The Security Officer's Role, Part V by Dana Turner

What Does The Bank Protection Act Really Mean?
The Bank Protection Act, Bank Secrecy Act and Reg H combine many requirements into one process. They direct the institutions on how to implement security procedures, to file suspicious activity reports - and to comply with the Bank Secrecy Act's rules for currency reporting and recordkeeping.

Security Procedures & Devices
Considering the emerging industry-standard security practices, what your institution should - and in many cases, must - do in order to comply with regulations includes:

Must do: Adopting appropriate security procedures to discourage robberies, burglaries, and larcenies - and to assist in the identification and prosecution of persons who commit such acts. These acts are described as:

• Robbery: Taking something of value from a person by means of force or fear;
• Burglary: Entering a building or a vehicle with the intent to commit a theft or any other crime; and
• Larceny: Taking something of value from a person without the use of force or fear, or misusing something that rightfully belongs to the victim - as in embezzlement.

Should also do: Develop institution-wide strategic practices for addressing all types of events - including both internal and external crimes.

Must do: Having the institution's Board of Directors ensure that a written Security Program for the institution's Main Office and branches (both cash- and-non-cash-handling facilities) is developed and implemented. This means:

• The Security Program must be in writing;
• The Board of Directors must approve it;
• The Security Program must apply to all functions located in the institution's Main Office; and
• The Security Program should not just apply to cash-handling facilities.

Should also do: Develop written program for addressing all types of events - criminal or catastrophic.

Must do: The institution's Board of Directors must designate a Security Officer, who has the authority to develop and administer a written Security Program for each banking office. This means:

• The Security Officer should be issued a written document stating that he/she has been appointed;
• The appointment should be reflected in the Board's minutes; and
• The Security Officer position should have a written position description that contains appropriate duties, responsibilities and authority.

Should also do: Designate qualified assistants for each critical position within the institution, and:

• The Board of Directors should also designate, appoint and train an Assistant Security Officer; and
• Provide appropriate insurance for the Security Officer and all security-related personnel.

Must do: The Security Program requirements include many provisions that may affect institution-wide business operations. This means:

• Establishing procedures for opening and closing for business (e.g., warning signals, minimum number of persons required and special circumstances);
• Ensuring appropriate safekeeping of all currency, negotiable securities and similar valuables at all times (e.g., safe deposit practices, vault controls and inventory procedures);
• Establishing procedures that will assist in identifying persons committing crimes against the institution and that will preserve evidence that may aid in their identification and prosecution (e.g., thorough CIP, identification practices for non-customers, detailed employment background investigations and using appropriate cameras);
• Retaining a record of any robbery, burglary, or larceny committed against the institution;
• Providing for initial and periodic training of officers and employees in their responsibilities and proper employee conduct during and after a burglary, robbery, or larceny; and
• Providing for selecting, testing, operating and maintaining appropriate security devices (e.g., using consultants, vendors and industry-standard specifications).

Should also do: Develop and implement institution-wide policy, procedure, operations and training manuals and programs for each function.

Must do: Install and/or appropriately operate the following security devices and processes:

• A means of protecting cash and other liquid assets - such as a vault, safe or other secure space;
• A lighting system capable of illuminating the area around the vault if it is visible from outside the banking office;
• Tamper-resistant locks on door and windows;
• An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery or burglary; and
• Such other devices as the Security Officer determines to be appropriate - taking into consideration:
  • The incidence of crimes against financial institutions in the area;
  • The amount of currency and other valuables exposed to robbery, burglary or larceny;
  • Distance of the office from the nearest law enforcement officers;
  • The cost of the security devices;
  • Other security measures in effect at the banking office; and
  • The physical characteristics of the structure of the banking office and its surroundings.
  • Should also do: Based upon a comprehensive risk assessment, integrate devices with processes.

Must do: Report at least annually to the institution's Board of Directors on the implementation, administration and effectiveness of the Security Program - in writing and in person.

(This series of training pages is for new or experienced Security Officers. Dana Turner is a security practitioner and author of the Financial Institution Security Library. He is a moderator on BankersOnline.com's Security Forum and a frequent contributor to the Bankers' Hotline. Contact Dana at (830)535-6500 or at danaturner@email.com)

Copyright © 2005 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 14, No. 12, 1/05