<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">
Risk Management

6 Essentials for Flawless Policy Management

October 20, 2020 | Posted by Stephanie Lyon
Clock Image
4 Minute Read

No matter how much time and thought a financial institution puts into developing a policy, there’s always the possibility that a policy might have to be updated or that staff will need a refresher on its contents. As regulations, the operational environment, and your financial institution’s priorities shift, there’s a good chance that some of your policies will have to change too.

Once you have an effective policy in place, there are two key policy management goals:

    • Keep the policy current
    • Ensure business units understand and comply with the policy

How do you ensure your policies are followed and properly managed? Make sure you include these steps in your policy management process:

1. Assign a Policy Owner

The role of a policy owner is twofold— they ensure the policy is reviewed in a timely manner and they offer feedback on what types of updates should be made to the policy. Policy owners do not have to revise the policy by themselves. They can rely on subject matter experts and individual contributors to ensure the policy reflects the latest regulatory changes and identifies business improvements and innovations.

2. Have a Policy Committee

A policy committee takes an active role in ensuring all policies are reviewed, modified, and presented to the board in a timely manner. Policy committees can be comprised of staffers and directors and should meet frequently. They should review policies whenever a triggering event takes place and on a rolling basis, so no policy gets left behind.

3. Retain Past Versions of Policies

Policies evolve over time. Keeping versions of approved policies will allow the institution to quickly and accurately answer questions about prior decisions. For example, if your board has made the decision to increase loan approval amount discretion for loan underwriters, understanding where this threshold was and why it was increased can be really important if an examiner questions the change or if the topic comes up for discussion the following year. Keep summaries of important policy changes instead of relying on hard-to-read redlines.

4. Train Staff on Your Policies

When it comes to staff policy training, an institution should establish a process to:

    • Distribute its policies
    • Make them easily available
    • Ensure the staff has read and understood the documents

One smart way to ensure staffers are made aware of policies is to distribute them during the initial onboarding of new staff. This is a great time to explain to an employee where the institution’s policies and procedures live, how a staffer can retrieve them, and go over documents that will directly affect their day-to-day activities.

Managers should also communicate with affected departments whenever there are changes to policies or procedures. You may want to require the staff to attest that they have read and understood the policy or create a short verbal or written comprehension test. Keep records of attestations and trainings in case you need them during audits, exams, or for disciplinary action.

5. Match Policies with Procedures

Policies and procedures are complimentary documents. While policies are high-level road maps that establish the what and the why, procedures are the “how-to” manual. Procedures should ensure that the institution’s day-to-day operations support policy objectives.

This process can fall apart after several cycles of reviews and updates. Avoid this problem by reviewing related procedures any time a policy goes through the review and approval process. Have a summary of important policy changes to guide the drafting of corresponding procedures.

When storing policies, make sure you link the procedures so you can easily identify which documents belong together.

6. Leverage Technology

Many of the manual processes involved with reminding individuals to conduct policy reviews and updates can be automated with technology—making the update process less onerous, time-consuming, and error-prone. For example, institutions that rely on Excel spreadsheets and other manual processes often fail to review policies on schedule.

It is also a big ask to manually identify internal and regulatory changes that impact a policy and instantly know which policies and procedures need to be updated. Automating parts of the review process frees up policy owners and other staff from administrative tasks, allowing these high-value individuals to focus on items that require their expertise and judgment such as coming up with innovative solutions.

Don’t get caught off guard by out-of-date or neglected policies. Make sure you’re addressing these six elements essential to policy management.

For more insights into policy management best practices, register for our webinar below.

policies for banks

Stephanie Lyon

Stephanie Lyon

Ms. Lyon directs Ncontracts’ compliance program, which includes product development and content. Prior to joining Ncontracts, she was a senior compliance counsel at NAFCU where she advised over 800 financial institutions on compliance-related topics. While at NAFCU, Ms. Lyon served as a faculty member for the NAFCU Compliance School and the Bank Secrecy Compliance Seminar and is a well-regarded public speaker at industry functions. She is a frequent author on compliance and risk management topics. Ms. Lyon got her start in the industry by serving in key roles at financial institutions in risk management, compliance, and BSA operations. Ms. Lyon received her J.D. at the George Washington University Law School.