Printer Friendly

Banking on security's future.

THINKING ABOUT THE FUTURE AND making predictions can be an enjoyable and stimulating intellectual challenge. As the turn of the century approaches, many predictions about our society will undoubtedly be made. Banking, because of its volatility and the rapid changes it has experienced, would be an interesting subject for predictions. As banks change, so do the security services they require. These changes win have a profound impact on who is hired to direct security operations and the type of personnel needed to support security plans.

Bank Administration Institute undertook examining future developments in the major bank disciplines. The focus of the project was to determine what factors would be the most significant in shaping the future of each discipline and in determining how that discipline would evolve. The security commission, a panel of bank security experts from some of the largest and most influential banks in the country, formed the basis for the research into bank security. Each analysis of bank security became part of the larger Century Project study.

Many forces will affect how bank security evolves in the next 10 to 15 years. The following categories are the most significant of these forces:

* banking's evolution

* technological advances in banking and security

* crime trends in society and against banks

* legislation and regulations relevant to the industry

* how security itself defines its role

* how bank management defines security's role

Each of these influences was analyzed with the current situation serving as a base. The final analysis is a profile of what the field of bank security will be in the future. Examining the future in this way highlights opportunities that might be missed otherwise. Security can be better served if the leaders in the industry become agents for positive change rather than recipients of passive change.

For many years banking was rather simple to define-money was taken in and invested through various types of loans, and the dividends earned became interest payments to account holders and profit for the bank. Because few bank services or products existed, a bank's exposure to crime was somewhat limited.

Banks are not like that anymore. Their internal structure and driving force is more similar to a sales organization than a financial institution. In this period of rapid entry into new markets and business enterprises, banks have moved from being stable and conservative to being risk takers. New products and services are introduced to capture a share of the market. Competition among banks and other financial institutions is intense, causing a greater opportunity for losses through fraud and embezzlement.

Security and control had become institutionalized in the older system of banking. Banking was almost synonymous with security. Bank buildings reflected the importance of security through facility design. Tellers were enclosed behind tall counters with bullet-resistant barriers or a teller cage. New bank buildings bear no resemblance to this. Bullet-resistant glass in bank buildings is unusual except at the drive-up window. Existing high-security teller lines are being systematically replaced to reflect the greater desire for openness and direct contact with customers. Tellers are not bank service providers. Tellers are salespersons and their work area has to be conducive to the sales effort.

Going to the bank had traditionally been a special trip that separated banking from other retail-oriented outings. As banks shift away from traditional forms, the location and style of the bank has also changed. The bank has become part of the retail shopping trip. As this trend continues, branch banks will become smaller and perhaps only a counter in a shopping mall or department store. Branch banks that continue will be smaller neighborhood locations where face-to-face contact will be facilitated. Back-room support operations will be centralized away from the branch banks.

Banking is greatly affected by national and global economic trends. As foreign economies grow and the balance of trade shifts, the dominance of foreign banks within our economy increases. With the added pressure of mergers and acquisitions we are likely to see larger banks with foreign owners. Middle-sized banks are likely to disappear from the market as they will likely be bought by the giants. The traditional community bank may be unchanged. These banks will continue to meet the needs of a traditional market in rather traditional ways. Big banks, on the other hand, will become increasingly more reliant on electronic delivery systems.

Bank security has been primarily focused on physical security because of the Bank Protection Act of 1968. As the trend towards openness and consumer sales increases, security will have to be less visible. The types of security systems used must be more discrete. Providing security within a facility that is neither controlled nor operated by the bank will have to be addressed. Securing a teller location in a retail shopping store or mall is not the same as securing the traditional bank building. With greater public access, security will have to contend with robbery's impact on people outside the bank. A robbery of a teller location at a retail store can have serious consequences for the bank if shoppers are injured.

The new trend in banking to create new products and increase sales has resulted in a diminished interest in controls. Product managers thinking of the possible income from a product may not give full consideration to necessary controls. In the process of getting a product to market, security may not have been consulted. Product managers may also knowingly accept a higher level of risk in a venture to get the sale and fee income. A higher level of risk increases both the potential for fraud and the probability of failure.

