In general, compliance is conforming to particular expectations, standards, or behaviors, where risk is an exposure to potential loss or injury. When we think of compliance in the security arena, it often means that you are following prescribed standards, which could be regulatory, industry best practices, or standards that are otherwise customized or company specific.
While compliance and risk often follow the same path, a compliance audit or survey is often performed with a one-size-fits-all “compliance only” approach, as opposed to one that requires more complex reasoning.
Some may question the rationale of compliance if risk is not a constant consideration. Lack of experience, industry knowledge, or even simply lack of time can hinder the ability to take a more risk-based direction. After all, taking a compliance only approach simplifies the security audit process by allowing for uniform application, reduced subjectivity and error in assessment, and strong performance metrics capability.
Is the added complexity of a risk-based approach worth the effort? … Continue reading
The banking industry has undergone significant and historic change since the financial crisis of 2008. The Dodd Frank Wall Street Reform and Consumer Protection Act created heightened expectations and new regulations for financial institutions.
This, in turn, has created the need for additional levels of oversight within the financial institution itself. However, it isn’t just financial institutions that are feeling the impact. Third party service providers of financial institutions, including armored carriers, are being impacted as well.
Historically, by outsourcing cash vault operations to CIT companies, financial institutions were able to pass along many of their risks and cost burdens. Today, the Office of the Comptroller of the Currency (OCC) makes clear that banks are expected to practice effective risk management “whether the bank performs the activity internally or through a third party” and goes on to say that “A bank’s use of third parties does not diminish the responsibility of its board of directors and senior management to ensure that the activity is performed in a safe and sound manner in compliance with applicable laws.”
Furthermore, the OCC has identified significant potential for gaps in risk mitigation and compliance, which has brought more focus on auditing procedures. … Continue reading
Stop for a minute and think about the flow of cash in the American economy. You almost certainly have some in your pocket or purse right now, and at some point in the day, or the near future you will use it to buy something. Even if you rely mainly on plastic, you will sometimes tap an ATM for cash. Billions upon billions of cash dollars circulate every single day. Most importantly, you, and all parties concerned can easily access just the right amount of cash for their needs.
This miraculous flow of cash does not happen by accident. The Cash-in-Transit (CIT) system—a.k.a. the cash management industry—has evolved to manage cash efficiently and securely. This huge system is ubiquitous, yet many people have never heard of anything beyond “armored cars.” The system actually includes a large assortment of cash management businesses, some of them specialized and others offering a fully integrated package of services that help to keep commercial and retail markets liquid.
The CIT system serves banks, including the Federal Reserve, by providing the transportation, storage, processing, accounting, and other services that financial institutions need to ensure the right amounts of cash get to where they are needed. With the extensive geographic dispersion of branch banks and ATMs, it is no longer cost effective for each and every bank to provide all the cash management services it needs. Today, third party businesses in the cash management system can support multiple banks, including providing a level of risk management the industry demands. … Continue reading