7 Key Components of Successful ITM Risk Mitigation

By Lowers & Associates,

ITM Risk Mitigation

Interactive Teller Machines (ITMs) offer new business opportunities to banks, and therefore to CIT carriers. A significant side benefit to the CIT carrier is the chance to take on an even bigger role in cash management in partnerships with banks. But with the larger role comes a larger responsibility to manage the risks that go with a deeper integration into the financial institution.

Here are 7 key components of a program where CIT carriers evaluate risks and then develop and implement procedures to address them.

1. Risk Assessment

The first step in ITM risk mitigation is a risk assessment. CIT carriers need to review the entire process of cash-in-transit from beginning to end to identify the places where losses might occur, estimate a likelihood for each, and determine cost-benefit priorities. Crew and bystander safety will always be of paramount importance, but many characteristics of the routes such as cash transitions, surveillance capabilities, and communication security will be analyzed.

Carriers will be familiar with many of the ITM issues because they have been servicing ATMs, but there will be differences. Evaluated risks can be addressed in a number of ways.

2. Policies and Procedures

The risk mitigation policies a carrier sets up for ATMs may serve as a template for ITM policies, with additional or different elements incorporated as needed. For instance, the over-the-road assessment and policies to manage exposure due to timing and environmental conditions will be a basis for further development for ITMs, if the machines are co-located or if the ITMs replace ATMs.

Policies will cover over-the-road exposures, procedures for handling cash (which is more complex for the ITM), handling multiple machines in a single setting (especially important if several ITMs are serviced in sequence), maintenance issues, vehicle control issues, and reporting or sign-offs. Basic controls like dual control and separation of duties will be included. These policies constitute best practices for the specific carrier to manage cash with security.

3. Internal Audits

The aim of internal audits is to implement a running account of transactions and cash balances at key points in a route to maintain control of the disposition of cash. Audits performed by the carrier may use a variety of methods and they may be scheduled and routine by design, random or intermittent. In all cases, the policy should be communicated to affected staff to set expectations that the audits will occur.

4. External Audits

Audits performed by external agencies give a strong, credible check on internal procedures, adding a strong layer of security. Insurers and other third parties may require these audits as a condition of contract. The value of an external audit is that it can find failures in the system where employees and/or accomplices have intentionally voided internal controls. Random or unannounced audits may be especially effective in detecting fraud early.

5. Personnel Screening and Testing

CIT carrier crews require a special kind of employee. They must be detail oriented, persistently thorough in performing routines, yet able to respond creatively and independently when extreme events occur—they manage risks in real time. Employees like this are rare at any event, but in a tight labor market like today’s, it’s very challenging to find them. Employers need to resist the temptation to loosen background screening and testing criteria, perhaps ramping up the level of effort in recruitment instead.

In addition, an important risk management tool is to interview and/or screen current employees on a regular basis to find changes in life circumstances or attitude that could signal a disaffected employee. Finally, training and testing are essential to help front line people recognize and cope with emergent threats.

6. Access Controls

Access controls including keys, passwords, combinations and alarms should be monitored for operational effectiveness, and changed often enough to reduce the possibility of being defeated. Again, the essential interactive capability of ITMs increases the danger of these controls being breached, so a broader view of “access” is required. Controls based on environmental design or structure are harder to change, but it may be possible to make big risk improvements with relatively small changes.

7. Physical Security

Hardening a target to protect physical security is a classical response to risk, such as in a vault or armored truck. However, it is in the spaces between these hardened targets, where cash is carried that a clever larcenist will look to find weakness. The ITM can exacerbate these weaknesses because of its relatively long service interval, putting a premium on how surveillance, environmental design, and communication can be used to supplement the physical security of the ITM.

For a more comprehensive introduction to managing risk in ITM servicing, download our latest whitepaper on the topic, A CIT Carrier’s Guide to Building Your ITM Program.

  Category: Risk Management
  Comments: Comments Off on 7 Key Components of Successful ITM Risk Mitigation

6 Components of a Strong Healthcare Security Presence

By Lowers & Associates,

A strong healthcare security program begins with a strong presence. This presence should be both seen and felt, cultivating a multi-dimensional experience of safety. Even in moments where security is subtle, like in the case of consistent uniforms, the elements of security presence can make all the difference in a patient’s experience.

Here are the key components to a strong presence: … Continue reading

Human Capital Risk Series: The Employer’s Role in Negligent Hiring and Retention

By Lowers & Associates,

negligent hiring and retention

Demonstrated due diligence is your first line of defense against negligent hiring and retention lawsuits. Sometimes this is easier said than done, especially if you are trying to fill positions for which there is a lack of talent.

Be aware that dialing down the due diligence in making a hiring decision can backfire with exorbitant cost. In one case, a jury awarded $7 million to the family of a truck driver who was killed in an accident caused by a second truck driver. The second driver, who was hired without a background check, had been on the job only 19 days when the accident happened. The plaintiff was able to show that a background check would have revealed that the second driver had had his license revoked twice for driving infractions.

In another more recent case, a hospital in Denver was sued for negligent hiring in a class action suit because it had hired a surgical technician with a record of having been fired from four previous positions, and who also had a Navy court martial for the theft of the powerful synthetic opioid, fentanyl. After being caught again stealing a syringe of fentanyl, the defendant tested positive for a blood-borne disease, making him an infection risk to the 2,900 surgical patients the hospital had during his tenure. Plaintiffs counsel argued that the terminations and court martial were easily discovered with a background check. All 2,900 patients are part of the class action lawsuit.

… Continue reading

Workplace Violence: Who’s to Blame?

By Lowers & Associates,

Workplace violence presents a growing problem for today’s organizations and society at large. With more than 2 million people directly affected and nearly 1000 fatalities each year, violence in the workplace has reached epidemic proportions.

Employers have a stated obligation under OSHA “to provide their employees with a workplace free from recognized hazards likely to cause death or serious physical harm.” But can we really expect an employer to be held liable for the unthinkable?

We can. And frequently, we do.

Employers are held liable for negligent hiring, negligent retention, and negligent supervision–often, even if the alleged conduct of an employee falls outside the scope of the employment relationship. Furthermore, when an employer fails to prevent workplace violence in the face of known or suspected dangers, it may be regarded as “intentional” conduct, which can also result in charges of negligence. (source) … Continue reading

Integrity Interviewing

By Robert Osborne,

There have been concerns and debates over the accuracy and validity of polygraph results, written honesty tests, psychological testing, etc. over the years and it will undoubtedly continue. One issue surrounding the controversy is the fact that individual results often times cannot be substantiated without corroborating admissions by the applicant. Further, a number of applicants have been denied employment due to having scored unfavorably on such testing, which has caused opponents to voice their concerns resulting in various acts of legislation. … Continue reading