BANKS HAVE TRADITIONALLY BEEN heavily reliant on technology. More Band more banking functions reside with computers and less on paper systems. Transactions exist as electromagnetic charges on computer media. When a deposit is made at a bank, the money represented in that transaction is changed into an electromagnetic wave and is communicated to a host computer for processing and storage. The trend toward full automation will increase as paper transactions and the staff needed to support them become too costly.

As customers have greater access to banking services through electronic systems, the verification of identity will be more important. Current estimates for ATM fraud are in the neighborhood of $40 million nationwide. The greatest majority of these losses result from lost or stolen cards or the unauthorized use of ATM cards.' With proper verification of identity, these losses could be reduced by as much as 75 percent. Reliance on magnetic cards as identification does not provide sufficient security. With the need for increased account security and correct identification, biometric technology will become more important.

As crime follows opportunity, so will come greater numbers of electronic bank crimes because of the greater reliance on electronic banking systems. The complexity of information systems and networks may create unknown system and operational weaknesses that can be exploited by criminals. Personnel who have the requisite computer and investigative skills to handle the difficulties of a computer crime are not available. Bank security officers may not be knowledgeable enough in information security techniques and technology to be able to develop a strong security effort. With the tremendous amount of money lost each year through fraud and embezzlement, bank security needs to become more involved and expert in information system security.

If electronic systems represent the greatest threat, they also provide the best opportunity for reducing fraud losses. Experimental systems are currently being used that monitor account activity for signs of fraud or suspicious activities. With the current size of banks and the number of transactions, it is beyond human capabilities to monitor effectively for fraud. Expert systems will be built that will notify security when a suspicious pattern is detected. Investigative personnel from security or audit will be able to focus their efforts on cases where there is a high probability of fraud, which will result in earlier detection of crimes and a reduced loss exposure.

Alarm and surveillance systems have been the traditional mainstay of bank security. Technological changes in alarm, video, and communication systems will have a great impact on physical protection. The rapid restructuring of the industry through mergers and acquisitions is already having a major impact. Bank security officers are finding themselves faced with the problem of managing duplicate central stations and incompatible hardware. Even worse, some of the alarm systems may be so outdated that the devices are no longer UL listed. However, this situation also creates an opportunity for system modernization and incorporation of some of the newest technologies into the security plan.

Banks with operations spread over the country may choose to monitor all alarms nationally from one central station or to have a third-party vendor monitor their alarms. This latter option may be more economical than staffing and supporting a central station. If the decision to keep the monitoring function in-house is made, duplicate alarm and computer communications lines will be reduced as alarm and video signals are routed over communication lines managed by the data center. Backup of these lines will be possible through alternate routing and cellular links.

Government efforts to combat the increasing incidence of crime resulted in the passage of the Bank Protection Act in 1968. Twenty years after the passage of the act there is little consensus among bank security officers that the act has been effective. The targeted crimes--in particular robbery-have continued to soar despite the increased level of physical security.' The real threat to banks today is not robbery, which in 1988 accounted for losses of $46.9 million, but fraud. Fraud losses that same year reached $2.2 billion,' a figure representing the total losses in FBI cases closed during 1988. The true figures--including cases not discovered, not reported, and either not prosecuted or prosecuted locally-would be much higher. The greater damage to the banking industry comes from the fact that in the 17,057 fraud cases closed, 63 percent were cases of insider fraud and embezzlement.

To achieve the maximum effect, bank security managers need to deploy their resources where they can have the greatest benefit to the institution. With fraud and embezzlement reaching crisis proportions, investigations and fraud prevention should be the primary focus of security. Security should move from a primary preoccupation with physical protection systems to developing loss control plans. In addition to providing investigative services, security needs to be involved in the process of product development. Providing security after the fact is not as efficient or effective.

With the passage of the Bank Protection Act, many banks decided to appoint a current bank officer to the security position. That person was to ensure compliance with the act in addition to performing his or her regular bank duties. Even today, in many banks, the security officer fills a part-time position. In many instances having a part-time officer was sufficient since law enforcement was available to fill the void. If there was a problem, federal agents or local police could be called on to complete an investigation and solve the problem. Today, with strained police budgets, this assistance is not available. The police do not have sufficient resources to solve problems that many times were created by the banks themselves.

