Eight Rules for Compliant Policies

Michael Carter
July 3, 2012 | COMMENTS

“Do I have to have a policy for that? This is a question our compliance team gets just about every day. And whether the document in question is for an examiner or an independent auditor, the answer is most likely yes. Of course, the next question we hear is, “Do you have a sample I can use?” That answer is also yes! The association offers all member credit unions access to CU Policy Pro, a database of more than 200 policies (updated semi-annually) that can be edited to fit each credit union’s needs and saved in an online policy manual.

Even with resources like CU Policy Pro, it’s important to understand how to develop and implement compliant policies—and what rules should be followed along the way. Here’s a collection of my favorites:

1. Make the policy your own. It is extremely important to make sure that any reference to a credit union in the policy is indeed your credit union. Without this basic step, your policy will be questioned.

2. Keep names out of it. A common mistake is naming the individual responsible for certain tasks by name and not title. Even though Mary has been with your credit union for a long time, she won’t be there forever. By using her title instead, you can reduce the need for updates later.

3. Get board approval. All policies should be approved by your board of directors. Once your policy is complete, bring it to the board at their next meeting.

4. Tell the world! Once your policy is written and approved by the board, make sure those who are impacted by the policy are aware of what it contains (or what has changed) and what steps are required to implement the policy.

5. Educate. There may be an occasion where someone responsible for implementation of the policy does not understand what the policy is requiring or how to write procedures to implement the policy. Be there to lend a helping hand.

6. Use the regulator (and anybody else, for that matter) as a resource. NCUA has good information that you should be aware of when creating a policy. NCUA issues letters to credit unions, legal opinion letters and regulatory alerts that provide guidance to assist you in writing policies and procedures. These publications also provide guidance on changes to the regulatory environment, interpretation on certain rules and information about what regulators are requiring.

Other resources include: the Association’s compliance services team, CU Policy Pro and InfoSight (online resources provided as a benefit of your association membership), CUNA,  and other credit unions.

7. Review regularly. Every year, you should review your policies, make any required updates, have the board approve the updates and implement the changes. Additionally, your policies should be updated anytime a significant change occurs (e.g., a regulatory change, a new product or service is being offered, a change in field of membership). No matter what, make sure you review all your policies each year—even if the edits end up being minor.

8. Make sure employees are complying with the policy. This is where an independent audit can be very helpful. By having a third party review your policies and provide feedback, you can help make your NCUA or state exam go much more smoothly. Also, take time to meet with the employees who are responsible for following the policies and make sure they are meeting all the necessary requirements.

By observing these eight rules, you can help ensure that your credit union’s policies are compliant and ready for examiner review.

Michael Carter is director of compliance for Credit Union Association of New York. Contact him at michael.carter@cuany.org. Reprinted with permission from Connection, the publication of the Credit Union Association of New York (www.cuany.org).