Board of Directors Liability
by Tony Brissette
Previously, the Bank Protection Act (BPA) of 1968 was not specific in its wording on whether or not bank directors were ultimately responsible for the implementation of the written security program. This gray area was addressed in the revision of the BPA when the regulators specifically stated:
"It is the responsibility of the bank's board of directors to comply with this regulation and ensure that a written security program for the bank's main office and branches is developed and implemented." Additionally, the BPA stated that: "The security officer for each bank shall report at least annually to the bank's board of directors on the implementation, administration, and effectiveness of the security program."
Penalties for Violation
"A bank or savings and loan association, which violates a rule promulgated pursuant to this Act, shall be subject to a civil penalty, which shall not exceed $100 for each day of the violation" .
Although the author is unaware of any substantial fines for violation of this act, compliance with the BPA ensures that the institution is addressing both safety issues and limiting their exposure to potential security-related lawsuits.
For such a small penalty, why should we care about the BPA? One word - lawsuits!
Customers who are victims of criminal incidents will most likely engage in a lawsuit against the financial institution. If the courts then determine that the financial institution could have expected this type of crime might occur and the bank ultimately failed to adhere to reasonable care or violated a standard of the industry, the bank directors would be placed in a precarious position to counteract the claim.
Most security-related lawsuits would maintain that the financial institution was negligent, defined in Webster's dictionary as the "habitual failure to do the required thing; failure to use a reasonable amount of care when such failure results in injury or damage to another."
Another consideration in the event of a security-related lawsuit is the amount of knowledge that an institution might have that a particular crime may occur and what procedures were implemented to prevent this crime from taking place.
Active or Constructive Knowledge
Actual knowledge could be determined if a bank robbery happened at a bank branch or at a competitors' branch within the same area, or by the knowledge that robberies can and should be anticipated at banks. If you have knowledge that an act has occurred or it can be anticipated that a certain event may happen, actual knowledge has been obtained.
Constructive knowledge can be a result of local, state or federal laws that mandate the need for protective measures. Examples of this might be the BPA and ATM safety regulations in various states. Constructive knowledge can also be considered when a condition exists that would cause a reasonable person to believe that a customer may be in danger of injury or death by the act of a third party.
The Key - Training
There are many conditions that can cause a potential lawsuit at a financial institution. To best defend itself against a security-related lawsuit, the board of directors would want to ensure that all provisions of the BPA are being complied with. Security training is the essential key to limiting losses from security-related lawsuits. All officers and employees must be trained in the procedures for robberies, burglaries, and larcenies on an annual basis to ensure compliance with the BPA.
The failure to adequately train employees is one of six typical factors that are usually scrutinized by the plaintiff's attorney when considering the potential for a successful lawsuit. The other common five factors that are considered are:
- Failure to document policies and procedures,
- Failure to comply with any law or regulation,
- Failure to maintain security devices through testing, inspection and servicing,
- Failure to adhere to standard of the industry, and,
- Lack of proper supervision to ensure policies and procedures are enforced.
Lawsuits - Real & Potential
- A customer is injured or killed in a robbery due to improper employee response during a robbery. The injured customer's lawsuit would be based on the lack of proper training and employee response to robberies, which is often cited in security-related lawsuits.
- A customer alleges to be the person whose identity was stolen and opens a checking account and cashes numerous bad checks. The victim's credit is destroyed or worse the victim is arrested due to the bad checks. The victim could then claim in a lawsuit that the financial institution used improper new account identification procedures, which led to the crime.
- A customer is ambushed at either a night depository or ATM and poor or no lighting is an issue or shrubbery was not trimmed and provided a hiding place for the attacker. This has been and will continue to be an area of numerous security-related lawsuits.
- Violations of the standard of the industry and inadequate security equipment.
- The cashing of corporate or business checks that are being embezzled by the employee of the establishment.
- Safe deposit box burglaries or alleged thefts.
- Improper interviews and interrogations of suspected bank embezzlers.
- Mock robberies and inadequate preplanning for employees.
- Robbery chases by employees who increase the danger to themselves and others.
- Employees carrying weapons on the bank premises resulting in injury or death to another employee or customer result in workplace violence issues.
Due to the events of September 11, 2001, security has been brought to the forefront of everyone's consciousness. It is paramount that the Boards of Directors, as well as administration and security, recognize their responsibilities under the BPA and the Patriot Act and continue to do everything possible to ensure the safety of their employees, vendors, and customers.
Tony Brissette is a veteran of over 30 years as a Director of Security in Massachusetts. Now President of Brissette Consulting Services, Inc. in Shrewsbury, MA, he specializes in bank security training programs. He can be reached at (508) 842-2500
Copyright © 2003 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 13, No. 1, 4/03
First published on 04/01/2003