Taking Access Control to the Bank

If you build it, they will come. Everyone is familiar with that heart-tugging line from Field of Dreams. When it comes to access control in 2021, that James Earl Jones quote takes on new meaning. If you build it, and make it frictionless, integrated, convenient, and hygienic, they will come back to the office. At least we hope they will.

Whether staff and customers will come back is a particularly intriguing question in the banking and financial services industry. Even community banks are beginning to offer mobile apps that let customers remotely deposit, transfer, and view funds. Cash withdrawals from banks and ATMs have plunged during the pandemic. Some people haven’t used paper money in a year. Chains like Lululemon, Sweetgreen, and Nordstrom have largely eschewed cash.

As offices reopen and branches return to normal hours and as the population gets vaccinated, physical security can’t be forgotten. Mask requirements will remain in place for the foreseeable future, and many people might never shed them in public. What does it mean for robbery prevention when every customer is wearing a mask? For now, many branches either severely limit occupancy—assuming that a robber won’t be willing to cool his heels outside for 10 minutes—or use security guards as social distance or access monitors. That’s not cost effective in the long run, though.

Lasting health protocols mean that customers will expect barriers between them and bank staff, which is good news. Bullet-resistant windows will make a branch look more like a health-conscious facility than an armed encampment. 

In bank office facilities and in areas in branches that are off limits to the public, some financial institutions have retrofitted their access control systems with mobile apps, facial recognition, or fluid access. On-premises systems are giving way to cloud-based approaches, where upgrades, patches, and permission changes are centralized, removing responsibility from the bank’s IT team. Privileges can be quickly assigned, changed, or revoked for staff needing to access sensitive areas such as server rooms, the accounting department, or human resources. Even some community banks are making the jump due to ease of administration, lower lifecycle costs, and almost boundless integrations, including integrated Covid tools such as health screening and contact reporting.

Access control doesn’t stop at physical spaces. Virtual doors to the network are every bit as important. The bigger money for criminals, and the lesser risk of capture, comes from plundering online accounts.

Financial institutions are no stranger to cyber attacks. The cyber risk spectrum is broad and unprecedented, with 60 percent of the customer records that were compromised coming from financial services firms. While banks have invested heavily in cyber security tools and infrastructure to protect their assets and meet regulatory requirements, physical access control can sometimes be overlooked.

Now, as financial institutions are gearing up for a return to normal following a year of increased remote work, greatly reduced branch traffic, and managing distressed financial assets, here are four steps to ensure the physical security program is ready to get back to work with your financial institution.

Four Steps to Prepare Physical Security Programs at Financial Services to Reopen:

Step 1: Understanding and Communication

  • Solicit feedback from staff on their concerns about returning to office
    • Hold virtual staff meetings encouraging staff to express fears
    • Check with staff members individually and by team
    • Involve staff in the discussion of proposed safety measures
  • Communicate with staff frequently and transparently about health and safety policies, procedures, and protocols
    • Set expectations before the return to the office or branch
    • Expect to tweak policies and procedures once workers return
    • Any policy or procedure changes should be immediately communicated
    • Consider implementing access policies based on vaccination or test results

Step 2: Health and Safety Solutions You May Want to Consider:

  • Mobile access credentials to unlock doors with your phone
  • Other touchless access, such as face recognition
  • Touchless doors (foot pedals, automatic open, germ-resistant keys, etc.)
  • Health/Covid screenings prior granging entry–including possibly limiting based on vaccination status.
  • Occupancy tracking for office and retail locations
  • Plexiglass dividers between workstations and between employee and consumers in retail interactions.

Step 3:  Upgrade legacy on-premises access control solution to a modern, secure, cloud solution

  • Standalone access control
  • Access control integrated with other security features such as visitor management, video surveillance, and intrusion detection as part of a holistic proptech solution
  • Cloud offers more remote management options for the continuing hybrid work environment
  • Cloud puts administration in the hands of specialists, wherever they are.
    • System security
    • Updates and upgrades
    • Patches
    • Software health scans

Step 4: Ensure Identity and Access Management Best Practices Applied Across your Physical Security Platform

  • Implement multifactor authentication (e.g. one-time passcodes; device biometrics on a smartphone  and Google Authenticator code)
  • Ensure that policies are consistent and security robust throughout the enterprise—branches, back offices, satellite offices, headquarters, etc.
  • Apply a policy of least privilege, whereby staff only have access only what they need to do their jobs
  • Consider applying least privilege to certain times of day (e.g. bank staff might have 8 am to 6 pm access, while custodians and security officers may have after-hours access)

While not a comprehensive list, these 4 steps are critical considerations as you work back to normal operations.  And you’re likely to find that, if you build your return plan around these steps, your staff, customers, partners, and contractors are bound to come back.