If crime conditions do not change, the importance of physical security in banking will decrease. Security will be working to solve the fraud and embezzlement problem. Crime as we know it now may be different as we approach the turn of the century. A study aimed at predicting future crime and law enforcement trends says terrorism will emerge as a major US problem by 1995. In addition, at the turn of the century, civil unrest and riot is predicted for urban areas. Both of these would make it necessary for banks to increase physical security in terms of personnel and systems. In the competition for security budget dollars, it is difficult to predict which area would get the most attention, given tight security spending. In the current structure, investigative efforts frequently are set aside if money is needed for mandated physical security expenses. This has even been true when investigative units returned several times the cost of running these operations through fraud recoveries.

Federal regulations and legislative enactments have already had a dramatic effect on security in financial institutions. Legislation created the security officer position. Unfortunately, when the position was created, the security officer was not given much status. Now the Bank Protection Act is being revised to give the security officer real power in the industry. This effort comes at a time when charges are being leveled that the deregulation of the banking and savings industries has allowed unscrupulous owners and investors to milk some institutions dry for their own benefit.

Regulations and compliance may have an indirect effect on bank security. Certain regulations have been created to protect consumers and although consumer protection is a positive step, these regulations also create opportunities for crime. The Expedited Funds Availability Act-which shortened hold time on checks-was a major aid both to honest consumers and check kite artists. Unfortunately, banks are being hit with increased check fraud losses since the passage of that legislation. Security managers need to be aware of legislative activity and compliance issues affecting banks, understand the requirements of the acts, and be cognizant of opportunities for fraud the acts may create. Monitoring these losses and making management aware of potential and real problems while also being ready to take investigative and legal action against criminal exploiters, is an essential part of a security manager's job.

Ironically, compliance creates opportunities for civil and criminal charges against banks and bank management. Compliance for banks is so complex, and the changes so frequent, that many banks have a full-time compliance officer who monitors changes to regulations to ensure bank compliance. In some cases criminal charges can be placed against bank officers for failure to comply, particularly in the case of currency transaction reporting requirements. Additionally, the government is looking to banks as sources of information and points of control for many illegal activities. As government agencies require more information about customer transactions, banks take on an added burden of maintaining a reporting system.

With mergers and acquisitions on the rise, many security directors and officers have found themselves out of work. With tight security budgets and cutbacks, security staffs have been trimmed. Many security managers may feel they are not treated as managers and professionals and that there is little interest in the services they can offer. As crimes against banks increase, security managers want the freedom to use their tools and techniques to reduce losses. They want to present solutions to senior management but are frequently stopped from doing so because of a reporting structure that may place them too low. Out of frustration talented security managers leave their positions for other industries or move to other banks with the hope that they will be given an opportunity to work on the big problem.

The isolation felt by security professionals in banking is probably no different than that experienced by security personnel in a great many business areas. Too frequently the security director is viewed as the chief cop and not as a member of the management team. The security director should first be a manager whose expertise is loss prevention. He or she also needs to be part of the management team, using this expertise on business problems. Many times security is criticized for not understanding business. To make up for this deficiency some institutions have replaced the security director with someone from the mainline business area.

Security is suffering from an identity crisis. When security directors get together it is not uncommon to find that none share the same reporting structure within a bank and no two have the same responsibilities. Security can and does report through a variety of organizations-including human resources, audit, property management, and operations. Some security organizations are limited to physical security, guard management, investigations, fraud prevention, or information security. Other security departments have nothing to do with alarms and surveillance cameras because they are considered a property administration function. In many large organizations, physical security is separate from investigations, which then becomes part of the audit department. Security rarely performs any function that has not been and is not performed by some other department.

Security's placement within an organization's reporting structure often determines what security will be able to achieve. If security is placed too far below senior management, selling any proposal will be an uphill battle. Placing security within the context of building management limits the ability of security to deal with fraud and embezzlement.

The philosophy and management style of a security director's supervisor also influence the effect security will have. Some managers realize security is a unique management discipline and will allow the security director free access throughout the organization as long as they are kept abreast of problems and plans. Other managers are more control-oriented and want to oversee the total security program, taking any proposals and programs personally up the chain of command-an approach that limits security's ability to sell programs. With competition for resources and senior management pressure, security's ideas may not get the best or most forceful presentation.

