POLICIES
Think policies through carefully, state them clearly and have it written out for all (executives, staff, and regulators) to see.
What are your identification policies?
What reports are you creating?
What is your record retention policy?
What regulations are you complying with and how?
What are your communications procedures?