THE SECURITY OFFICER'S ROLE, Part II by Dana Turner, Security Education Systems
The First Problem: Appointment
The first and most important part of the security function of a financial institution is for the Board of Directors to select and formally appoint the most appropriate person to the job of Security Officer. Unfortunately, on an industry-wide scale, in all but large financial institutions, there are very few Security Officers who actually applied for or sought the position. Most are "appointed" to - or "drafted" for - the position. And, because many Board members don't really understand what the Bank Protection Act or Regulation H -12 CFR Part 298 Subpart F requires or what the Security Officer's job involves, they don't adequately prepare or support the person they select to fill the position. For this reason, the Board of Directors should have a copy of Reg H before a Security Officer is appointed. It is also important for them to know that the liability assumed by the Security Officer is also assumed by the Directors.
The Bank Protection Act and Regulation H state that it is your institution's Board of Directors that is responsible for designating a Security Officer, "...who has the authority to research, develop and implement..." the institution's Security Program. The Security Officer's position often does not require full-time staffing, but the Board should carefully consider both the potential candidates' qualifications and his/her available time that may be dedicated to addressing security issues. Emerging industry-standard professional qualifications for an institution's Security Officer include:
Holding at least a mid-to-upper-level manager's or executive's position (if you have the responsibility for achieving results but you also have no power, you'll never get anything done. The other reason it's important for the Security Officer to be an officer of the financial institution is for insurance purposes. Because of the liability involved, insurance is imperative.);
Membership on the institution's Executive Committee (you can't protect the institution and its personnel unless you know what's going on at all organizational levels);
The ability to report directly to the Board of Directors or an independent audit committee about security matters (you must have a guarantee of absolute confidentiality and the ability to investigate everyone's activities and the Board needs to know at the outset of the non-disclosure requirements of the Bank Secrecy Act.);
Experience in several operational areas (you have to be able to relate and apply security principles and procedures to all functions);
Education regarding business management, occupational health and safety, and the administration of justice fields (you will function as the manager of a business unit, a safety inspector and as a "company cop");
Not also being the auditor (your auditor should act as your investigative companion and as the person who documents investigations); and
The fulfillment of other duties, so long as those duties do not compromise internal controls (someone has to watch you, too).
The Second Problem: Training
What does the Security Officer have to know? Not everything - just where to find everything! You become a "resource" person - an "investigator" and a "detective" - finding, investigating and protecting the relationships shared with the five industry-standard priorities of the Security Department. These priorities include the protection of:
Employees, insiders and institution-affiliated parties;
Customers, vendors and third-party service providers;
Facilities that the institution owns, manages, maintains or controls;
Assets that are both tangible and intangible; and
Records and documents that exist in all forms, paper and electronic.
Neither the Bank Protection Act nor Regulation H requires that the Security Officer be trained about security practices. However, regulatory agencies may develop a "field practice" that mandates training for a Security Officer. Providing initial and continuing training for the Security Officer will lessen both the institution's and the Security Officer's liability in many areas. In addition to state and national membership associations, other private sources are involved with developing industry-standard security practices and offering various levels of training to Security Officers, including:
American Society for Industrial Security (asisonline.org);
Association of Certified Fraud Examiners (cfenet.com);
Local "peer" groups whose membership includes security officers, auditors, human relations officers and compliance officers from other financial institutions along with representatives from law enforcement and prosecuting agencies. (Note - there may not be a local group in existence that you can join. Start one.)
Editor's Note - This series of training pages is for the new and/or experienced Security Officer.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
