One of our branches is staffed with only three people. Our internal auditor makes it four on the days she works out of that office. Because of the low staffing (sometimes there may be only two due to illness or vacation), there is a mag lock installed on the door, where the employees can allow known customers entry. The internal auditor is now inquiring as to whether the other branches should have a policy in place in the event they are understaffed, as well. Hardly ever do we fall into a situation where another branch would fall below three people on the line, should we have a policy?"
At a recent program you were discussing lifelines to staff to report internal fraud or fraud in general. Can you elaborate on this discussion?
"I'm not sure how this originated at my institution, but we close our safe deposit vault at 4:50 p.m. every night. Recently, a customer came in after the vault had been closed, to get in the safe deposit box before 5:00, and was told the vault had been closed. He stated that this policy should be posted. My question is, is it a requirement or a best practice that vaults should be closed well before 5:00 p.m. (or closing) from a security standpoint?"
We had money taken at one of our offices. We conducted a review and released everyone who didn’t follow our written procedures. Yesterday we found that money has been stolen again so we didn’t get the right person. We were told by local police we didn’t perform a proper investigation. What should we do now?
"We had an incident where the robber slipped a note but the teller could not read it. The robber was not wearing any type of disguise so the teller did not initially catch on to the fact that she was being robbed. Have you ever encountered a situation where the note was not legible? How was it handled? We do not want to anger a robber unintentionally by not complying. On the other side, we do not want to offend a legitimate customer by assuming it's a robbery note. How would you approach clarifying their intentions?"