The Security Officer's Role, Part 1
by Dana Turner, Security Education Systems
Are you your institution's Security Officer? If you are, your primary duty is to develop and administer a written Security Program for your institution. This is not an option - it is a regulatory requirement. And even if it wasn't a requirement, initiating and maintaining an effective Security Program just makes good business sense. The Security Program should combine procedural security techniques with physical ones.
Security isn't just about alarms, robbery procedures and filing Suspicious Activity Reports. Security is the evolutionary process through which we provide a safe and secure environment for our employees to work and our customers to do business. While you don't have to be a full-time Security Officer to be professional, you do have to be a professional Security Officer - regardless of how much time that you can devote to the role. And no one person needs to perform all of the security-related tasks within the institution. As long as there is an appointed and authorized Security Officer, he/she can delegate the performance of necessary tasks to several people - both employees and contractors, if it's necessary - and simply monitor the results.
Do you work for an independent, community financial institution?
If you do, the FBI and other law enforcement agencies have warned you repeatedly that institutions such as yours are the primary targets for robbers, money laundering offenses and counterfeit check schemes. Your institution is at a greater risk to these losses than are larger institutions located in metropolitan areas.
Independent, community institutions generally operate with slim staffs made up of people who have many - and often conflicting - duties and responsibilities. Loss prevention, security and operational risk management practices are often overlooked or sacrificed because so many other things are considered more important. The Security Officer who works within this type of institution frequently has no more than an hour or two a week to dedicate to "working security."
Are you a full-time Security Officer?
If you are, you may be following the emerging industry-standard guidelines - one full-time Security Officer is needed for each institution that maintains a combined total of fifteen branches and departments. In other words, if you are responsible for providing security services for fifteen institution components (a combination of cash-handling facilities and departments), you have plenty of security-related tasks to keep you busy.
Many Security Officers are restricted to providing security for branch (cash-handling) operations only. But industry-standard security practices should be applied to every department, function and facility within the institution. Special attention should also be given to those activities that traditionally contribute to the greatest losses - the institution's data processing, lending, contract and purchasing functions.
What are "industry-standard security practices?"
The three (3) most common descriptions used to categorize policies, procedures and practices are:Industry standard practice: A practice or technique that is used by most of the businesses within a specific industry;
Best practice: A practice or technique that will be applied universally in the best of all worlds; and
Appropriate practice: A practice or technique that works.
Industry-standard security practices aren't created or recognized overnight. Like "security", these practices evolve over time - and generally through the "trial and error" process. Unfortunately, many of these practices remain in use long after they should have been amended or terminated. The financial services industry is full of practices that are conflicting, outdated or that need improvement. The Security Officer can play a vital role in determining which of the institution's security practices are still appropriate, which need updating, or which ones need to be terminated.
Each of the examining agencies has developed requirements and guidelines for developing and administering the financial institutions' security practices. The emerging industry-standard practice is that banks, thrifts and credit unions should all follow the guidelines developed for banks - in addition to their own regulator-specific requirements.
The material on these training pages is based upon the Bank Protection Act (an Act passed by Congress) and Regulation H (a FRB regulation) as models. The verbatim regulations that address security requirements for all types of financial institutions may be located on www.BankersOnline.com.
The Bank Protection Act and Regulation H require that the board of directors of each institution insures that:
- A Security Officer has been appointed to manage the Security Program;
- The Security Program is available in written form;
- Each facility is equipped with appropriate security devices;
- Appropriate security policies and procedures have been developed and implemented to discourage robberies, burglaries, and larcenies - and to assist in identifying and apprehending persons who commit such acts;
- A training program is developed for and delivered to officers and employees about their responsibilities under the Security Program and in proper employee conduct during and after a robbery, burglar or larceny; and that
- The Security Officer report at least annually to the board of directors on the implementation, administration, and effectiveness of the security program.
There are at least three significant problems that the Board of Directors will likely encounter, as it develops a strategy for selecting, training and supporting the Security Officer:
- Selecting the most appropriate person to fill the Security Officer position;
- Training the Security Officer appropriately so that he/she can perform his/her duties in a professional manner; and
- Supporting the Security Officer with the appropriate amount of time, resources and money - not just to fulfill regulatory requirements, but to also address a professionally-run Security Department's priorities.
Editor's Note: Our next few training pages are for the Security Officer - whether new or experienced. Dana will describe exactly what your duties are and what your liabilities and responsibilities are. If you have questions, he can be reached at 830-535-6500 or at email@example.com
Copyright © 2004 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 14, No. 8, 10/04
First published on 10/01/2004