BAI Policy Considerations
BAI provides compliance professionals with industry-specific actionable content that helps them make informed decisions during the policy management process. The Policy Consideration documents listed below are only available as part of the BAI Policy Manager. Each Policy Consideration document provides insight into which regulations impact which policies as well as explain the key policy issues that are important to regulators.
| BAI Policy Consideration | Description |
|---|---|
| Acceptable Use | This policy consideration covers the protection of an organization’s information technology (IT) assets, through use and ownership guidelines, access control standards, limits. |
| Acceptable Use of Information Technology Resources | The policy governs use of information assets and information systems. This policy consideration addresses the protecting of confidentiality, integrity, and availability of info. |
| Accounts Payable and Employee Expense | This policy consideration provides guidelines for the Accounts Payable function for the organization, and to employees regarding expenses. Specific topics include reimbursement. |
| Active Shooter | The policy consideration covers what employees should do to protect themselves, those around them, and the organization, in the event of an active shooter situation. It also includes response procedures. |
| Americans with Disabilities Act | The policy consideration provides clear guidance on how an organization will comply with the rules of the Americans with Disabilities Act (ADA). Title III of the ADA requires equal access. |
| Appraisal | The policy consideration covers the development and administration of an appraisal and evaluation program for use in real estate lending, definitions for key terms, independence. |
| Artificial Intelligence (AI) | The policy consideration covers establishing guidelines and best practices for the responsible, ethical, and secure use of artificial intelligence (AI) within an organization. |
| Asset and Wealth Management | The policy consideration covers the organization’s rules and procedures for offering asset and wealth management products and services. Specific topics covered include the management framework. |
| Asset-Liability Management | The purpose of the policy consideration is to describe the types of risks an organization can face, the models used to manage the risks, designated responsibilities for the board. |
| Audit | This policy consideration covers the protection of an organization’s internal and external audit programs. These programs provide important information for the board of directors. |
| Automated Clearing House | This policy consideration covers the internal controls utilized to comply with the laws, rules and regulations for processing automated clearing house files and transactions. |
| Bank Bribery Act | The policy considerations covers internal controls to oversee activities where employees receive gifts, or things of value and providing guidance to help the organization from being compromised. |
| Branch Closing | This policy consideration covers the regulatory requirements related to branch closings. Specifically, it addresses operating hours and emergency closings, applicable situations. |
| BSA/AML Comprehensive | The policy consideration covers the internal controls designed to comply with the Bank Secrecy Act (BSA) and all federal regulatory requirements for anti-money laundering. |
| BSA/AML for Marijuana Businesses | The policy consideration covers federal requirements for organizations that provide banking services to marijuana-related businesses, (MRBs). Specific topics include the federal guidance. |
| Business Continuity Management | The policy consideration covers the principles used to sustain critical operations of the organization in the event of a severe business interruption. Specific topics include procedures. |
| Cash Management | The policy consideration covers establishing internal controls for mitigating the risks associated with offering cash management services, including responsibilities for the implementation. |
| CECL | The policy consideration covers the accounting changes to ASC 326 (replacing it with ASU 2016-13) with the impairment model implementation used to recognize impairment. |
| Charitable Donation Accounts | The policy considerations covers the rules and requirements for offering charitable accounts in compliance with IRS 501(c)3. |
| Clean Desk | The policy consideration covers internal controls used to protect sensitive and confidential information found on documents and devices, which must be safely secured when not in use. |
| Cloud Computing | This policy consideration covers internal controls handling, storage, and removal of non-public personal data in the cloud. The policy should consider adequate classification. |
| Commercial Loan (CML) | The policy consideration covers the controls used to mitigate the commercial lending activities of the organization, key definitions, co-signers and guarantor information, the process. |
| Commercial Real Estate (CRE) Loan | The policy consideration covers the types of real estate lending loans permitted and not permitted at the organization, term and amortization requirements based on loan types. |