As banks become more oriented toward the competitive selling of products, a movement to bring business costs to the lowest level has developed. Each business line is evaluated on its performance, and business managers are judged on the performance of the lines they manage. In this environment all costs must be factored into product performance. For example, bank card operations wants to control bank card investigations, further fragmenting the security effort. Internal bank security services are in direct competition with outside service providers. In this competition the quality of service may not be given the same weight when cost is considered. Two possible scenarios can be postulated for security organizations within banking. The first is that security as a central organization will cease to exist and it will be divided among management groups as a function of product offering. Services will be contracted out or will be provided through internal specialists assigned within the individual business unit.

Another alternative is that as bank problems increase and become more technical and complex, security organizations will change to respond to these challenges. A centrally administered security organization will exist within banking and will manage the various components of an integrated security program. The director of security likely will have an advanced degree and will be more analytical in his or her approach.

The second scenario has the most potential for adequately addressing the complex and multifaceted problems of bank crime. To gain senior management support and a position in the reporting structure, security management will have to change. Security needs to be identified less as the bank police and more as risk and loss prevention managers. As security becomes integrated into the bank management structure, the position of security director may become part of a career path. Instead of hiring a retired federal agent or local police chief who looks to bank security as a second career, the security director should come from within banking. The director will not be highly involved in the craft of bank protection and investigations but rather will manage highly specialized and technically proficient security professionals.

As part of the bank career path, security will be included more frequently in management education programs in which trainees rotate among the various banking disciplines. Through this process management will become increasingly aware of crime and security, which will translate into an increased importance and effectiveness for security within the organization.

As electronic banking systems play a more important role in banking, security will attract specialists with a technical understanding of information and communication systems, investigative techniques, and the electronic media. As banks automate, more investigations will involve computer systems. Police agencies will not have sufficient personnel with this specialized training and banks will have to assume responsibility for crime investigation and case preparation for prosecution.

The role of security within banking will be more closely identified with that of a consultant than a service provider. To achieve this position security personnel and management will need to be more analytic in their approach. They must be able to integrate the problems of loss exposure and product performance. As a service, security will build highly effective information systems that will monitor product performance for evidence of fraud. Prototypes of such systems have been implemented in the credit card industry. As the move is made toward a cashless society, no distinction between credit cards and cash cards like the ATM card will be made. A plastic card will represent a person's total assets, including cash, investments, and a credit line.

Bank security will not be able to work in isolation. If complex automated monitoring systems are available within the bank, similar information systems will be available on a regional and national level. Because of the sophistication of electronic crime, criminal specialists will specifically target banks. For effective action against these international criminal groups, banks and other financial service companies will have to work together. The government may support these efforts to some extent, but the development and maintenance of these information systems will primarily be borne by the user community.

The prospect for bank security can be one of doom or significant advancement. By examining the prospects and challenges currently evolving, the industry can either manage these forces for change or become silent partners in the future. Building for the future means involvement in areas where security can have the most impact-it also means the current industry leaders need to develop the necessary skills within their staffs. With a firm base and the right development in security and risk management basics, managerial expertise, and technical competence, security professionals will become valued business partners with business.

About the Author . . . Ronald K. Hale is research manager at Bank Administration Institute. He is a member of ASIS.
COPYRIGHT 1990 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:how security operations will be affected by future developments in the banking industry
Author:Hale, Ronald K.
Publication:Security Management
Date:Mar 1, 1990
Previous Article:Getting the goods on the bad guys.
Next Article:When it's not "on the house." (employee theft in the food service & restaurant industry)(includes related information)

Related Articles
Allegiant Announces Completion of Guardian Savings Bank Branch Acquisition.
First Mutual Bancshares Completes Stock Buyback Transaction; Company Repurchases 20% of Shares Outstanding.
First Mutual Bancshares Completes Sale of $4 Million of Trust Preferred Securities.
Allegiant Bancorp, Inc. Announces Offering of Common Stock.
Allegiant Bancorp, Inc. Declares First Quarter Dividend.
Allegiant Bancorp, Inc. and Allegiant Capital Trust I Announce Second Quarter Dividend on Trust Preferred Securities.
Allegiant Bancorp, Inc. and Allegiant Capital Trust II Announce Second Quarter Dividend on Trust Preferred Securities.
Allegiant Bancorp, Inc. Declares Third Quarter Dividend.
First Mutual Bancshares Completes Sale of $4 Million of Trust Preferred Securities.
Finacle from Infosys Unveils Finacle 10 - The Next Generation Solution for Banking Transformation Infosys bets big on Finacle, invests $60M.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters