i recently attended a seminar about the affiliate marketing rule. it included a sample policy statement....which was one page, very short and to the point. i like this approach. Mosdt of my policy statements appear too long...they have become quasi policy/procedure statements. I would like to revise them to come up with a short and sweet to the point statement and then separate procedures, who does what and when, etc. document. Now, if you are doing the short and sweet version, please let me know:

1. do you also include copies of the procedures when you go to the board?
2. have any regulators ever suggested your policies don't say enough?


Also, I would like to stagger some of my policy statements...say for 18 month review. Now, I know some, such as Privacy and AML related must go annually but....are any of you also using an 18 month schedule...If so, which policies are you presenting?

I find it much easier to keep the policies "short and sweet" and the procedures much more detailed. I send policies only to the Board for approval, no procedures. It makes it so much more efficient to be able to change your procedures as needed and not to have to bring them before the Board for approval.

If we receive a suggestion from the regulators to add something it normally is on the procedure and not the policy.

We use an annual schedule - everyone is aware of when the policies are submitted to Board and a reminder is given at the Compliance Committee meeting a couple of months ahead of time to review and prepare any updates.

I have always been a fan of "short and sweet" policies. The policy is supposed to be the What and Why, not the who, when, how, where (those are procedures). You might like an article we wrote on this topic called "Policies, Procedures and Processes". You can find it at our website (it's the 6th from the top):
http://www.bankerscompliance.com/compliance-resources/free-downloads.htm

Thank you for your responses. David, I checked your document and it pretty much clarifies what a policy should say versus procedures, etc. Now, do you think I should go to the board with a few copies of the procedures, just for them to review or should we take the approach that the board should take as gospel that we have adequate procedures, etc. (this would come out during an audit). Also, I really want to put some policy statements on an 18 month rearrirmation. For example, we have a separate policy for the Right to Financial Privacy Act. Also, we have a sep. statement regarding record retention (We have a schedule that everyone has access to). I want to separate the must do annually from the do routinely. Thoughts on this are welcome....PS see you in Chicago.