Keeping in mind that the original FDIC regulations were created as a part of the United States Code in the mid 1800’s and were designed to cover ALL banks…

The specific bank regulations covering the area of  Physical security policy

have a two fold purpose:  First they have to be very broad and general to cover banks of all sizes, shapes and descriptions in communities and cities all across the USA; and second, they have to provide a framework upon which a solid Security Compliance plan may be founded.  The regulation does and excellent job.  It’s up to us to understand, apply the outline and comply with the plan we produce.  For example, the most recent change to the regulation was dated April 1991 and reads:

“It is the responsibility of the banks board of directors to comply with this part (FDIC 326.3) and ensure that a WRITTEN SECURITY plan is developed and implemented for the bank’s main office and branches.  That written plan shall:”

What did you learn from reading that “new” paragraph:

First, the DIRECTORS of your organization have “direct” liability for any failure by their bank under this regulation.  Think individual billfolds here. 

Second, there is a requirement in writing for a WRITTEN security plan for the bank’s main office and branch offices.

So, what does this mean?

I would encourage you to discuss the legal issue with your bank’s legal advisor but in laymen’s terms it means director’s should recognize their liability under this “part” of the regulation should a “compliance issue” arise.  Here’s a wildly hypothetical example: if a ricochet bullet struck a new hire on her very first morning at work in the bank and, month’s later at the courthouse, the bank were asked “did this injured party, a new hire, receive initial security training as required by the FDIC and as is written in your security plan…now we all recognize that “initial security training” would likely not have prevented this “injury”…but that isn’t the question.  The question is, under the regulation, the bank, and by the new regulation, the bank’s directors, in compliance with FDIC 326.3, are required to provide initial security training.

If the attorney can PROVE no such training had yet been provided, then, the bank, or the “defendant” in this situation, is shown to be “at fault”, regardless of the fact that training would likely not have prevented the injury!

Of course it is a wildly hypothetical never going to happen situation, but, the change in the regulation does open the door.

The solution is pretty simple:  As a condition of “being hired” and before any new staff member is “actually hired” a brief training session outlining the FDIC regulations and the Security training on the specific Security systems for this bank should be conducted and documented with a letter for the new hire’s personal record with the bank.  That’s it.  Very simple.  Doesn’t cost much.  Easy to do.  Never amount to anything…or will it?