| Community Reinvestment Act (CRA) | This policy consideration covers the purpose of the Community Reinvestment Act (CRA), which is to encourage depository institutions to help meet the credit needs of low-income areas. |
| Complaint | The policy consideration provides guidelines to ensure that the organization will receive, record, and investigate complaints, categorize and perform trends analysis on them. |
| Compliance Management Systems | The policy consideration covers the roles and responsibilities of the compliance officer, board of directors, management, and compliance council, auditing initiatives, and accountability. |
| Consumer Leasing | The policy consideration covers establishing guidelines to oversee and manage the consumer leasing program at an institution, including the development of controls to mitigate risks. |
| Consumer Loan | The policy consideration covers the types of consumer loans covered by the policy include personal loans, deposit account secured loans, unsecured loans, overdraft lines of credit. |
| Corporate Governance | This policy consideration covers the strategic guidance and controls of the organization, mostly at a corporate level. |
| Credit Card | The policy consideration covers regulatory requirements that include disclosure requirements, change-in-terms notices, permissible fees and charges, periodic statements, credit limits. |
| BAI Policy Consideration | Description |
|---|---|
| Credit Card Compliance | The policy governs the establishment and maintenance of an effective compliance management system to applicable laws and regulations. It covers other topics such as PCI compliance. |
| Cryptocurrency | This policy consideration covers federal and state regulatory requirement for financial organizations that provide cryptocurrency product and services, as well as procedures. |
| Cybersecurity | This policy consideration covers guidelines and internal controls for establishing and maintaining a secure environment designed to protect non-public personal information. |
| Data Privacy | The policy governs the safeguards the institution will need to establish to protect personal information against unauthorized access, disclosure, or misuse, while complying with laws. |
| Data Retention – Protection – Maintenance | The policy governs the process of ensuring that the Institution’s data, ensuring it is appropriately protected, classified, retained, and maintained to keep customer data and the institution safe. |
| Diversity Equity & Inclusion | The policy consideration covers how the organization fosters a diverse, equitable, and inclusive workplace that reflects the different backgrounds, beliefs, and experiences of staff. |
| Do-Not-Call | The policy consideration covers the things marketers can and cannot do, including any safe harbor procedures that must be met. |
| Elder Abuse | The policy consideration provides written guidance to financial institutions for detecting and preventing financial exploitation and fraud targeting elderly individuals. |
| Electronic Signatures in Global and National Commerce Act (E-SIGN Act) | The policy consideration covers the requirements a financial institution must complete to have consumer electronic signatures and acknowledgements be considered legal and binding. |
| Eligible Obligations | The policy consideration covers the types of loans that are eligible for purchase, sale, and pledging. In addition, the policy must identify the due diligence needed to evaluate the loan(s) that will be involved in the exchange between the federal credit unions. |
| Enterprise Risk Management | The policy considerations covers the factors that go into the development and implementation of an enterprise risk management program, and the responsibilities of senior management. |
| Environmental Risk | This policy consideration covers guidance to protect the organization’s loan collateral from the potential adverse effect of environmental contamination, and the organization’s liability. |
| Exceptions | The policy governs handling security exceptions, making sure that any deviations from established security policies and standards are managed and do not extend beyond their scope. |
| Fair Credit Reporting Act (FCRA) | The policy consideration covers the permissible purposes for obtaining and using information received from a consumer reporting agency (CRA), definitions, protection of data. |
| Fair Debt Collection Practices Act (FDCPA) | The policy consideration covers the requirements for debt collectors who perform debt collection services on behalf of another creditor, definitions of key terms, disclosure requirements. |
| Fair Lending | The policy consideration covers management’s commitment to prohibiting discrimination in all lending activities and making credit available to all credit-worthy applicants. |
| FDIC Insurance and Signage | The policy consideration covers the deposit and non-deposit activities which must be governed, and monitored to provide clear communication through disclosures whether insured. |
| Financial Technology Company Providers | This policy consideration covers the due diligence process for evaluation and oversight of financial technology service providers. |
