NCUA LETTER TO CREDIT UNIONS |
NATIONAL CREDIT
UNION ADMINISTRATION
|
DATE:
July 2002
LETTER NO.: 02-CU-12
TO: Federally Insured Credit Unions SUBJ: Security Program ENCL: Security Program Considerations The tragic events of September 11, 2001 and subsequent efforts to improve homeland security have taken much of our focus and attention in recent months. However, despite the critical nature of this undertaking, it is still very important that credit unions not lose sight of physical security considerations. Robberies in credit unions have more than doubled in the last 10 years, and during 2001, 510 credit unions were robbed. Among the risks a financial institution faces, robbery is one of the few that also carries the potential for personal injury. This possibility underscores the importance of a well-structured, effectively-operating security program. Regulatory Compliance Part 748 of the National Credit Union Administration’s Rules and Regulations requires each federally-insured credit union to have a written security program. The regulation requires the security program be designed to protect credit union offices, ensure the security and confidentiality of member records, assist in identifying persons who commit or attempt crimes, and prevent destruction of vital records. The chairperson of the credit union’s board of directors is required to certify compliance with Part 748 each year. The statement of compliance is provided at the bottom of the Report of Officials form that is submitted annually to the regional director following the credit union’s election of officials. In the case of federally-insured state-chartered credit unions, this statement can be mailed to the regional director via the state supervisory authority. The responsibility for providing adequate safeguards to discourage robberies, burglaries, and larcenies and assist in the identification and apprehension of persons who commit such crimes is important, and this certification should be carefully considered each year. Security Program You should periodically (at least annually) review the written security program and ensure it is comprehensive in providing for protection of physical assets and personnel. When reviewing your security program, consider items that are beyond the basic concerns. For example, if your credit union provides the service of safe deposit boxes, there should be a specific security program that addresses the specific risks associated with this service. The following items should be considered in formulating or revising a security program:
Security Devices Just as electronic advancements have increased the protection capacity of security systems, they have also increased the power of anti-security devices. Officials and staff should consider replacing outdated devices and installing any needed equipment. Consideration should be given to:
Risk Considerations All considerations, beyond those required by law or statute, should be based on the potential for risk. The following considerations should be given when implementing a security program and evaluating security devices:
Post-Event Procedures Not all crimes can be prevented. Despite the installation of security devices and the development of security programs, robbery and burglary are inherent risks in financial institutions. Thus, it is important to have an established set of emergency procedures in the event a crime occurs. As with most forms of emergency preparation, the more you consider when developing your written policies and the more frequently you test the written procedures, the better prepared you will be in the event the situation occurs. Emergency preparation programs and training should include notification procedures, evidence control (in the case of a crime), property control, news media communications, and member inquiries. Training Information Above all, the need to provide training to staff is crucial. Inadequate employee training could easily nullify the most comprehensive and detailed security program. Not only does proper training reduce the chances of the occurrence of a robbery or burglary and increase the chances for recovery of stolen assets, it significantly decreases the likelihood of the occurrence resulting in physical harm to your employees. Many forms of security training are available for both officials and staff. Credit union leagues and various consulting firms offer written guidance and training seminars in developing a successful security program. This information covers many situations including bomb threats, burglary, robbery, disaster recovery, emergency procedures, evacuation procedures, criminal identification practices, extortion threats, and emotional response training for post-trauma situations. Program Maintenance Attached you will find a list of questions regarding security. You may want to use these questions as a starting point to identify any potential weaknesses in your current program and as one of your assessment tools when you perform your periodic program review. During your security assessment we recommend you consider the trends in financial crimes, the constant innovations in technology, and the changes occurring within your credit union (branches, ATMs, safe deposit boxes, etc.). If you add or upgrade security devices or procedures, make your efforts visible and convincing. Emphasizing your efforts could possibly thwart a would-be robber, and it will provide an increased sense of security for your members and your staff. I encourage you to please take this opportunity to seriously consider and address the potential security risks which exist for your credit union and staff.
Sincerely, /S/
Dennis Dollar Enclosure Security Program Considerations1. Has the board of directors designated an individual who is charged with the responsibility for the installation, maintenance, and operation of security devices and for the development and administration of a security program that protects the assets and records of the credit union? 2. Has the security officer surveyed the need for security devices in each of the credit union’s offices and provided for the installation, maintenance, and operation of:
3. Is the credit union’s security program:
4. Does the credit union’s security program provide for:
5. Are currency, savings bonds, travelers checks, and other similar items kept from public view? 6. Is there fixed responsibility for control of keys to office buildings? |