Build Up Security Policies and Budgets

Include the costs of security in your CU’s business plan and overall budget.

May 07, 2012
KEYWORDS budget , planning
/ PRINT / ShareShare / Text Size +

Take prompt action

“Security risk is the single most important thing that keeps me up at night,” says Mary Beth Wilcher, CEO of $350 million asset Erie (Pa.) Federal Credit Union. Unlike regulatory compliance, with security breaches usually there’s no warning and the consequences can be devastating.

When previously working at CUNA Mutual Group, Wilcher gained insight into where losses occur. “I learned how they happen and what we can do to stop them before they stop us.” That knowledge showed her how important it is for every CEO to take the lead with security planning.

Recently, Wilcher led Erie Federal in tightening security on file transfer protocol destinations, email procedures, and storage and mailing of address change notices.

Erie Federal typically factors its security expenses into its overall operating budget. Security expenses aren’t currently segregated into individual line items in the budget, but that will probably change in the future. The credit union’s operations team oversees policies, procedures, compliance, and security.

“Keeping up with compliance and security certainly takes a toll on our budget,” notes Wilcher, “but it can’t be scaled back and will only escalate expenses going forward. As new security threats appear, we’ll continue to take prompt action as needed. Budgets don’t always anticipate those expenses in advance. Being able to explain them to your board and examiners is critical.”

Erie Federal had one robbery attempt in 2009. In response, says Wilcher, “branch security became a top priority, and we began retrofitting our branches with state-of-the-art security.

“One easy fix is to add additional lighting and cameras both inside and outside your facilities to deter crime,” she suggests. “We also added internal technology that enables us to reduce risk by monitoring accounts that could potentially cause
us a loss.”

Security planning and budgeting should be a line item on the budgets for all branches and corporate facilities, she says.

“If security isn’t first and foremost in the minds of your management staff and your board of directors, you’re potentially opening the door for a hit to your reputation, monetary loss, or—God forbid—loss of life,” she says.

Address risks and exposures

For the past 15 years, $135 million asset Public Service Credit Union in Romulus, Mich., has been addressing specific security issues within its budget and business plan.

“Years ago, security planning was much more rudimentary than it is now due to increased exposure that we face to physical and data threats,” says Dean J. Trudeau, president/CEO.

The credit union’s annual budget process takes into consideration both physical and electronic data security.

“We have a person in charge of loss prevention who makes recommendations for software upgrades that allow for detection of fraudulent accounts and suspicious activity,” he says. “He’s primarily responsible to budget for upgrades or make additions to our security equipment such as cameras, electronic access devices, or alarm upgrades.”

Additionally, Public Service encourages all department and branch managers to consider security enhancements when they submit their annual budgets. “We include security-related issues within our overall business plan by starting with an annual physical risk review of our offices and practices.”

The credit union also performs an internal Bank Secrecy Act risk assessment of products offered and methods for opening accounts. “We use these reviews as an opportunity to modify procedures and create budgets to address new risks and exposures,” says Trudeau.

Security needs have become a huge concern for credit unions today because they’ve become a core consideration of how business operates. Consequently, credit unions face numerous challenges when planning for possible security problems.

“All facets of security are important,” says Trudeau. “First of all, we’re required by regulation to protect member data. And secondly, insurance no longer covers the losses that were covered years ago unless they become catastrophic.

“Our bottom line mandates that we fend off potential losses at every opportunity. The cost and effort to provide security for records, documents, and member data is greater due to the ever-changing, sophisticated methods to defraud the system.”

So what’s the top recommendation when it comes to security planning? Move beyond using only one department to review security, says Trudeau.

“Budget for security throughout your organization. The perspectives and objectives for each department are different and necessary for a strong security plan.”

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive