Policies and Procedures for CMS licence holders/RFMC
Who should approve policies and procedures?
The board of directors should approve the policies of the financial institutions (para. 2.1.2 Guidelines on Internal Controls).
In contrast, the board of directors or senior management should periodically review the code of conduct (para. 2.2.6 Guidelines on Internal Controls). Financial institutions may select the approving body based on the standing of the code of conduct in the specific company. If the code of conduct is the highest-level document that prescribes the values and principles that shape the company and its policies and procedures, the board of directors may be the right body to approve it.
Where the code of conduct states the ethical values of the financial institution and prescribes:
• the guidelines for employees to observe when discharging their duties (covering areas such as acceptance of gifts and entertainment, conflicts of interest, safeguarding of the confidentiality of information)
• disclosure of and restrictions on personal investments (para. 2.2.2 Guidelines on Internal Controls)
• specific guidelines for the operations in functional areas such as private banking or asset management (para. 2.2.3 Guidelines on Internal Controls)
The senior management may be the appropriate body to approve the code of conduct.