Kevin Malicki keeps financial institutions up-to-date on Governance, Risk, and Compliance (GRC) as Director of Product Management at Harland Clarke.
Remember the golden rule?
C. Y. A.
Cover Your Assets.
Nothing puts your assets at risk more than confusing, conflicting and out-of-date policies and procedures. Consider them your evidence — as in actual legal “evidence” — that will keep your financial institution out of trouble.
You must be able to show auditors that your policies and procedures are clearly communicated, read and understood by your employees. The last thing you want is to be caught scrounging for the right document when an auditor comes knocking.
So here are some best practices to follow when updating policies and procedures:
- Store them in a web-based solution that can be found easily and is searchable — this will steer employees away from printing copies that run the risk of becoming outdated
- Make sure your solution can track views — this can prove to be beneficial for training purposes; an area that is getting a lot of views may indicate a need for more training (or vice versa: an area that is being ignored may need explaining)
- Exceptions and exemptions to your policies should be noted, stored and archived so that they can easily be explained to an auditor should the need arise
- Policies, in general, need to be archived to capture numerous versions
Getting a system in place that can do these things will go a long way in protecting your institution should you ever be audited. So a little upfront work now can pay huge dividends later.
In fact, the ability to provide a document when subpoenaed could save you in court.
That, in turn, could save your assets and, potentially, your financial institution.
>>Ready to improve your institutions’ risk and compliance efforts? Click here to get the 40 question checklist, “Questions Institutions Should Ask When Assessing Data Breach Risk.