Several banks noted that they were devoting substantial time to reviewing, revamping and developing new policies and procedures. A few banks appear to have the goal of developing a common architecture or framework to harmonise policies and procedures across businesses and make them more user-friendly. These policies and procedures may be based on common elements across business lines or across risks.

One process that received special mention was a formal new product review process involving business, risk management and internal control functions. Several banks noted the necessity of updating risk evaluation and assessments of the quality of controls as products and activities change and as deficiencies are discovered.