Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools

   

















    Site Map

    Our Sponsors

    Home





Compliance Gurus
Lending Gurus
Operations Gurus
Marketing Gurus
Technology Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!


Security Procedures
by BOL Guru Dana Turner

Let's take these security procedures one step at a time. Considering the emerging industry-standard security practices, what your institution should -- and in many cases, has to -- do in order to comply with the Bank Protection Act regulations includes:

  • Must do: Adopting appropriate security procedures to discourage robberies, burglaries, and larcenies, and to assist in the identification and prosecution of persons who commit such acts. This means:
    • Robbery: Taking something of value from a person by means of force or fear;
    • Burglary: Entering a building or a vehicle with the intent to commit a theft or any other crime; and
    • Larceny: Taking something of value from a person without the use of force or fear, or misusing something that rightfully belongs to the victim --as in embezzlement.
  • Should do: Develop institution-wide strategic practices for addressing all types of events, and internal and external crimes.
  • Must do: Having the institution's board of directors ensure that a written Security Program for the institution's main office and branches is developed and implemented. This means:
    • The Security Program must be in writing;
    • The board of directors must approve it;
    • The Security Program must apply to all functions located in the institution's Main Office; and
    • The Security Program should not just apply to cash-handling facilities.
  • Should do: Develop institution-wide, function-specific strategic practices for addressing all types of events, and internal and external crimes.
  • Must do: The institution's board of directors must designate a security officer who has the authority to develop and administer a written Security Program for each banking office. This means:
    • The Security Officer should have a written position description that contains appropriate duties, responsibilities and authority;
    • That, because this is one of the few mandatory board-appointed positions, the board of directors should also designate, appoint and train an Assistant Security Officer; and
    • The term "banking office" does not mean a cash-handling facility only.
  • Should do: Designate qualified assistants for each critical position within the institution.
  • Must do: The Security Program requirements include many provisions that may affect institution-wide business operations. This means:
    • Establishing procedures for opening and closing for business (e.g., warning signals, number of persons required and special circumstances);
    • Ensuring appropriate safekeeping of all currency, negotiable securities, and similar valuables at all times (e.g., safe deposit practices, vault controls and inventory procedures);
    • Establishing procedures that will assist in identifying persons committing crimes against the institution and that will preserve evidence that may aid in their identification and prosecution (e.g., standardized identification practices for customers and non-customers, detailed employment background investigations and closed circuit video cameras);
    • Retaining a record of any robbery, burglary, or larceny committed against the bank (e.g., witness statements, investigator's reports and secure evidence storage);
    • Providing for initial and periodic training of officers and employees in their responsibilities under the security program and in proper employee conduct during and after a burglary, robbery, or larceny (e.g., crime-specific, position-specific and frequent training): and
    • Providing for selecting, testing, operating, and maintaining appropriate security devices (e.g., using consultants, vendors and industry-standard specifications).
  • Should do: Develop and implement institution-wide policy, procedure, operations and training manuals and programs for each function.
  • Must do: Install and appropriately operate the following security devices and processes:
    • A means of protecting cash and other liquid assets -- such as a vault, safe, or other secure space;
    • A lighting system capable of illuminating -- at all times -- the area around the vault, if the vault is visible from outside the banking office;
    • Tamper-resistant locks on exterior doors and exterior windows that may be opened;
    • An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery or burglary; and
    • Such other devices as the security officer determines to be appropriate, taking into consideration:
      • The incidence of crimes against financial institutions in the area;
      • The amount of currency and other valuables exposed to robbery, burglary, or larceny;
      • The distance of the banking office from the nearest responsible law enforcement officers;
      • The cost of the security devices;
      • Other security measures in effect at the banking office; and
      • The physical characteristics of the structure of the banking office and its surroundings.
  • Should do: Based upon a comprehensive risk assessment, integrate devices with processes.
  • Must do: Report at least annually to the bank's board of directors on the implementation, administration, and effectiveness of the Security Program.
  • Should do: Report to the board and the audit committee at least quarterly -- or more frequently if necessary -- on the Security Program's progress.
Suspicious Activity Reports
If the Security Officer is also the Bank Secrecy Act Officer, there are some additional requirements, including:
  • Ensuring that Suspicious Activity Reports (SARs) are filed with the appropriate Federal Law enforcement agencies and the Department of the Treasury when the institution detects a known or suspected violation of Federal law, or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act, including:
    • Insider abuse involving any amount;
    • Violations aggregating $5,000 or more where a suspect can be identified;
    • Violations aggregating $25,000 or more regardless of a potential suspect; or
    • Transactions aggregating $5,000 or more that involves potential money laundering or violations of the Bank Secrecy Act.
    • Ensuring that the institution is in compliance with all SAR instructions, including:
    • Time filing
    • Records retention;
    • Appropriate and timely notification to the board of directors; and
    • Confidentiality issues.
Verbatim text of Regulation H and Part 748 of the Nation Credit Union Administration Rules and regulations is located in the Appendix.

Summary
Are you having a difficult time justifying the effort necessary to create an effective Security Program? Consider that your institution's ability to attract and retain qualified personnel and customers is directly related to your institution's professional image and reputation. This image is based upon trust and confidence, and the appearance of safety and soundness.

A professional reputation takes years to acquire, moments to destroy and an eternity to rebuild. Inappropriate and ineffective operational procedures used by your employees may destroy your institution's image, and are among the easiest operational mistakes to prevent. If your institution already has a Security Program, review it and assure yourself and your board of directors that it really meets your institution's needs.

Choose your institution's Security Officer carefully. Provide adequate training and supervision, grant sufficient power and authority to match the assigned responsibilities, and support his/her efforts to provide a safe and secure working environment. Becoming a professional -- and effective -- Security Officer requires special education, training and skills. It isn't a role for everyone. But if you approach the job with the right blend of enthusiasm, dedication and humor, you can easily become one of your institution's most valued assets.

Copyright, 2000, Dana Turner. All rights reserved.

Dana Turner is a principal with Security Education Systems, a consulting, training and investigation firm located near San Antonio, Texas. Dana has served as a law enforcement officer in several capacities, including the investigation of business and banking crimes; as a community college instructor and administrator in both the law enforcement and business management fields; and as a program development specialist and trainer for private businesses, governmental agencies and professional associations.

As a speaker and conference facilitator, Dana has acquired an excellent reputation as a dynamic, knowledgeable and entertaining instructor. In addition to his work with state banking associations, he designs and participates in continuing education programs offered by the American Bankers Association, Bank Administration Institute, Drug Enforcement Administration, the Federal Financial Institutions Examination Council, the Association of Certified Fraud Examiners and Bankers' Hotline.

As a writer, Dana has written many manuals and books, and numerous newspaper, trade publication and magazine articles published and distributed both nationally and internationally.


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.