Robbery, Burglary, Embezzlement, and Cyber Theft, Oh My!
With all the emphasis on loan losses and capital reduction, it seems that banks have paid less attention to losses from robbery, burglary, embezzlement, and internet theft. Losses in these areas can financially cripple a bank. But you have insurance to protect you from these types of losses, right? Maybe, but not having these losses in the first place is better, and that’s where loss controls come into play.
Robbery losses are limited to the amount of cash in the branch, right? Wrong. If a customer is injured in the course of a robbery, the resulting lawsuit could be devastating. When was the last time you really looked at your branches? Are they clear of shrubbery where robbers could hide? Does each branch have an “all clear” signal for opening the branch? When was the last time the signal was changed? When was the last time you reviewed the proper procedures for a robbery with your tellers and branch officers? What about closing procedures? Does everyone exit the same door? Is there a “peephole” in the back door?
What loss controls are in place once the branch is closed for the day? Does your alarm system cover just your vault or your entire premises? Is the branch well lit at night?
While a good deal of attention has been given to embezzlement in the past, it seems bank management has relaxed their vigil as of late in this area as well. When was the last time you reviewed your dual controls? Are you relying too much on your computer system to catch suspicious activities? What about enforcing the 2 week, or 1 week over two weekends, vacation rule? Even the regulators want you to enforce this rule. Are you keeping track of loan documents and number of loans made? What about surprise teller cash counts? Are you getting a little too predictable on your timing of these counts?
Then, of course, there is the internet theft exposure. Yes, I know, you have all those firewalls and other protection. See if your teenager can hack into your system. You might be surprised. If you are relying on the company that installed all this protection for the bank to make good on any losses, you might want to look at that service contract again. Most of these contracts have some very tight hold harmless agreements in them. The Bank is usually holding the security company totally harmless for any loss or the maximum liability of the security company is limited to the total cost of the contract. The Bank’s own insurance probably has clauses that are affected by not following proper loss controls. For example, most Bond companies will deny a legitimate loss in the wire transfer area if proper “call back” procedures were not followed.
The final “insult to injury” is the lawsuit from stockholders against Bank management for the Bank suffering a major loss because they did not follow “industry standards” for loss controls.
Yes, it is difficult to keep track of all systems all the time. But, an annual review of your loss control program on an annual basis will result in effective loss controls and reduced losses for your bank.