongoing employee training

All Bank employees will be trained to comply with the following where relevant:
a. Bank Secrecy Act
b. Anti-Money Laundering Policy
c. Customer Identification Policy
d. Wire Transfer Policy
e. Foreign Asset Control Policy



IV. Independent audit function

Bank will support a process to monitor internal compliance with the above-mentioned policies. This process will include periodic reviews to ensure compliance with laws, regulations, and rulings. In addition, reviews of reporting and control systems will be performed. Written reviews of the above mentioned policies will be completed annually and kept on file for a period of at least 5 years.

Thanks for that post as I'm getting ready to retrofit our BSA and Know Your Customer Policies to OFAC and the FBI Control List - Do you wrap those requirements into BSA or a separate policy?

We were just examined by the FDIC and two issues came up: 1) the payee on outgoing wires needs to be checked against the OFAC and FBI Control list, and 2) any entity that just opens a loan account (no deposit account) needs to also be checked against both lists.

Chris:
It's doubtful that anyone posting to this site would post something that in any way discriminated against a protected class. On the other hand, it's also true that inadvertent statements may appear to discrimate, so a review by interested parties could help with those circumstances.

I plan to wrap BSA, AML, OFAC, CIP, and kinda rewrite our "know your customer" policy. All I feel comfortable posting right now is the CIP.

I tell you what, when I had to write our consumer and commerical contracts for Online banking, I went to other bank's websites to review their contracts. I printed them off, sat down with a highlighter and selected the language that was appropriate to our program. Through much "cut & paste" I developed a great contract for our product. I know this is not "policy" but the same theory applies. If you have access to a pool of policies, from all types of banks, then you can effectively develop a good sound policy without the feeling that you ommitted something rather important. Another benefit is that it simply gets the "mind juices" flowing. Once you see how others have developed theirs, yours it is easier to get going and it eleminates that total mindblock when you don't even know where to begin. I think this is a great idea!

Thanks, Elena. This is a great start, I'm going through and doing just what has been suggested. Highlighting areas that are required and then fitting to our existing BSA policy and Bank.

You have a great way of expressing the subject idea and the value of reviewing a variety of policies on the same subject. It is interesting how, given your web example, the review process seems to reveal a clear picture of what to include and how to include it.

Unfortunately, it's looking like there is a lot of interest, but no prize, e.g. there is no money to be made and vendors are lined up, even on this site, to sell policy development product. It's really too bad, as there is so much talent out there is banking land, but bankers are not known for sharing at the policy development level.

With that said, all of us have our policies on our hard disk, but although this thread has been viewed almost 700 times, only about 10 posters have responded, that's about 1%.

Actually, I would be willing to pay a reasonable fee to have access to ongoing policy development at the banker level. The off the shelf plans are mind numbing and expensive. Stuff from the real world is much more insightful, but, sadly, not generally available.

So, it looks like another dead end thread.

Never say never. If we cannot get a BOL tools page with a place to post policies, then as a collective group, we can continue to support each other by simply requesting what your immediate need is in the subject line and those of us who believe in this can post the policies at that time. There is always a way. The downside is that they will be scattered throughout the threads and not in one centralized area.

Mackenzie, Mackenzie, Mackenzie:

Soooo Optimistic! Yes, bits and pieces can be picked up here and there, but a good idea has been passed by.

Vegan,
I don't see any policies originating from you? While you and others may be willing to pay for some policies, by and large most will not. This thread was viewed by a lot of people who might feel that they don't want their policy scrutinized by such a large number of people including some non-bankers. It today's society there might be bottoming-feeder lawyers just looking for something easy to get their teeth into and an easy way would be for someone to post a policy that had something wrong in it i.e. We hold all BofA checks for 10 days. Wouldn't take long for something like this to get blown way out of proportion. If someone needs a policy that I have, I'll send it to them (and they'll know exactly who it came from).
Mackenzie, I'm with you.

I totally agree. I was hesitant to share any policies with the whole forum for the same reasons. However, I would be happy to share my policies with anyone who needs help.