Answer:
The FDIC covers its expectations in the Risk Management section of its manuals:
"Vacation Policies
All banks should have a vacation policy, which provides that officers and employees be absent from their duties for an uninterrupted period of not less than two consecutive weeks. Such a policy is considered an important internal safeguard largely because perpetration of an embezzlement of any substantial size usually requires the constant presence of the embezzler in order to manipulate records, respond to inquiries from customers or other employees, and otherwise prevent detection. Examiners and bank management should recognize that the benefits of this policy may be substantially, if not totally, eroded if the duties performed by an absent individual are not assumed by someone else. Where the bank's policy does not conform to the two-week recommended absence period, examiners should encourage the board of directors to annually review and approve the policy actually followed and the exceptions allowed. In such cases it is important that adequate compensating controls be devised and strictly enforced. If after consideration of all relevant facts and circumstances it is determined that the vacation policies are deficient, the matter should be discussed with the chief executive officer and the board of directors. Comments and recommendations on the supplemental Internal Routine and Controls schedule may be appropriate. "
This can be reviewed at https://www.fdic.gov/regulations/safety/manual/section4-2.html
print
share