Banks, credit unions, and savings and loans will face unprecedented security threats in today’s increasingly mobile environment. Customers want account access through multiple channels, all of which the financial institution must secure. Add a decade of stricter regulations and banking security departments are spread thin.

With most of the focus on cybersecurity, including new vulnerabilities found in mobile banking, physical security can become the weakest link. Here are the top physical security vulnerabilities within a financial institution, and how to protect your assets.

Bank Robberies, Burglaries, and Larceny

When you think of physical security within a bank, protecting against bank robbery tops the list of external threats. Thieves gravitate to banks because of the perceived notion that they will gain access to large amounts of cash. As a business, your job is not only to protect the assets entrusted to you but also to protect personnel and customers. As a result, training calls for employees to cooperate with a bank robber, making financial institutions appear to be an easy target.

Financial institutions implement procedures and protocols to mitigate losses, increase the capture rate for law enforcement, and discourage future thieves.

FBI records reveal a plateau in the number of robberies committed annually against financial institutions, ranging from four to five thousand attacks and losses of around $33 million per year. Between 2012 and 2016, the number of robberies averaged 4,201, with a 9.6% increase between 2015 and 2016, the latest statistics available.

The Problem:

Employee Implementation Failures Compromise Security Protocols

Banks, credit unions, and savings and loans must put policies and procedures in place that will mitigate and minimize losses due to external theft in the form of robbery, burglary, or larceny. According to FBI records, threats occur in both high traffic and remote locations, due to the perceived availability of money, proprietary information, or customer data.

All banks have protocols in place to deter and protect against external physical breaches. However, in many cases, security gaps exist when controls are not tailored to the specific needs of each location. Companywide policies often fail to mitigate risks effectively at individual financial branches.

Questions that can help you identify gaps in current security protocols include:

  • Are the existing policies and procedures adequate for the risk of each location?
  • Can you effectively reduce losses by implementing new technologies?
  • How meticulously do employees follow current policies and procedures?
  • How do you follow up on lapses in implementation?
  • Is current training adequate to ensure compliance?
  • Do you meet compliance requirements with existing protocols?

Based on a 2016 FBI report addressing bank robberies, burglary, and larceny, institutions impacted often had extensive security measures in place at the time of the attack. However, a high failure rate also existed, which impacted both losses and the ability to recover from both a public relations and financial perspective.

For example, 595 affected institutions had tracking devices in place, yet only 266 functioned at the time of the security breach, producing a 56% failure rate. Other areas including alarms, video surveillance, and access controls faced a gap between having protocols or security measures in place and performance.

The Solution:

Improve Security Checks and Implement Automated Access Controls to Reduce Failures   

Investigate the success or failure of existing protocols to identify design and procedural gaps, which can reduce the failure rate of current systems. When employees do not properly follow company procedures and checks are not in place to identify these failures, the company is at risk of experiencing greater losses in the event of a physical security breach.

Implementing new technologies and upgrading company protocols can improve both the use and function rate of existing security measures and reduce financial losses due to the implementation or operational errors.

For example, when converting keyed teller drawers, office drawers, and file cabinets to Senseon keyless technologies, the auto relocking feature will eliminate security failures due to employees forgetting to relock a drawer containing cash or sensitive data. The low-profile locks built to commercial-grade strength will seamlessly integrate into existing systems, improving overall security and saving money on rekeying costs.

The Problem:

Financial Regulations Require You to Secure Data Housed with Third-Party Partners

It is common practice for financial institutions to work with third-party vendors. The practice can lower the cost of compliance, improve operations, and streamline processes. However, when doing so, you open the door to compliance failures, should the third party experience a security breach. Current regulations require the financial institution to maintain oversight of vendor compliance measures to ensure the safety and security of all customer data.

Whether the partner company experiences a cyber or physical breach, the financial institution may be held liable, from a compliance perspective, when a breach occurs through a third-party vendor, putting the bank’s customer information at risk. Such exposure to liability can offset the benefits or working with an outside vendor when a financial institution fails to take appropriate actions to oversee the security measures in place with the third-party vendor.

A Barack Ferrazzano Client Alert on September 26, 2107, reminded financial institution leadership of this responsibility when it wrote, “If your bank has contracted with the affected credit bureau (Equifax), or if one of your vendors has, some of those millions of consumers could be your customers, for which your bank is ultimately responsible in the eyes of the regulators.”

Regulators require banks to secure customer data and other sensitive information on all physical and cyber locations, including third-party vendors. A bank must protect data found in their personal databases, stored on cloud servers, and found in physical offices. Even cloud storage facilities have a physical location where the company stores the technology and maintain its databases, making the security of physical locations as important as cybersecurity.

The Solution:

Automate Security Procedures at Third-Party Vendors to Eliminate Failures and Ensure Compliance

The two most effective ways to ensure compliance is to automate processes and put checks and balances in place, where automation is not possible. You cannot control the training or quality of the implementation of written policies and procedures at a partner company. However, automated processes, which operate seamlessly, will reduce your risk of being held responsible for the failure to meet regulatory requirements at the site of a third-party vendor.

For example, video surveillance is only good if the feed is in operation at the time of the security breach. Automating the video process ensures it is in operation at all times. Likewise, Senseon’s auto relocking devices, used on drawers, desks, and file cabinets containing sensitive data, will ensure regulatory compliance and could reduce losses and the financial institution’s liability in the event of a security breach.

Conclusion

External security threats to physical locations often take the back burner to cybersecurity threats, because of the volume of losses and bad publicity a cyber breach creates. However, it is often possible to increase physical security and reduce losses due to a security breach at branches and offices without dramatically increasing the existing budget. Closing the gap between putting appropriate policies and procedures in place and ensuring they operate and function at top capacity can reduce losses. Including a more active role in third-party vendor security, which includes verifying the use of proper security measures that align with the standards required by financial institutions, can ensure you remain compliant while reducing the loss of sensitive customer data.

For more on how improved technology can seamlessly integrate into existing systems to save you money, download our whitepaper on the subject or contact us!