Skip to content
 

Security Officer - Director, is it a Conflict?

Answered by: 
Dana Turner

Question: 
I participated in a recent seminar where BOL Guru Dana Turner was the presenter. He mentioned that there might be a conflict of interest if the bank's Security Officer was also a director. I am in that position and I have discussed this with the Board/Executive Committee and was told today that they had talked with our bonding company and were told this was not an issue. What is the rational for ensuring that our Security Officer should be an employee, rather than a director?
Answer: 

There is no regulation, to my knowledge, that bars a board member from serving as the institution's Security Officer. Strategically speaking, however, board members do not perform regulatory-related tasks themselves they oversee those functions. For example, board members aren't traditionally appointed as the institution's compliance officer, BSA officer, auditor or IT security manager. But board members often serve on committees that oversee the tasks performed by the employees who hold those positions. Depending on the examiner, an institution may be required to separate the person who performs the security function's tasks from other decision-making roles and I support that approach. Here's my rationale:

* The security function is responsible for performing many safety and security-related tasks. Those tasks often involve decisions that must be made on a day-by-day basis. If a Security Officer isn't readily available during routine business hours, many safety and security-related issues may not be discovered and reported. The Security Officer's position should be staffed by an employee who is readily available for consultation and has a straight-line reporting responsibility to the board.

* The security function is responsible for conducting several types of investigations. Those investigations must be conducted impartially and without any potential for a conflict of interest. Otherwise, the results may be forever tainted. A board member who, acting as the Security Manager, may influence the course and outcome of an investigation is, for me, engaging in a potential conflict of interest situation.

* To be effective, it's my belief that the activities of the institution's Security Officer must have effective, third-party oversight. In other words, who watches the Security Officer? Who watches the 'watcher?' Without third-party oversight, an unskilled Security Officer may actually increase operating risk. Or a rogue Security Officer may have the opportunity to ruin careers, commit crimes or damage the institution's reputation. The Security Officer's reputation may also be compromised when events occur that have been engineered by an employee to make it look like the Security Officer was responsible and for which the Security Officer has no defense because of lack of oversight.

* By regulation, the institution's Security Officer must be appointed by the board. It's my belief that the security function, like audit and compliance functions, should be able to operate independently of all other functions while still remaining part of the team. I also believe that filling the position of Security Officer by a board member damages a significant 'check-and-balance' process that may expose the institution (corporate) and Security Officer (personal) to unwarranted risk. An inappropriate level of trust has been the downfall of too many institutions.

First published on BankersOnline.com 2/4/13

First published on 02/04/2013

Filed under: 
Compliance
Security
Filed under compliance as: 
Audit
Employee
Investigations
IT
Reporting
Security
Security Officer
Filed under security as: 
Audit
Employee
Investigations
IT
Reporting
Security
Security Officer

Report a problem with this page

Search Topics