“I knew him for years. He was like family. How could he do this to me and my business?”

It’s an all-too-familiar question after a long-term or trusted employee is caught or suspected of stealing from a company. So, what happens that makes it all go so wrong?

Simply put, cash is the great attractor – while we all interpret that lure differently, its visceral, kindly promise of freedom occasionally becomes too irresistible for human nature to ignore. Many businesses are not aware of, or at least, are not able to consistently identify, hire, educate and train around this fact. In CIT and Security, the breakdown is most often in one or more of The Three P’s (Policy, Process, and Procedure), but it’s certainly not an isolated phenomenon. Retail establishments, financial institutions and more all struggle with it.

The Three P’s are designed to reduce and control both the likelihood (risk probability) and severity (risk impact) of loss relating to risk; in this example, employee theft. For context:

• Policy is a rule or set of guidelines;
• Process is a high-level set of criteria that must happen in order to ensure compliance with a policy; and
• Procedure is a specific, detailed series of actions that staff members must take in order to implement a process and comply with a policy.

With the recent COVID-19 pandemic, business transactions and revenues are down, and we have seen a surge in employee terminations, furloughs and the like. As a result, many businesses are operating with lean staffing, which can cause breakdowns in segregation of duties, intentional or not. Where two persons may have been required by policy pre-COVID to perform an action, e.g. accessing the safe or vault, conducting physical inventory audits or daily cash reconciliation and balancing, the reduction in staff has caused those policies to become lax in order to continue operations. In doing so, many dual control and custody procedures have led businesses to allocate more access control capabilities to those “long-term” or “trusted” employees. Which can lead to situations like the ‘Not him!’ referenced above.

So, what can be done with limited staffing during these times to protect people, brands, and profits? Below are a few best practices that can be applied across any business, large or small:

• Review your internal policies and processes and provide management oversight to ensure that procedures are being adhered to per company policy and that no one person has too much access to a particular asset or function, including:
  • Access device (key, card, combination, code) controls .
  • Dual control/custody system of checks and balances.
    • Ex: verification of deposit preparation, either 2^nd person or virtual (FaceTime, CCTV, Zoom, etc.), bank pick-ups and deposits in person (no night drops if only one person can perform) and confirm deposit or examine credibility of tamper proof deposit bag before leaving (bringing back deposit slip for verification and documentation).
  • Utilize both Employment Background Screening, regardless of the relationship or previous work history, and a true continuous court records monitoring solution to get the whole picture.
  • Require job-specific training that is documented and acknowledged via signature of the trainer and trainee to ensure adequacy, accuracy and completeness.
  • Incorporate random and unannounced internal and external audits, testing the aforementioned policy, process, and procedure with staff. Examples may include:
    • Cash drawer audits, to be performed by employee and management at the beginning and end of shift; cash drawers should be assigned to one user only.
    • Cash drawer documentation, in the event more cash is needed or removed a verifying document should be signed by two people, i.e. employee and management.

These best practices are intended to provide some potential resolutions to but a fraction of the challenges that businesses face in fighting theft. By improving potential vulnerabilities and understanding the importance of applying essential policies, processes, and procedures, businesses can – and do! – reduce the likelihood and severity of loss relating to employee theft.

Remember, cash may be king, but it’s still your kingdom.

Demand is on the rise for cold storage vault services for cryptocurrency. As CIT and vault providers work to meet the demand, they are facing risks that are at once similar and very different from those they encounter with their cash services.

As a vault or transport provider, how well do you understand the risks of cold storage?

Our latest slideshow highlights 7 components of a risk assessment for cold storage providers of cryptocurrency. It looks at the following:

1. The right safe for the job
2. Control of digital threats
3. Control of physical threats
4. Identity verification
5. Dual controls
6. Access logs
7. Procedural integrity

Flip through the slideshow here:

To learn more about custodial crypto transportation and storage, we invite you to download our whitepaper, Custodial Crypto Transportation and Storage: Understanding and Mitigating the Risks.

Interactive Teller Machines (ITMs) present a win-win for customers and banks alike. These machines offer new levels of automation, allowing banks to efficiently deliver a wide range of banking services. ITMs free up teller lines for higher level services, allowing customers to take care of basic needs on their own. ITMs bring new levels of convenience for customers who are increasingly comfortable with digital banking services.

ITMs also open up new opportunities for CIT carriers who are able to step up to the demands of servicing a more complex machine. That said, the details of ITM servicing cause concern and complexity. Consider the placement of the ITMs. While convenient for customers, their placements often put carriers at increased risk of attack. Not to mention the time it takes to service an ITM, which is significantly longer than a traditional ATM. These longer service windows also add to a carrier’s risk.

Our latest slideshow resource sheds light on emerging risks CIT carriers face as they look to expand their banking relationships to handle ITM servicing.

Flip through the presentation here:

A High Reliability Organization (HRO) is one that achieves desired outcomes consistently, despite operating in a highly complex environment characterized by high risks. It learns from its failures, even those unanticipated, and uses them to improve over time.

Could the Cash Processing and Transport System (CPTS) operate like an HRO? Let’s begin by determining if CPTS shares the characteristics of an HRO. … Continue reading

In today’s integrated financial services system, Cash-in-Transit (CIT) service providers face new challenges in theft and fraud prevention. Traditional approaches to internal controls may leave risky gaps where CIT vendors and their banking customers intersect. Upgrading—and redesigning—these controls so that partners interpret outcomes accurately, and in the same way, is necessary to raise the adequacy of protections against theft and fraud risks.

The Office of the Comptroller of the Currency (OCC) has made it clear that banking institutions are ultimately responsible for the risk management performance of the third party cash vendor services they purchase. Banks cannot simply offload risks to vendors when they outsource traditional banking services. … Continue reading