Dana Turner is a security practitioner based near San Antonio, Texas. Dana has served as a law enforcement officer in several capacities -- including the investigation of business and banking crimes -- and he is celebrating more than four decades of crime and financial institution security management.
As a speaker and conference facilitator, Dana has delivered thousands of platform, telephone and Internet presentations. He has designed and participated in continuing education programs offered by state and national banking and credit union associations, state and federal examining and law enforcement agencies -- and state and national security, audit and human resources organizations.
As a consultant, Dana has participated in or led hundreds of projects and assisted in the development and delivery of components of seminars, schools and conferences. As a writer, Dana has written many manuals and books -- and numerous newspaper, trade publication and magazine articles published and distributed both nationally and internationally. Dana is the author of the Financial Institution Security Library and he also serves as one of the moderators in several of BankersOnline.com's Security Forums.
Areas of Expertise:
We have a problem at our bank that we aren't sure how to handle. An elderly, long time deposit customer of our bank has started to withdraw her funds in large amounts. She has been instructed by her lawyer to do this, to prevent her husband's nursing home from taking all their savings. She has withdrawn $9,990 per day for three days in a row. Regulations say a CTR should be filed for mutiple transactions ON A SINGLE DAY. Memos I have read say we should file a SAR for the multiple withdrawals. My problem: we know the customer. We know she is not a drug dealer, criminal or terrorist. She is withdrawing her own money. I feel that our filing a SAR would be a waste of the FBI's time, when they are looking for money launderers and terrorists. Should we file one anyway, to cover our butts? Or can we just note to our files our reasons for not filing.
My bank's corporate office and branch are combined in one office building. The majority of upper management is located on the second floor of the building. The first floor consist of branch personal, loan processing and the collection department. Currently there is one alarm on the first floor, that is used for the entire building. My delima is that upper management would like to have an additional alarm on the second floor and be able to enter the second floor through a back door on the fire escape. I see this as a good way for a morning glory robbery to take place. Not to mention the safety concerns of the fire escape. The first and second floor are connected by an elevator. This would allow a would be robber to accoust someone entering the building on the second floor and gain entry to the first floor via the elevator. Personnel on the first floor would enter the building without knowing a robber was inside. I would appreciate any additional points or statistics you could provide.
Where can I find information on reporting to Board of Directors on Security annually?
Have received an e-mail from someone stating that they have broken our Internet system and will contact our customers if we do not contact them immediately. Of course we did not, but I did notify the Dept of Financial Institutions and they seem to think I should prepare a SAR for this. Can you help me? We have not had any losses, therefore there is no information to report on the SAR.
What are the major problems for police investigators after a bank robbery, and different ways to prevent future robberies?
How can bankers develop more effective passwords instead of the usual four characters they're using now?
Dana, I understand you have a sample confidentiality agreement. We currently have one that our attorney prepared, but have some difficulty with some service providers refusing to sign the agreement. Obviously, they are being dropped if they are not willing to comply. Many object to the stringent terms that were outlined by the attorney. I would like to make a comparison between yours and ours.
Are Safe Deposit history cards necessary?
Can you give us some guidance on what our policies should be regarding retention of email, both sent and received? We have some employees who never delete anything, with the result that their email boxes crash occasionally. Lots of emails are just one sentence long and don’t really mean much. How do you decide what to keep and what to delete? Do you recommend printing out emails for retention purposes? Are there programs that allow you to search emails across a network?
There have been four low dollar, low key bank robberies at asmany institutions in our community since mid December. Each time the bad guycomes in, passes a note asking for between $1,000 and $2,000 in $20s countedout before him (to avoid the dye pack) and claims he is listening to ascanner so don't trip any silent alarm. He is in any institution less than50 seconds. Even though each institution has pictures of him and knows hisM.O., because of his quickness, he is never caught. Many of the robberieswe hear of state that the bad guy demands "no dye pack" to the point wherewe feel it is an ineffective security device. In my 15 years of bankingexperience, I know of only one instance where the banks I have workedhave successfully planted the dye pack on the bad guy. A new employee tothe bank was telling me of a paper-thin tracking device that is embeddedinto a bill and is activated similar to the dye pack; when the bill ispassed before an electric field. Are you aware of such a device and do you know of any contacts where I might start evaluating the cost of this type of device?