“As chief executive at General Motors, Mary Barra practices what she preaches. Her management philosophy is epitomized by GM’s workplace dress code—which is equally brief, and also an antidote to the restrictive, wallet-draining policies at many large corporations. It reads, in full: ‘Dress appropriately.’”
Much can be learned from this when it comes to writing BSA/AML policies (what you must do), procedures (how you must do it), and policedures (those bridge-too-far documents that describe what to do and how to do it). Tremendously detailed and prescriptive policies and procedures are usually impossible to adhere to on a day-to-day basis, invariably ignored in times of stress, and often turned against you by regulators and prosecutors. Granted, a two-word policy may not cut it with regulators or those in the implementation trenches, but a general rule to follow may be that you keep your policies below 1,500 words: after all, if the US Colonies can declare their independence from Britain in 1,458 words, a decent BSA Governance team can declare that a bank adhere to customer due diligence regulations in 1,458 words (or less).
A common policy drafting mistake is to assume that the theory of the policy will translate into sound practice in the front line units. As the great philosopher Yogi Berra said, “in theory there is no difference between theory and practice: in practice there is.” So give your policies and procedures (and your policedures) to those people in your organization that are supposed to be following them, and have them tell you whether the practice of implementation meets the theory of compliance.
And on a related note, if your program is replete with “Roles & Responsibilities” documents and intra-company service level agreements, take another look at your corporate policies and line of business procedures: R&Rs and SLAs are often manifestations of the failure to write policies and procedures that can actually be understood and followed.