A board derivatives policy in 12 pages: what should and shouldn't be in it

Most public-company derivatives policies fail in one of two directions. The eighty-page version reads like a vendor brochure and contains no decision the board can actually defend. The two-page version is a permission slip with no constraints. The useful artifact is closer to twelve pages, written with the audit committee as its primary audience.

Twelve is not magic. It is the length at which scope, sizing, approvals, audit-trail, regime triggers, reporting, and exceptions can each be stated in plain English with enough specificity that a successor CFO and a successor board can read it cold and run the program the same way as the predecessor.

What belongs in the document

Scope and instruments. Which underlyings, which products, which counterparties. If a class of instrument is permitted, the policy says so by name; anything not named is forbidden. The policy is a positive list, not a list of prohibitions.

Sizing limits. Limits expressed as a share of the relevant exposure (delta-equivalent on the reserve asset, vega against balance-sheet sensitivity, notional against liquidity), not as raw dollar notional. Hard caps and soft thresholds, with the soft threshold trigger requiring documented review.

Approval matrix. Who signs on what. A single CFO signature for routine roll inside the program; a CFO plus audit-committee chair for an expansion of size or instrument; a full committee vote for a new underlying or a new counterparty class. Each row paired with the dollar threshold and the documentation requirement.

Audit-trail standard. Every trade, every quote, every roll, every exception logged in a form an auditor can pull on demand. Multi-dealer pricing on every roll, with the dispersion archived. The intent is not paranoia; it is that the file the auditor opens in March looks the same regardless of who is sitting in the seat.

Regime triggers and pre-defined responses. Drawdown thresholds, funding-spread thresholds, NAV-discount thresholds, counterparty- concentration thresholds. Each paired with the response it authorizes (review, resize, unwind), so the response is on file before the trigger fires, not negotiated under pressure on the day it does.

Reporting cadence. What goes to the full board monthly, what goes to the audit committee weekly, what is available on demand. Single source of truth, versioned, immutable archive.

Exceptions and amendments. The out-of-policy procedure: how an exception is requested, who approves, how it is documented, how the exception is closed out or formalised into the policy.

What stays out

Trading rationale, market views, P&L targets, dealer commentary, anything that ties the policy to a specific regime or a specific person's read of one. The policy authorises an architecture; it does not commit the company to a thesis. Theses change; the architecture should not need to be re-litigated when they do.

Boilerplate disclaimers and second-order legal recitations also stay out of the body of the policy. They live in an appendix or a separate document. The policy itself is an operating manual, not a compliance brochure.

Why this works

A twelve-page document of this shape gives the audit committee something specific to defend, the CFO something specific to operate inside, and the auditor something specific to test against. It also gives a successor team a complete handover. The program survives a CFO change, a chair rotation, a regime turn, because the policy encodes the program rather than the people running it.