The Security Officer's Role by BOL Guru Dana Turner
Are you your institution's Security Officer? If you are, your primary duty is to develop and administer a written Security Program for your institution. This is not an option -- it is a regulatory requirement. And even if it wasn't a requirement, initiating and maintaining an effective Security Program just makes good business sense.
Security isn't just about alarms, robbery procedures and filing Suspicious Activity Reports. Security is the evolutionary process through which we provide a safe and secure environment for our employees to work and our customers to do business. While you don't have to be a full-time Security Officer to be professional, you do have to be a professional Security Officer regardless of how much time that you can devote to the role.
Do you work for an independent, community institution? If you do, the FBI and other law enforcement agencies have warned you that institutions such as yours are the primary targets for robbers, money laundering offenses and counterfeit check schemes. Your institution is at a greater risk to these losses than are larger institutions located in metropolitan areas.
Independent, community institutions generally operate with slim staffs made up of people who have many -- and often conflicting -- duties and responsibilities. Loss prevention, security and operational risk management practices are often overlooked or sacrificed because so many other things are considered more important. The Security Officer in this type of institution frequently has no more than an hour or two a week to dedicate to reducing losses.
Are you a full-time Security Officer? If you are, you may be following the emerging industry-standard guidelines -- one full-time Security Officer is needed for each institution that maintains a combined total of fifteen branches and departments. In other words, if you are responsible for providing security for fifteen institution components (a combination of cash-handling facilities and departments), you have plenty of security-related tasks to keep you busy.
Many Security Officers are restricted to providing security for branch operations only. But industry-standard security practices should be applied to every department, function and facility within the institution. Special emphasis should also be placed on those activities that traditionally contribute to the greatest losses -- the institution's data processing, lending, contract and purchasing functions.
The Problems
The first problem is to select and formally appoint the most appropriate person for the job. Unfortunately, on an industry-wide scale, more Security Officers are "appointed" to or "drafted" for the position than apply for it. And because many board members don't really understand what Regulation H -- 12 CFR Part 298 Subpart F (the regulation which implements the Bank Protection Act) requires or what the Security Officer's job involves, they don't adequately prepare or support the person that they select to fill the position.
Regulation H states that it is your institution's board of directors that is responsible for designating a Security Officer, who has the authority to research, develop and implement the institution's Security Program. The Security Officer's position often does not require full-time staffing, but the directors should carefully consider the potential candidates' qualifications. Emerging industry-standard professional qualifications for an institution's Security Officer include:
Holding at least a mid-to-upper-level manager's or executive's position (if you have the responsibility for results but you also have no power, you'll never get anything done);
Membership on the institution's Executive Committee (you can't protect the institution and its personnel unless you know what's going on at all organizational levels);
The ability to report directly to the board of directors or an independent audit committee about security matters (you must have a guarantee of absolute confidentiality and the ability to investigate everyone's activities);
Experience in several operational areas (you have to be able to relate and apply security principles and procedures to all functions);
Education in both business management and the administration of justice fields (you will function as both the manager of a business unit and as a "company cop");
Not also being the auditor (your auditor should act as your investigative companion and as the person who documents investigations); and
The fulfillment of other duties, so long as those duties do not compromise internal controls (someone has to watch you, too).
The second problem is to train the new Security Officer. What does the Security Officer have to know? Not everything -- just where to find everything. You become a "resource" person and a detective in the truest sense of the word -- finding, investigating and protecting the relationships shared with the five (5) priorities of the Security Department:
Employees;
Customers and other persons on the premises;
Facilities;
Assets; and
Records.
Regulation H does not require that the Security Officer be trained about security practices. Regulatory agencies may develop a "field practice", however, that mandates training for a Security Officer. Providing initial and continuing training for the Security Officer will lessen both the institution's and the Security Officer's liability in many areas. In addition to state banking associations, several other membership associations that are involved with developing industry-standard security practices offer various levels of training to Security Officers, including:
American Bankers Association;
American Society for Industrial Security;
Association of Certified Fraud Examiners;
Bank Administration Institute;
Credit Union National Association; and
Local "peer" groups whose membership includes representatives from law enforcement and prosecuting agencies, retailers and financial institutions.
The third problem is to support the institution's Security Officer. Your institution's primary goals should be to provide effective customer service and to generate a profit. Often, the security function is perceived as an impediment to attaining these goals. A wise board of directors recognizes that a well-trained and professional Security Officer will help the institution keep more of the profits that it makes by creating a "customer-friendly" -- but "offender-hostile" -- environment.
An institution's board of directors that has a clear vision of the security function is often the key to the Security Officer's success. A board can best support the efforts of the institution's Security Officer by:
Insisting upon a "security-conscious" organizational attitude;
Developing and adhering to a Code of Conduct;
Requesting a security "update" and related briefings more frequently than Regulation H's annual requirement;
Requiring that all employees attend security training meetings, particularly the institution's executives and directors;
Participating in a security training program that affects board responsibilities;
Carefully reviewing budget requests for new or enhanced security devices, particularly non-traditional ones; and
Recognizing that most security matters, like many other institution-related matters, are confidential.
Copyright, 2000, Dana Turner. All rights reserved.
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
