Answer:
Since there is no regulatory requirement to have a "security committee", that decision is really up to the bank. Typically, it would mid-level to senior officers of the bank representing the various divisions of bank operations.
First published on BankersOnline.com 12/03/07