Dana Turner is a security practitioner based near San Antonio, Texas. Dana has served as a law enforcement officer in several capacities -- including the investigation of business and banking crimes -- and he is celebrating more than four decades of crime and financial institution security management.
As a speaker and conference facilitator, Dana has delivered thousands of platform, telephone and Internet presentations. He has designed and participated in continuing education programs offered by state and national banking and credit union associations, state and federal examining and law enforcement agencies -- and state and national security, audit and human resources organizations.
As a consultant, Dana has participated in or led hundreds of projects and assisted in the development and delivery of components of seminars, schools and conferences. As a writer, Dana has written many manuals and books -- and numerous newspaper, trade publication and magazine articles published and distributed both nationally and internationally. Dana is the author of the Financial Institution Security Library and he also serves as one of the moderators in several of BankersOnline.com's Security Forums.
Areas of Expertise:
We are in the process of initiating a customer ID program using "passwords" when a customer calls in requesting a bank balance. We have always been careful when giving out information requiring some type of info from their account. However, with theft identity a serious problem and with our bank expanding into other markets, we want to implement a better program. How have other banks handled the initial set up of an ID program? Should a customer submit a signed form with a password listed by mail if they live out of town? How do banks handle customers who have forgotten their passwords?
Due to the rise in check fraud and identity theft, we are receiving more and more requests for customer and account information from local law enforcement. These investigations may or may not involve a bank loss, and some of the investigations are the result of a customer's police report. Do you know of clear-cut guidelines when we can provide the requested information or when a subpoena or search warrant is required? We want to help stop crime, but I wish not to contact outside counsel every time a law enforcement request comes in.
We are adding cameras in our safe deposit box area. Should we position the cameras to cover the area inside the safe deposit vault or just the outside door? If inside, how do we address the privacy of customers who are accessing their safe deposit boxes?
We have an elderly customer who has a savings account with a fair amount of money in it. She must have Alzheimer's or some kind of mental problem and is very confused all of the time. She never makes any sense in her requests. In fact, her latest request is that we find her a house with water. (We believe she may have even had her water cut off at her home due to delinquent payments, but we don't know.) She brought in numerous social security checks the other day that she has been "saving". They were over a year old, so we sent them to social security and they are supposed to re-issue her new ones. She refuses to have her checks direct deposited and she doesn't want anybody to know her "business". A daughter brings her to the bank, but always waits for her in the car. What should we do about this situation? Try and talk to the daughter? We think she needs a guardian or power of attorney. We don't really have any right to say a whole lot to anyone, but we are concerned for her well-being.
Does a financial institution Security Officer have to be an Executive Officer?
Our bank provides safe deposit customers a list of inappropriate objects that are not to be kept in safe deposit boxes. Does anyone have a process for actually inspecting what the renter is putting in the box? In this age of terrorism, etc.. is there any method/practice to screen what is being put into the safe deposit box? This question was prompted by a branch manager who was asked by a non-customer if they could rent a safe deposit box for a "peculiar container".
In regards to disaster recovery procedures: One of the major concerns in a business resumption plan is the notification process. From past experience, this is the hardest to address. Living in an earthquake area, anytime we experience an earthquake, the phone system does not work. Cell phones are also worthless, due to excessive use. Sometimes the Internet is available, providing power is on. Do you have any suggestions on how I could notify my Crisis Team at a minimum? The only thought I have, is that they would report to a designated location without notification. That could also be risky, if the prearranged location had a great deal of damage.
Isn't it true that we need to have the ID's, Social Security numbers and addresses of the signors on a business account to be compliant with the changes for BSA?
I know I have to let the Board of Directors know when a SAR is filed. I was told all I can tell them is that one is being filed. Is this correct... how does it get in the minutes and what does it have to state?
In an article by Mary Beth Guard entitled <a href="http://www.bankersonline.com/articles/bhv10n08/bhv10n08a3.html">"Do's and Don't's for DBAs"</a>, she mentioned an Affiavit of Sole Proprietorship. I can not find an example of one. Could you please point me in the right direction?