Regulations safeguard bank security

Banks are where the money is and although online banking has reduced customer visits to the bank, the brick-and-mortar branch bank is here to stay and remains a crucial component of financial institutions. Taking the U.S. for example, a survey by consulting firm Novantas2 showed that the branch remains the preferred sales and service channel for opening accounts (75 %), getting advice (58 %), and buying financial products (62%). In other words, bank customers are not ready to phase out brick-and-mortar banks to migrate completely to the virtual banking world.

For the security industry, opportunities come from several areas. First, the upgrading of legacy systems in surveillance, access control, and alarms offers plenty of business opportunities. Next, mergers and acquisitions in the financial sector also represent business opportunities as corporate policies on security might have differed and would now have to be unified or brought together under the expanded corporation. Finally, like every other sector, the financial sector faces changing threats and security systems need to be upgraded to adequately address new challenges that include sophisticated crime organizations armed with state-of-art technology.

Hence, the security market in this vertical is still very much present. System integrators, however, need to understand the specialized needs of the financial sector, such as dealing with large sums of cash and being subjected to robberies and fraud on a daily basis.

GOVERNMENT REGULATIONS
In financial transactions, every transaction is akin to a legally binding action. Every piece of document and security footprint serves to legitimize the transaction, such as the withdrawal of money by a specific customer that took place. Coupled with the daily risks of robberies and fraud, bank security systems are often subjected to government regulations. The experienced system integrator would have to ensure that all minimum requirements are met.

At the same time, there are corporate policies on security that need to be taken into account. In other words, when designing a bank security system, banks would consider their corporate policies, in addition to government regulations. These are then assessed against local security conditions to determine the level of security necessary and the systems that are to be deployed. With regards to government regulations, some banks will undoubtedly simply adhere to standard government regulations, while others will exceed them depending on corporate policies and perceived threats.

Regional Differences in Legislation
Manufacturers are well aware of the differences in government regulations. “Within the European Union, each country has its own approach in terms of the legal requirements for bank security. In Germany, for example, bank security is covered by health and safety regulations, which are relevant for all workplaces dealing with a certain amount of cash. So while this applies to banks, it may also be appropriate for the money-counting room in a huge cinema,” said Stephan Beckmann, Product Marketing Manager of EMEA at Tyco Security Products.

While the overarching main document in the U.S. for banks to follow is the Bank Protection Act, there are other regulations, including state stipulated ones. “The Bank Protection Act is the main document that must be followed, but Regulation H from the Board of Governors of the Federal System also governs membership of state banking institutions, including describing a member bank's obligation to implement security procedures to discourage certain crimes,” mentioned Chris Mullins, North American Inter-Company Sales Manager — Banking and Financial at American Dynamics (Tyco Security Products).

Security Equipment Requirements
Each region has its own regulations pertaining to physical security installations, such as equipment standards and storage requirements. “In Germany, video hardware such as cameras and NVRs must be UVV-Kassen certified, which is the health and safety standard,” said Beckmann. “When looking at regulations regarding camera types and locations, there are test charts and testing procedures that an UVV-Kassen compliant camera installation has to pass after the installation. For instance, the picture quality for the camera at the cash desk must support proper identification of individuals, while other cameras must provide an overview of the scene,” added Beckmann.

In Asia, banks in Hong Kong are required to have bulletproof windows, while armed guards are employed at Singaporean banks. On the other hand, although banks are permitted to apply for armed guards in Taiwan, most banks do not feel the need to do so, based on risk assessments of local conditions. In other words, while there are government regulations, some clauses may not be mandatory and banks have the flexibility to adjust accordingly to their risk analysis conclusions. Hence, the security solution deployed depends on a combination of factors that include corporate policy, government and insurance regulations, lifestyle determinants, and preferred equipment.

Storage Period
Video storage length is regulated by law and varies vastly between countries. European countries tend to have stricter privacy laws. “Countries such as Austria, Germany, and France limit the maximum length of stored video to a few days, but for banks, incident-related footage must be stored longer — at least 10 days or until it is released as a protected partition of the video system,” mentioned Beckmann.

Across the Atlantic pond, “some local jurisdictions impose their own specific regulations, such as the New York ATM lobby law — the ATM lobby has to be fully covered for video so there is no dead space and there is adequate resolution,” noted Mullins. “In Maryland, there exists a regulation that ATM video has to be kept for 60 days, although a general rule of thumb is usually 90 days,” Mullins added.

In China, where there are more explicit regulations, recorded video from around ATMs and behind the teller lines are stored for three months. The storage period for other areas of banks, such as waiting areas and halls, is one month.

As most banks have overseas branches, some may choose to unify video storage policies across their branches.

Intrusion Alarms
Intrusion alarms are the first line of defense when unauthorized people attempt to access bank zones with malicious intent. In Europe, the EN 50131 standard is driving the adoption of video-enhanced verification, which aims to combat the false alarms issue common with traditional alarm systems to enable more effective, faster police response and save the customer from paying fines incurred by false alarms. The EN 50131 sets a grading system for installations and guides the prioritizing of responses from local law enforcement. The choice of the grade level varies between countries and is largely guided by insurance companies. The deadline for mandatory adherence also varies between countries, but 70 percent of the market in Spain and roughly 50 percent in the Nordics are already employing video-enhanced verification.

“Most countries refer to European standards on intruder systems. [However], in Germany, there is another organization, originally founded by insurance companies, called VdS. VdS provides regulatory guidelines such as which devices should be used, and how the overall security system should be configured,” noted Beckmann.

While there doesn't appear to be an explicit government standard in the U.S., “intrusion alarms have to be registered with local jurisdictions in most cases,” commented Mullins. “[This way] if the police departments receive an alarm, they have prior knowledge about the location of that alarm.” Nevertheless, there is a trend towards video-enhanced verification for intruder alarms.

BANK ON SECURITY SUCCESS
In the end, a key factor to success in the banking and financial vertical is to understand the security needs of these customers and assist them in integrating their corporate policies with government and insurance regulations in their security solutions. While the security equipment used may be no different to other verticals, banks security systems are more likely to be subjected to regulations due to their business nature. Security systems in this vertical need to be legally viable if necessary. Mergers, acquisitions, and upgrades will continue to create business opportunities for the security industry.