I’m writing this month’s blog having just attended a seminar we arranged at The London Stock Exchange to cover the topic of banking security.
In essence, we invited senior security professionals from investment banks to talk about security ‘From the front door to the trading floor’.
Several practitioners were involved, including Cornerstone director Jon Roadnight and our own banking security sales manager Mark Bouldin and UK security sales director Matt Caine.
At the event, I was amazed to learn that there are approximately 317,000 individuals working in London’s financial district, with 105,000 of them in Canary Wharf alone. These people and the institutions for which they work generate roughly 10% of our national income.
It follows that safeguarding these people and the their employers’ assets is a vital element in the long-term financial health of UK plc.
Financial services sector under pressure
During the event, which was attended by many security and compliance managers from major UK banks, it struck me that last month – in my first blog as The Security Analyst – I talked about the aftermath of the 9/11 attacks on the World Trade Centre and how it had affected airport security. The other industry that was hit extremely hard, of course, was the financial services sector.
Following 9/11, retail and investment banks necessarily re-evaluated their security requirements: the general consensus was that integrated security had to be ‘the future’, with people, process and technology working together in perfect harmony.
Come 2011, some banks are further down this line than others, but who could have predicted that they would have to face an unabated threat of terrorism, civilian protests and vandalism, a global banking crisis and an exponential increase in financial crime (such as cyber attacks, card fraud and money laundering)?
Add to this the fact that banks are now one of the most regulated businesses (internally and externally) – along with the extensive reporting implications that accompany such regulation – and enforcement from the Financial Services Authority.
Throw into that mix constant pressure from senior management to reduce operational costs yet deliver consistently against Best Practice and it’s all-to-easy to see how the life of the security manager/director at a bank can (and often does) become a series of firefights with little or no time to look at the bigger picture and implement a long-term integrated security strategy.
New data feeds, incompatible systems
One of the biggest obstacles that has hindered attainment of this goal in recent years has been a dramatic increase in banks merging with – or acquiring – other banks.
In fact, there are only half the number of banks in existence today that there were ten years ago.
As a direct result, many security managers have found themselves not only dealing with new data feeds entering the Control Room, but also incompatible and ‘siloed’ systems that derive from the legacy of joining two (or even more) organisations’ security infrastructures.
It’s far from uncommon for a surveillance operation to be running a ‘hotch potch’ of cameras, sensors, alarms and access control systems.
A knock-on effect has been an overall increase in the number of false alarms recorded, resulting in a need for more ‘manually generated’ reports in turn creating yet greater demands on an operator’s time and their ability to respond effectively and efficiently when a ‘real incident’ occurs.
Of course, I’m not for one second questioning the quality these security teams provide, but it’s a world away from the vision of integration!
What to do next?
Unfortunately, while banks have always been held up as early adopters of new technology, current budgetary pressures dictate that this issue cannot be resolved by simply specifying on a standardised set of new, fully integrated technology from a single vendor and ripping out and replacing the entire existing infrastructure into the bargain.
Like their colleagues in every other department, security managers are expected to carefully manage the depreciation of their investments, typically over a ten-year cycle.
Also, to be honest it does strike me as wasteful to dispose of perfectly good equipment, especially if a viable solution can be found that not only preserves but holistically enhances its capabilities.
One answer may be found in the convergence of physical security and IT that has been brought about through the evolution of IP in this same ten-year period.
The pros and cons have been widely debated by vendors, systems integrators, installers and end users alike, and it has made solutions such as Physical Security Information Management (PSIM) possible.
Without doubt, the majority of banks have the three key elements already in place to make integrated security a reality – namely people, process and technology. They just lack the ‘glue’ to bind them all together, so a PSIM solution may just be the silver bullet that the banks need.
Taking the lead from Portugal
One bank that’s showing what can be achieved with an integrated security solution is Millennium bcp, the largest bank in Portugal, which itself has gone through numerous mergers.
Currently, the bank is running situation management to consolidate and correlate its entire security operations across all of its 900 branches.
The stark reality is that the security challenges for the banking sector are only going to become tougher and the penalties for failure more severe and public. That being the case, there has to be a swift response.
With the national media spotlight fixed firmly on the conduct of our financial institutions, security managers operational in this environment are not only responsible for the safety and security of people and assets but also custodians of their respective brand – and how it’s perceived by the market.
Jamie Wilson is security marketing manager (EMEA) at NICE Systems
