Safeguarding the banks: the challenging role of the security manager
Responsible for protecting people and assets across single or multiple countries in a range of different environments, the role of security manager in the finance industry is not for the faint hearted. Faced with the above, while navigating an unforgiving regulatory climate and balancing rapidly shrinking budgets, Daniel Wan asks if there is a tougher role in the security industry today.
In response to the deficiencies unmasked by the global financial crisis in 2008, European regulators have tightened standards for the banking and finance sector including Basel II, Basel III and Sarbanes Oxley. Today financial institutions are among the most heavily regulated organisations globally, and ensuring their business is – and remains – compliant with these stringent regulations is a constant source of stress for a security professional working in the sector.
Not only are the risks of failing to comply with this legislation extremely grave, the processes necessary to mine the relevant data and compile the requested reports are a strain on resources. However there are tools that security managers are using to lighten the load. Security systems that automatically generate reports to meet the demands of Sarbanes Oxley and other regulations can remove the need for the manager to constantly audit and reassess a bank’s compliance in the security arena. These solutions are also capable of quickly accessing relevant data and delivering compliance reports swiftly at the push of a button.
While the challenge of staying compliant with regulation appears a daunting task in, say, the UK entity of a multi-national bank, imagine the scale of the task when it extends to multiple countries. The security manager is tasked with managing an extremely complex and tightly interwoven web of contractors, vendors, employees and suppliers across a range of local and global compliance rules – a highly demanding task. On top of that, ensuring a consistent level of quality of project management, installation and maintenance – particularly when an implementation is taking place several thousand miles away from HQ – is also a huge challenge.
Owing in part to the associated cost efficiencies – badly needed in today’s economic climate – security professionals in larger banks are coming under increasing pressure to consolidate their branch networks and use the same set of products across all of their regional offices. In addition to the financial savings, this approach allows the organisation to implement consistent policies worldwide that are controlled and monitored centrally. In addition the ability to handle updates or reconfigurations through one system reduces man hours and simplifies end user operation and training. On first joining his role at insurance company QBE, Mark Thompson, Head of European Security immediately identified the lack of a joined up system across the company’s UK offices as a huge risk to the business and its assets. After embracing integration, QBE’s access control, video and intruder alarm systems from Honeywell can now all be controlled from the security hub in London, delivering cost efficiency and control.
However in order to unlock efficiencies through a centralised global security management system, it is essential that a security manager is empowered to work with one sole provider that assumes responsibility and simplifies the process. Best-in-class providers can ensure a coordinated approach to security maintenance, upgrades and overhauls – in some cases leveraging remote management technology to reduce time-consuming site visits – in order to minimise business disruption and inconvenience. A trusted partner with its own strong cross-border integrator network can remove the complexity of managing multiple vendors, enabling quality and compliance in every region. For example Honeywell’s network of approved Systems Integrators ensures continuity with expertise on a par across the world.
The changing face of banking over the past few decades has been nothing short of revolutionary. High street banks in particular have consciously shed their corporate veneer in favour of a much more welcoming image. Nothing quite reflects this change like the bank’s own premises. Today branches are expected to merge two very different roles seamlessly and without paradox; a custodian of large sums of cash and a meeting space designed to attract existing and potential customers. Implementing and managing security systems that can deliver this dual functionality – with the flexibility to be quickly reconfigured to tighten up or loosen security in a certain part of the building’s headquarters or branch – has placed a significant burden on the security manager.
In the branch and back at HQ, the security manager faces another headache; controlling the constant flow of staff and visitors in and out of the building. The majority of financial institutions have thousands of staff, customers, suppliers and contractors accessing and exiting multiple premises on a weekly basis. Ensuring that all personnel are granted access to the area of the building that is necessary for their visit, at the same time as restricting access to high risk areas to those with the relevant clearance is a tough task. The growing trend towards hot-desking has exacerbated this. Moreover, with such a huge number of personnel passing through a bank every week, month and year, it is also challenging to make sure access records are kept up to date and a disgruntled former employee isn’t able to enter the building and steal company property.
In this context, the ability to integrate a banking network’s security system with its payroll, HR and IT systems to provide one consolidated database for easier management of people is one tool that has taken some of the strain off the security manager. This level of functionality allows credentials for employees and personnel to be updated once in one system, and instantly revoke, restrict or grant access to certain parts of a building, saving man hours, reducing costs and boosting site security. Investment bank Nomura recently integrated its Honeywell Pro-Watch security management solution with its HR system which, according to Head of Security for EMEA Andy Williams “saves us significant administrative time by eliminating repetitive data entry”.
Fifty years ago a bank’s biggest security priority was protecting its physical assets – specifically its people and its cash – but the information revolution has added a third component into the mix – data. Today an organisation’s information can be as – if not more – important than its physical asset base. Protecting personal and highly sensitive customer information right through to a FTSE100’s loan application or business plan has added an additional dimension to keeping a bank secure. Although much of the critical IT or logical security sits with the CIO and their team, there is increasingly a role for the security manager in ensuring efforts across the physical and virtual world are joined up. Moreover, in many cases IT is not a core competency for the security manager, adding an additional layer of complexity to the task.
There are systems on the market today that can support the security manager in their efforts to grapple with the coming together of logical and physical security. In particular integrated solutions offered by providers like Honeywell – in some cases via a software development kit -mean that physical access credentials and network access credentials can be updated simultaneously. This ensures that no unauthorised personnel can access the company network or use computers in restricted parts of the building, preventing data theft or fraudulent activity. Equally, employees who have parted company with the bank are locked out as their network credentials are revoked in tandem with their ability to access the physical building.
In summary, the multiple facets of their role – which involve constantly monitoring against intrusion and theft on many different fronts – mean that the lives of security managers in the finance industry are hugely complex and at times stressful. However, the growing prevalence of integrated security systems has simplified the management of a global cross-border network of branches and offices, in addition to streamlining access control in a physical and virtual environment. Although it remains one of the toughest roles in the industry today, security managers in the sector are reaping the benefits of integration.