Preparing Your Annual Security Program Report
by Dana Turner, BOL Guru
The Bank Protection Act requires that the institution?s Security Officer report annually to the Board of Directors about the status of the Security Program. The regulations don't specify:
- If the report must be in writing;
- Who must deliver the report; or
- What information the report must contain.
The Security Department As A Business Unit
Managing the institution?s Security Department requires careful planning, cooperation among departments and functions -- and an action plan. You do not have to be a full-time Security Officer to be successful -- but you do have to be a professional one. Use the varied techniques employed by other successful Security Officers to manage the Security Department as an effective business unit first. Then develop an action plan that helps you to gather the information necessary for both routine use and for presentation to the Board of Directors. An action plan for the Security Department includes many ongoing tasks, including:
- Becoming familiar with applicable laws and regulations that logically affect the Security Department, such as the Bank Protection Act, Regulation H, the FFIEC's Interagency Policy Statement on Contingency Planning, the USA Patriot Act, the Americans With Disabilities Act, OSHA guidelines and local fire codes;
- Meeting with various members of your Board of Directors at least quarterly, so that you can maintain the Board?s support while keeping the Board informed about security issues in a timely manner;
- Working with your Auditor to develop a comprehensive safety and security checklist that you can use to conduct standardized, comprehensive risk assessments, allowing you to identify and correct operational deficiencies quickly;
- Working with your Compliance Officer to develop and enforce compliance policies and procedures;
- Working with a risk reduction specialist from your insurance carrier to develop policies and procedures that reduce both safety and security risks;
- Subscribing to an assortment of safety and security publications to become and remaining informed about current industry trends, new crime prevention techniques and other resources that may be available outside your immediate geographical area; and
- Joining or starting a peer group -- composed of other security professionals in your geographical area -- to discuss common security issues, and invite representatives of your local law enforcement agencies and retail and wholesale businesses to participate.
Preparing & Delivering
The Annual Security Program Report
The designated Security Officer must prepare the Security Program Report and -- ideally -- he/she should prepare a written version each year. Forwarding a quarterly update to the Board of Directors will help them to remain informed about your security-related activities and your progress.
Regulations don't require that the Security Officer present the Security Program Report personally -- or even that an oral report must be presented. But the Board of Directors should know who the Security Officer is and what he/she does -- and the members should have the opportunity to ask questions and give guidance. Delivering his/her own report will help both the Security Officer and the Board of Directors understand each other's needs.
What The Security Program Report
Following the Security Department's action plan will provide you with the information necessary to develop and deliver a comprehensive report to the Board of Directors. Write your report in a narrative manner -- and use topic headers, bullet points, charts, statistics and lists to help identify important information. Your report should span three years:
- Last year (historical data);
- This year (current data); and
- Your projections for next year.
Although the regulations don't specify what the annual report must contain, the report should logically address security-specific concerns and common issues reported upon by managers of other business units, including:
- Reported crimes by internal and external sources, including losses;
- Potential recoveries, civil and criminal actions;
- Crime trends within the industry overall, and within this geographical area, in particular;
- Suspicious Activity Report filings and circumstances, if that's appropriate;
- Pending new or changes to existing laws and regulations;
- Newly-developed industry security standards;
- Advancements in policies, procedures and technology that are applicable to your loss prevention efforts;
- Risk assessment results;
- Control issues requiring modification;
- Budget requests and accompanying rationale; and
- Needed or anticipated staffing changes.
Make certain that a copy of your report is furnished to each Board member before your presentation meeting. Use the presentation meeting to:
- Inform the Board?s members about your efforts;
- Discuss any concerns; and
- Request the Board?s support for your budget request.
After you have made your report, request that your presentation be reflected in the Board?s meeting minutes so that you can show examiners that you have complied with regulations. If the Board declines one of your requests, restate your request in phases. Also ask that any stated opposition to or denial of your requests is reflected in the Board?s meeting minutes, along with the rationale for declining it.
Your security review becomes one of your most valuable loss prevention tools and developing it causes the Security Officer to focus upon real -- and potential -- liabilities. Writing the Annual Security Program report causes the Security Officer to justify and explain comments and recommendations. Delivering the report to the institution's Board of Directors educates the Board members about security issues.
The Security Officer always serves at the request of the institution?s Board of Directors. The Security Officer is obligated to furnish the Board with sufficient information to allow it to make intelligent and informed decisions about the initial and continuing development and implementation of the institution's Security Program. The Board has a limited obligation to comply with the Security Officer?s requests, however.
First published on BankersOnline.com 1/07
First published on 01/07/2013