| Fintech Bank Partner | The policy consideration covers performing due diligence with a fintech third-party to enable them to offer a product, service or system on behalf of the organization, oversight. |
| Flood Disaster Protection Act (FDPA) | The policy consideration covers the federal flood requirements for real-estate secured loans made, increased, renewed and extended by financial institutions, where the property is located. |
| Foreign Branching | The policy consideration covers the business plan elements, and considerations that a credit union must address to establish a foreign branch. |
| Fraud | The policy consideration covers how to detect and prevent fraud at the organization, roles and responsibilities of management and applicable staff, developing a culture that prevents fraud. |
| General Loan Policy | The policy consideration addresses the inherent risk of having a lending program, including having lending authorities, responsibilities, and risk tolerances for all the loans offered. |
| Generative AI | The policy governs the risks for the Institution relating to accuracy, privacy, security, and intellectual property rights when using Generative AI. It establishes clear guidelines. |
| Governance (ISP) | The policy addresses the roles, responsibilities, and processes necessary to ensure that information security initiatives are aligned with business objectives, regulatory requirements. |
| Human Resources Code of Conduct | The policy consideration covers developing and maintaining a culture that promotes honesty, integrity, and ethical conduct towards employees and others, rules for conduct and behavior. |
| Human Resources Harassment | The policy consideration covers the federal requirements for preventing harassment in an organization, and the commitment from the Board and Management to create an environment free from it. |
| Human Resources Salary Administration | The policy consideration covers compensation and incentive salary requirements for the organization, roles and responsibilities, loan originator salary requirements, prohibitions. |
| Human Resources Telecommuting (Work from Home) | The policy covers the organization’s criteria and practices for supporting remote work employees, eligibility to work remotely, support available to remote workers, management oversight. |
| Human Resources Vaccination | The policy covers the organization’s mandatory vaccine requirements as a condition of employment, exemption criteria and approval process to the policy requirements, types allowed. |
| Human Resources Whistleblower | The policy covers the protection of employees who report improper actions to the organization or by the organization, key definitions, authority and responsibilities of senior management. |
| Identity Management and Access Control | The policy addresses procedures and guidelines for managing user identities and controlling access to Institution’s information systems and resources. |
| BAI Policy Consideration | Description |
|---|---|
| Identity Theft Program | The policy consideration covers the establishment, updating, and administration of an identity theft program, change of address requirements, guidelines for identifying, detecting fraud. |
| Incident Response and Disaster Recovery | The policy establishes a comprehensive framework that protects Institution’s information assets and ensures business continuity in the event of a disruption, ensures compliance. |
| Incident Response and Preparedness | The policy consideration describes how the organization will prevent, identify, and respond to security incidents, roles and responsibilities of the incident response team, threat response. |
| Indirect Dealer Loan | The policy consideration addresses the governance of the lending relationship between the financial institution and the third-party to finance the purchase of a consumer product. |
| Information Security | The policy establishes a comprehensive information security management system that protects Institution’s information assets through robust security practices. |
| Information Systems Security (IT Security) | The policy consideration describes the process of receiving, storing, transmitting, and disposing of sensitive information received from consumers and protecting and maintaining it. |
| Interest Rate Risk (IRR) | The policy consideration covers what establishing guidelines and best practices for the responsible management of interest rate changes can bring to an organization. |
| Internet and Electronic Mail (E-Mail) | The policy consideration covers the appropriate use by employees of company-owned internet service and email application systems, acceptable content for internet and email use. |
| Internet Banking | The policy consideration covers the guidance to managing the organizations internet banking program, including processes and controls needed to ensure accessibility and safety. |
| Investment | The policy consideration covers the key components of the investment policy, how it effects the organizations ability to meet liquidity needs, increase revenue, and match objectives. |
| IRA | The policy consideration covers applicable definitions, the types of IRA’s offered and their features including whether they are self-directed or managed funds, contribution amounts. |
| Liquidity | The purpose of the policy consideration is to list the responsibilities and controls used to manage the liquidity position of the organization, and what factors are needed. |
