Preparing The Annual Security Program Report
by Dana Turner
Regulation H requires that the institution's Security Officer report annually to the board of directors about the status of the Security Program. Although Regulation H does not specify what the annual report should contain, the report should logically address security-specific concerns and common issues reported upon by managers of other business units, including:
- Reported crimes by internal and external sources, including losses;
- Potential recoveries, civil and criminal actions;
- Crime trends within the industry overall, and within this geographical area, in particular;
- Suspicious Activity Report filings and circumstances;
- Pending new or changes to existing laws and regulations;
- Newly-developed industry security standards;
- Advancements in policies, procedures and technology that are applicable to your loss prevention efforts;
- Risk assessment results;
- Control issues requiring modification;
- Budget requests and accompanying rationale; and
- Anticipated staffing changes.
Managing the institution's Security Program requires careful planning, cooperation among departments and functions and an action plan. You do not have to be a full-time Security Director to be successful -- but you do have to be a professional one. Use the varied techniques employed by other successful Security Directors to manage the Security Department as an effective business unit first. Then develop an action plan that helps you to gather the information necessary for both routine use and for presentation to the board of directors. An action plan for the Security Department includes many ongoing tasks, including:
- Becoming familiar with applicable laws and regulations that logically affect the Security Department, such as Regulation H, the FFIEC's Interagency Policy Statement on Contingency Planning, the Americans With Disabilities Act, OSHA guidelines and local fire codes;
- Meeting with various members of your board of directors at least quarterly, so that you can maintain the board's support while keeping the board informed about security issues in a timely manner;
- Working with your Auditor to develop a comprehensive safety and security checklist that you can use to conduct standardized, comprehensive risk assessments, allowing you to identify and correct operational deficiencies quickly;
- Working with your Compliance Officer to develop and enforce compliance policies and procedures;
- Working with a risk reduction specialist from your insurance carrier to develop policies and procedures that reduce both safety and security risks;
- Subscribing to an assortment of safety and security publications to become and remain informed about current industry trends, new crime prevention techniques and other resources that may be available outside your immediate geographical area; and
- Joining or starting a peer group composed of other security professionals in your geographical area to discuss common security issues, and invite representatives of your local law enforcement agencies and retail and wholesale businesses to participate.
Following this action plan will provide you with the information necessary to develop and deliver a comprehensive report to the board of directors. Write your report in a narrative manner and use topic headers, bullet points, charts, statistics and lists to help identify important information. Your report should span three years:
- Last year (historical data);
- This year (current data); and
- Your projections for next year.
A copy of your report should be furnished to each board member before your presentation meeting. Use the presentation meeting to:
- Inform the board's members about your efforts;
- Discuss any concerns; and
- Request the board's support for your budget request.
After you have made your report, request that your presentation be reflected in the board's meeting minutes so that you can show examiners that you have complied with this provision of Regulation H. If the board declines one of your requests, restate your request in phases. Also ask that any stated opposition to or denial of your requests is reflected in the board's meeting minutes.
The Security Director always serves at the request of the institution's board of directors. The Security Director is obligated to furnish the board with sufficient information to allow it to make intelligent and informed decisions about the Security Program. The board has a limited obligation to comply with the Security Director's requests, however.
Note: This article is derived from a workbook section used in Security Education Systems' Security & Risk Management Seminar .
? Security Education Systems 1983 - 2001
Last updated on July 27, 2000
First published on BankersOnline.com 11/5/01
First published on 11/05/2001