Basic Security Requirements - The Written Security Program and Training

The revised rules and regulations required by the Bank Protection Act have placed a greater responsibility on financial institutions, their boards of directors and their security officers/managers.

Good security management begins with sound written security policies and procedures, and adequate training of officers and employees in their responsibilities.

However, many financial institutions are in violation of the security regulations requiring the adoption of appropriate security procedures, the development and implementation of a written security program, and in training.

Often an institution's security manual consists of a hodgepodge collection of meaningless, outdated policies and procedures stuffed in a binder labeled "Security Manual".

A finding by examiners that an institution is in violation of regulatory requirements would typically result if an institution "fails to establish a written security program" or "its written security program is insufficient to reasonably address the objectives set out in the regulation."

If Security Officers focus on developing and administering a written security program, others responsible for implementation will no longer have to second guess security requirements and/or compliance. The well written security program will eliminate doubt regarding response to security issues by making policies and procedures easy to read, understand, and follow.

Remember, a Security Officer's responsibilities are to "develop" and "administer" the security program and to let those in the best position to implement do the implementing of the program.

My suggestions for administering an effective security program are:

Develop a good security manual and distribute it to every manager/department that has responsibility under the security program -, i.e., Senior Management, Auditor, HR Director, Facilities Manager, Compliance Officer, Branch Managers/Security Coordinators and Legal.
Host and participate in regularly scheduled meetings designed to train each person named above in their responsibility under the security program using the security manual as a training aid and guide.
Respond to all security related incidents, and answer security related questions.
Update your manual as circumstances dictate, and make sure the changes are noted by those responsible. Do follow ups as necessary.

It is important to you and the regulators to achieve the desired level of security as intended by the Bank Protection Act and the regulations. It is even more important for the people and assets you are charged to protect.

TRAINING
Employee training is typically at issue in most negligence lawsuits. In avoiding liability, training should be the cornerstone of an effective security program and should address:

Robbery
Your written policies and procedures concerning robbery, burglary and larceny, with particular emphasis on opening and closing procedures, and behavior before, during and after a robbery.

So called "Morning Glory" robbery takes place as the office is being opened for the day. Opening procedures should be definite, understood by all, and strictly adhered to for the safety of the person responsible for opening, and for the rest of the staff. Robbery attempted on opening is not aimed at the contents of a teller drawer, but rather is a desperate attempt at obtaining the contents of the vault.

Prevention of robbery is the responsibility of everyone who works in the office. Employees who are observant, friendly, and who make it a point to greet and make eye contact with people who come into the facility actually can deter a robber. The last thing they want is for someone to be able to recognize and describe them.

Behavior during a robbery: it is most important to:

Stay in control of your emotions - don't panic or do anything that might increase danger to yourself or to others.
Be observant - get a good description
Retain holdup note, if possible.
Give only the amount demanded

After a robbery:

If safe to do so, note method/direction of escape.
Activate alarm only when safe to do so.
Lock all doors and drawers.
Notify local law enforcement and security.
Description forms should be filled out by all - employees and customers.
Don't discuss details of the robbery with anyone except bank and law enforcement officials.

Additional Training
In addition to Robbery Response Training, your programs should also include Personal Safety and Emergency Evacuation Procedures. Personal Safety: The number of hostage incidents has been increasing each year. The training page in the last HOTLINE highlighted some of the ways to protect yourself against the possibility of being taken hostage. There are seven common methods used by robbers to commit "Morning Glory" robberies. Break-in and wait for the first employee to arrive; Seize the first arriving employee; Allow the first employee to enter and then accost and enter with the next one; Enter by use of a ruse (i.e. posing as a delivery person); Grab the employee who goes out to put up the flag, get a smoke, etc.; "Bump" an employee's car on the way to work, and then grab them when they get out to exchange information; Invade the home of the employee and take employee and family hostage there. Becoming aware of these methods helps protect against them.

Emergency Evacuation: Whether the emergency is man made, (such as the threat of a bomb on the premises or a fire), or a natural disaster, (such as a hurricane, tornado, etc.), in most emergencies an evacuation is common and will occur either before, during or after the emergency. You should implement "Emergency Preparedness and Response Procedures", and require fire and evacuation plans and/or drills.

BANKERS' HOTLINE advisor David L. Battle, CFE, is Principal/Security Consultant/Training Specialist with DAVID BATTLE RESOURCES (DBR) - St. Louis, MO, a provider of Security Management, Loss Prevention Management and crime specific seminars, workshops and lectures. Battle serves as white-collar crime's investigator and consultant.