| Loan Collection Program | The policy consideration covers the internal controls used to comply with applicable laws and regulations, and how to mitigate the inherent risks associated with delinquent payments. |
| Loan Participation | The policy consideration covers the risks and regulations which apply to organizations that originate or participate in loan participation agreements. |
| Loans and Lines of Credit to Members | The policy consideration covers the federal requirements for offering loan products to members, maturity term limits, rate limits, lending limits to one borrower, and requirements. |
| Loans to Credit Unions | The policy consideration covers situations where a Federal Credit Union may make a loan to other credit unions, the limits that can apply with respect to concentration borrowing. |
| Marketing Plan and Program | The policy consideration covers the regulations that apply to marketing advertisements and who is responsible for ensuring that ads are compliant before being released. |
| Member Expulsion | The policy consideration covers the situations where a federal credit union may expel a member, and provides a clear definition of when a member is not considered in good standing. |
| Military Lending Act (MLA) | The policy considerations covers the requirements applicable to ensuring the rights and privileges to active duty servicemembers and their spouses and certain dependents. |
| Mobile Banking | The policy considerations covers the system and authentication requirements for conducting a persons banking through the mobile banking application, internal controls for safety. |
| Model Risk Management | The policy consideration describes the policy governance of the organization’s use of quantitative analysis and models for decision making on a broad range of activities. |
| Mortgage Loan | The policy consideration covers the regulatory requirements and inherent risks associated with mortgage lending, which includes specific topics and compliance areas. |
| Mortgage Servicing | The policy consideration covers the different sections of the policy, which rules are exempt by small servicers, content and timing requirements, prompt payment application. |
| Mortgage Serving – Large Servicer | The policy consideration covers the following topics: Relevant regulatory definitions, Loan servicing thresholds and entity types for large mortgage servicers, servicing transfers. |
| Overdraft | The policy consideration covers the management, monitoring, authorization, and reporting of overdrafts, set overdraft limits, applicability of fees, de minimums limits, daily limits. |
| BAI Policy Consideration | Description |
|---|---|
| Payday Alternative Loans | The policy consideration covers the permissible types of loans offered under a payday lending program, disclosure, content, and timing requirements, and types of loans permitted. |
| Payment Systems | The policy consideration covers definitions of key terms, system payment types, associated implementation risk, governance framework, standard operating procedures, roles. |
| Physical Security | The policy consideration covers the facility opening and closing guidance, building access systems, interior and exterior lighting, vault access guidance, cash drawer, vault areas. |
| Public Notice | The policy consideration covers the situations where public notice is required, content and confirmation requirements, special considerations, list and availability of public notices. |
| Reconsideration of Value | The policy considerations addresses the process for submitting complaints related to possible errors or misinformation related to the appraisal and/or evaluations developed for a consumer mortgage loan transaction. All complaints will be logged, and reviewed through the institution’s complaint management protocols, and communication with the applicant on the status of the compliant will be timely and resolved within 30 days. |
| Records Preservation Program | The policy consideration addresses which types of documents need to be retained permanently and who is responsible for maintaining them. |
| Regulation B – Equal Credit Opportunity Act (ECOA) | The policy consideration covers the requirements for both consumer and commercial loans to offer credit equally to all who qualify based on the institution’s criteria. |
| Regulation C/Home Mortgage Disclosure Act (HMDA) | The policy consideration covers the regulatory requirement for the collection, recording, reporting, and disclosing of individual data points about certain types of mortgage transactions. |
| Regulation CC | The policy consideration covers the regulatory requirement for the collection, recording, reporting, and disclosing of individual data points about certain types of mortgage transactions. |
| Regulation DD/Truth In Savings Act (TISA) | The policy consideration covers the disclosure timing and content requirements utilized to enable consumers to make informed decisions about deposit accounts, including timing. |
| Regulation E/Electronic Fund Transfer Act (EFTA) | The policy consideration covers the rights, consumer and financial institution liabilities, and responsibilities of consumers who use electronic funds transfers, access devices. |
