Service Center
There is a recent rise in scammers using sophisticated techniques to impersonate banks and other trusted organizations. Provident Bank WILL NEVER REQUEST ANY customer or account information through emails, text messages, or incoming phone calls. Contact us immediately at 800.448.7768 if you suspect you are a victim of a scam.
There’s been a lot of talk around here about business continuity plans and financial risk management. But we’ve been thinking, why hear it from us when you can hear it directly from an expert? Jim Christy is Provident Bank’s Chief Risk Officer, overseeing our enterprise risk management program, and he’s exactly the detailed, highly-analytical type of guy you’d want for the job.
With 25 years of banking industry experience in various internal audit, loan review, and risk management positions, he knows his stuff. And what he knows is that while clearly documented policies and procedures may seem stuffy, they are vital to a thriving business.
Here’s what he had to say about the importance of clear policies and procedures, or in his lingo P&P’s, how to develop them and why businesses can’t afford to neglect them.
All companies operate under some form of policy and procedure. For smaller businesses with limited staff, these policies are often maintained in a less formal way. However, as a business grows in size and complexity, it’s crucial to have a set of written policies and procedures.
For a bank our size and for larger businesses, it would be virtually impossible to operate effectively if not for these documents. Our policies, approved in large part by our Board of Directors, are the documents that outline our corporate objectives (“what” we should be doing), while our procedures provide the method by which we will accomplish those objectives (“how” we will do it).
For example, we have a corporate loan policy that covers all parts of our lending business and describes not only the expectations of the Board, but also the level of risk the bank may assume at any point as its loan portfolio grows. Policies connect our strategy to a set of Board directives that clearly articulate a path forward while providing the boundaries for safe and sound business practices.
The benefits for maintaining policies and procedures include:
There are a few ways to start. I like to begin developing P&P’s by simulating an emergency. We run table-top scenarios at the bank throughout the year as part of our business continuity planning process. It’s a simple way to isolate the most important functions of your business, making sure you can run these functions with a limited staff if needed.
A very good (or better stated, “extremely bad”) scenario to imagine is what you would do if your most critical employee was suddenly out for an extended period of time. Which functions will most likely be impacted, who will execute them, and who will oversee them if they need supervision? You should make sure you have a good set of procedures covering these functions.
We have the benefit of an internal audit department, whose expertise is in process workflows and “walkthroughs.” They are very good at interviewing our key employees on what it takes to perform their critical duties and then crafting a process narrative. These walkthroughs often reveal some interesting monkey wrenches.
As a more structured approach begins to develop, you may want to establish a procedure template, which helps standardize your process. First attempts usually wind up containing too much non-essential information. Procedures are not intended to be user manuals, particularly if user manuals already exist; rather, they are intended to outline the primary steps involved in a process and identify who (position, not name) has been assigned to perform those steps. In general, procedures should describe how the underlying process is initiated, authorized, recorded, processed, and reported.
In addition, for functions that expose the business to risk if the process is not followed correctly, you should outline an escalation system that identifies and approves exceptions to a particular policy or procedure.
Finally, don’t hesitate to ask your networking peers if you can review procedures with them. I also check with my third-party partners to see if they can help me find procedure resources or put me in touch with another financial institution that would be willing to share its procedures. I find this to be a very rewarding approach.
The investment in maintaining a set of policies and procedures is not cheap. Oftentimes, we ask our managers to take time away from their daily responsibilities to review and update their procedures. It’s not easy; however, we find the alternative to be a nonstarter - particularly when the unexpected hits.
We learned this firsthand during Superstorm Sandy. We are extremely proud of the fact that our bank remained open both during the storm and in its immediate aftermath. We owe a lot of that to the determination of our employees who were called upon to report on those days, as we ran on generator power, assessed the damage to our various locations, and worked hard to restore full services. By Friday of that week, we were able to call back our entire workforce. It was a great accomplishment for the team.
As we worked through those days, it was apparent that some of our procedures were critical to our process; we needed more redundancy, operations were re-prioritized, some automated functions required manual intervention. We relied on our procedures to manage these disruptions and then cross-checked our work. It was a critical element of our business continuity process.
I hope this helps and good luck in your P&P efforts!
This is an installment in the Provident Business Forum’s “Ask the Expert” series. If you are an expert or know of an expert in his/her field who would like to be interviewed for an article, please contact Bernadette Macko or Corinne Kison.