Thanks for your inquiry. And you're right -- this is a very common problem and your auditors were right in citing this issue. Violating existing opening and closing procedures is one of the most serious safety issues facing financial institutions. I suggest that you share this email -- and its admittedly controversial suggestions -- with your CEO in its entirety.
Many operations policies and procedures (particularly those involving internal controls) are compromised because it's inconvenient to abide by them. At most, these violations may result in a financial loss and they're often classified as "business decisions". Willful violations of these types of policies and procedures by any employee or insider places the responsibility for the loss solely with the violating employee.
Willful violations of policies and procedures addressing safety issues, however -- not just "business decisions" -- are much more serious. The violating employee or insider is not only liable for financial losses -- he/she is also liable civilly and criminally for injuries or deaths to any person that may be directly attributed to the violation.
The institution's insurance will not cover losses created by acts of willful misconduct or gross negligence, leaving the violating employee or insider personally liable for any loss. In other words, the violating employee faces loss of employment and benefits, fines, punitive damages and incarceration -- personally, not corporately. In addition, any employee or insider who has personal knowledge of this violation and does not address and correct the violation -- particularly a violation involving a safetyissue -- is likely to be found as equally responsible as the actual violator.
So -- here are my suggestions -- and they're designed to protect you and the institution, and your CEO. Your inquiry indicates that you've already discussed the issue with your CEO and that you've been unsuccessful in changing her behavior. Please consider that these suggestions are those that we'd find in a "perfect world":
STEP ONE -- SIMPLY SUCCESS:
- Meet with your CEO and explain your concerns;
- Review your written opening and closing policy and procedures with him/her;
- Document the results of this meeting in your security files; and
- If you're successful in convincing your CEO to follow written policy and procedures, no other action is necessary.
STEP TWO -- IF YOU'RE UNSUCCESSFUL BUT YOUR CEO IS COOPERATIVE:
- Contact your bank's legal counsel for guidance, advice and support -- and review your written opening and closing policy and procedures with him/her;
- Expect resistance and non-compliance from your CEO;
- With your legal counsel, prepare an "acceptance of personal responsibility" document for your CEO (and all other specified persons who feel that it's necessary to violate a safety policy) to sign;
- Prepare a brief security report outlining the problem and your proposed solutions;
- Print out and personally deliver this email to your CEO during a private meeting;
- Explain the safety issues involved (robbery, kidnapping and extortion), their likely ramifications and your duty to correct them;
- If your CEO insists upon violating this safety policy and procedure -- but he/she is willing to accept personal responsibility for the results of his/her actions, have him/her sign an acknowledgment of your written opening and closing policy and the "acceptance of personal responsibility" document;
- Brief your "opening" and "closing teams" about this procedural variance;
- With your security alarm company, devise an entry plan that allows your CEO (or other specified persons) to enter the facility while under remote video surveillance; to contact the alarm company with a code via telephone; and to recontact the alarm company via telephone after 10 minutes have expired. The CEO will not be considered as part of the "opening" or "closing teams" and these teams will also make certain that the CEO is alive and well as part of their duties; and
- Keep the original acknowledgment in your security files and place a copy of it in the CEO's personnel file.
STEP THREE -- IF YOUR CEO DECLINES YOUR RECOMMENDATION:
- Have him/her write "I decline" across the acknowledgment and your written policy and procedure, date and sign it;
- Immediately place your CEO on administrative leave, pending a review of the safety violations by your board of directors and your legal counsel; and
- Forward a copy of the document to the board of directors for immediate consideration, along with your memo outlining the problem and that also contains your suggestions for follow-up actions;
- Place copies of the documents and a brief follow-up report in your security files and the CEO's personnel file; and
- Await the board's disposition.
Following these suggestions will make your board of directors individually and corporately responsible for addressing the problem. You will have exercised reasonable and prudent care in conducting your business activities -- and you will have done your best to insure the safety of all persons likely to be on the institution's premises. I also recognize that your inquiry and the potential necessity of implementing the suggestions contained in STEP THREE may place you in some occupational jeopardy.
First published on BankersOnline.com 11/5/01