| Regulation G – SAFE Act | The policy consideration covers the roles and responsibilities of those within the organization to ensure mortgage loan originators (MLOs) acting on behalf of the organization comply. |
| Regulation K | The policy addresses the requirements and prohibitions of foreign banking agencies doing banking related activities within the U.S. The policy addresses the limits covered under it. |
| Regulation O | The policy consideration covers the making or extending credit to insiders that prohibits them from receiving more favorable terms than other borrowers, definitions of key terms. |
| Regulation P/Privacy of Consumer Financial Information | The policy consideration covers applicable definitions, and guidelines to financial institutions on the circumstances where information obtained about individuals who obtain services. |
| Regulation W | The policy consideration covers a clear understanding of the provisions and how to satisfy the requirements, definition of covered transactions, definitions of key terminology. |
| Regulation Z | The policy consideration covers the key important disclosures and requirements for consumer loans such as closed-end mortgages, HELOCs, credit cards and installment loans. |
| Remote Deposit Capture Program | The policy consideration covers the guidelines for managing the mobile system designed for a mobile deposit transaction delivery system, accurately and timely processing transactions. |
| Right to Financial Privacy Act (RFPA) | The policy considerations covers situations where financial records of financial institution customers are requested by government authorities. The policy describes the specific procedures. |
| SAFE Act | The policy consideration describes how the organization will assign roles, and responsibilities for getting MLOs registered, assigning them unique identifiers, monitoring for compliance. |
| SAFE Deposit | The policy consideration covers the controls used to mitigate the inherent and legal risks associated with offering safe deposit boxes including guidelines and procedures. |
| Safety Program | The policy consideration typically covers the components for developing and maintaining a safety program in the organization, performing investigations, providing training. |
| BAI Policy Consideration | Description |
|---|---|
| SCRA | The policy consideration covers the protections available to servicemembers in certain situations where financial transactions may infringe on their rights during military service. |
| Small Business Administration Loan | The policy consideration covers types of commercial lending programs available, underwriting and documentation requirements, evaluation borrower creditworthiness, SBA requirements. |
| Social Media and Networking | The policy consideration covers the policies and procedures utilized by the organization to govern the risks, consumer laws and regulations, guidance associated with using social media. |
| Stored Value and Prepaid Card | The policy covers the strategic objectives, risks, and regulatory requirements relevant to the organization’s stored value/prepaid card program, identifying, assessing, monitoring risks. |
| Stress Testing Program | The policy covers the stress testing requirements for large banks under the Dodd-Frank Act, threshold and institution types and types subject to the requirements, roles and procedures. |
| Student Loan Program | The policy consideration covers the criteria, terms, and conditions applicants must meet to be eligible for loans offered through the organization’s student loan program, underwriting. |
| Telephone Consumer Protection Act (TCPA) | The policy consideration addresses the procedures institutions need to follow to protect consumers privacy and protect the institution from potential liability. |
| TILA-RESPA Integrated Disclosures | The policy consideration covers the disclosure content requirements and timing requirements institutions must comply with when offering closed-end mortgage loans secured by property. |
| Training for Officials | The policy addresses the requirements for federal credit unions to provide training for new and incumbent board members to allow them to be equipped to comply with their fiduciary responsibilities. |
| Trust Accounts | The policy consideration covers the rules for opening and maintaining trust accounts, including recordkeeping and confirmation requirements, assets held for safekeeping, procedures. |
| UDAAP | The policy consideration covers guidelines to financial institutions to prevent unfair, deceptive, or abusive acts and practices for any transactions of consumer products and services. |
| Vendor Management Program | The policy consideration covers how an organization should establish, and maintain an effective vendor management program, important definitions necessary to provide clarity. |
| Wire Transfer | The policy consideration covers sending money via wire transfer from the organization to another, how to comply with the applicable federal and state regulatory requirements. |
| Workout and Non-Accrual | The policy consideration describes how the organization should evaluate potential workout loan situations, when a loan should be placed on non-accrual status and when it can be removed. |