Compliance Question of the Week

What policies are we required to have, and which ones need to be approved by the board?

The listed policies should be board approved and reviewed once a year with documentation in the board minutes.
Required Policies—Per NCUA AIRES checklists:

  • Bank Secrecy Act
  • General Lending—Real Estate Lending (including appraisals), Indirect Lending, Business Lending, Agricultural Lending, Construction Lending, Credit Cards
  • Member Business Lending
  • Loan Participations
  • Allowance for Loan and Lease Loss
  • Liquidity Management
  • Privacy
  • Fair Housing
  • Office of Foreign Asset Controls (OFAC)
  • Overdraft
  • Fair Housing Act
  • Investments
  • Truth in Savings Act (TISA)
  • Consumer Reports—Address Discrepancies, Records Disposal
  • General Information Systems and Technology
  • Personnel—the only mention of this is in the IT Policy requirements
  • Plans, Programs, Other
    • Disaster Recovery Plan
    • Security Program
    • Records Preservation
    • Vendor Due Diligence
  • Unlawful Internet Gambling Enforcement Act
  • Risk Based Pricing Notices
  • Red Flags
  • Interest Rate Risk (for credit union’s over $50 million, or those between $10 and $50 million with exposure to IRR)
  • Loan Workout
  • Loan non-accrual
  • Security Program

The other policies that you have may not need annual board review, but it is a best practice to regularly review your policies and procedures to ensure that they are current.

Related Links:

AIRES Exam Questionnaires
NCUA Letter to Credit Unions 10-CU-23
NCUA Letter to Credit Unions 12-CU-11
NCUA Letter to Credit Unions 13-CU-03


Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News.