Skip to main content
Image coming soon

The Bank Branch Physical Security Standards Workbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Bank Branch Physical Security Standards Workbook

A senior specialist's reference for hardening branches, ATMs, and back-office sites to the standard examiners actually ask about.

Operational Risk wants one document that explains how every branch, ATM, cash-in-transit handoff, and back-office floor is hardened to the same standard. You are holding the pen on that document, and nothing on the shelf maps to the layer between the twenty-thousand-foot corporate security policy and the five-thousand-foot branch operations playbook.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

The senior physical security specialist at a top-tier US retail and commercial bank sits in a gap. Above sits the Chief Security Officer's corporate policy, written in principles. Below sit the branch managers' operating procedures, written in checklists. In between sits the actual standard: door schedules, CCTV camera placement and retention, alarm zone design, panic device locations, vault and safe timing, key and combination control, badge issuance and revocation timing, contractor escort rules, robbery response drills, after-hours access, ATM lobby hardening, night-deposit handling, and the cash-in-transit handoff. The federal Bank Protection Act sets minimums but does not write the standard for you. The OCC's operational resilience expectations now treat physical security as part of the resilience programme, not as a building services line item. Internal Audit and Operational Risk both want to see the standard, the threat assessment that justifies it, the variance log for any branch that deviates, and evidence the standard is reviewed. Vendor brochures from the alarm, CCTV, and access-control providers do not become a bank standard by being stapled together. The Sr Physical Security Specialist writes the standard, defends it, owns the variance log, runs the drills, and explains it all to examiners. That work needs a reference that respects how a regulated bank actually works.

What you walk away with

  • A documented bank-wide physical security standard with named owners, review cadence, and variance process.
  • A defensible branch threat assessment template that maps threat categories to the specific controls each branch needs.
  • A CCTV, access control, alarm, and intrusion detection baseline that is consistent across the branch footprint and explainable to an examiner.
  • A robbery response, suspicious activity, and after-hours intrusion playbook that branch managers can actually run.
  • An evidence pack for Internal Audit and Operational Risk covering the standard, the drills, the variance log, and the vendor due diligence.

The 12 modules

Module 1. The bank physical security policy stack
Maps the layered structure from the board-approved corporate security policy down through the physical security standard, the branch operating procedures, and the variance log. Names what belongs at each layer, who owns it, and how Internal Audit and Operational Risk read the stack. Includes a one-page diagram you can put on the front of every audit binder so the reviewer never has to ask where a control lives.
Module 2. The federal and regulator baseline
Walks through the Bank Protection Act minimums for branches and operations centres, the FFIEC Information Security and Business Continuity expectations that touch physical security, the OCC Heightened Standards treatment of operational resilience, and the FinCEN expectations on suspicious activity that begin at the teller line. Distils what each one actually requires of the physical security standard, not what advisory firms claim it requires.
Module 3. The branch threat assessment
Builds a repeatable threat assessment for retail branches covering robbery, after-hours intrusion, ATM attack, smash-and-grab, internal theft, workplace violence, and protest activity. Each threat category gets a likelihood and consequence rating method, evidence sources (FBI bank crime statistics, the bank's own incident history, local police data), and the linkage from the assessment to the control set chosen for the branch.
Module 4. CCTV camera placement, retention, and chain of custody
Specifies camera coverage for the teller line, vault area, ATM lobby, night-deposit, customer floor, and after-hours perimeter. Sets resolution minimums, retention periods aligned with the bank's record retention schedule, export procedures for law enforcement, and the chain-of-custody log Operational Risk wants. Includes a CCTV baseline template and a deviation form for branches with structural limitations.
Module 5. Access control, badge management, and key control
Covers the badge issuance and revocation timing standard, the back-office door schedule, contractor and vendor access, after-hours access logging, dual-control rules for vault and cash areas, key and combination control registers, lost badge procedures, and the joint review with Information Security on the physical-to-logical handoff. Includes the access-review evidence pack auditors expect quarterly.
Module 6. Alarm systems, panic devices, and central station
Designs the alarm zone layout for a typical branch and a typical operations centre. Sets panic device placement standards for the teller line, manager office, and night-deposit. Specifies central station response standards, alarm test cadence, false alarm tracking, and the contract terms with the monitoring provider that the bank actually needs. Includes a monitoring vendor scorecard and a quarterly test evidence template.
Module 7. Vault, safe, ATM, and night-deposit hardening
Sets the standard for vault construction, time-lock and time-delay devices, safe ratings for branches by cash-risk tier, ATM physical hardening against ram-raid and gas attack, and night-deposit head design and servicing. Maps each control back to the branch threat assessment so a branch with a higher robbery risk profile gets the right level of hardening, not a one-size-fits-all spec.
Module 8. Cash-in-transit and currency handling
Documents the standard for the armoured carrier handoff at the branch door, vault loading and unloading, internal cash transport between vault and teller line, dual control on currency movements, dye-pack and tracker policy, and the audit log expected for every movement. Covers the contract terms with the cash-in-transit vendor and the incident escalation path when a carrier deviates from the procedure.
Module 9. Robbery, suspicious activity, and workplace violence response
The branch-facing playbook for a robbery in progress, a robbery after the fact, a suspicious customer or vehicle, an active threat, and a workplace violence incident. Includes the FBI bank crime reporting line, the FinCEN Suspicious Activity Report linkage to physical incidents, the employee assistance and trauma response standard, and the drill schedule the branch must run with evidence the regional examiner can see.
Module 10. Vendor management for the physical security stack
The Sr Physical Security Specialist owns the relationship with the alarm provider, the CCTV provider, the access control provider, the armoured carrier, the guard force vendor, the locksmith, and the ATM service provider. Sets the vendor due diligence standard, the contract security clauses, the SLA expectations, the right-to-audit clause, and the offboarding process when a vendor change is made. Includes the vendor scorecard template Operational Risk wants.
Module 11. Evidence, drills, variance, and the audit story
Builds the evidence pack: the standard, the threat assessments, the test logs, the drill logs, the variance log, the vendor scorecards, the access reviews, and the incident reports. Sets the review cadence for each artefact, the cross-reference to the audit universe, and the narrative that ties the artefacts together into a coherent story for the next Internal Audit cycle and the next OCC physical security exam.
Module 12. Annual review, threat refresh, and standard update
Closes the loop. Sets the annual review cadence, the threat-environment refresh process (new attack methods, new regulator focus, new internal incident learning), the change-control on the physical security standard, the communication plan to branch operations, and the metric the Chief Security Officer carries on a dashboard. Includes a one-page annual report template the CSO can hand to the board operational risk committee.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

The Operational Risk question about how every branch is hardened to the same standard is answered by modules 1, 3, and 11.
The OCC examiner asking how physical security fits into operational resilience is answered by modules 2, 6, and 11.
The Internal Audit observation that the variance log is incomplete is answered by modules 5, 7, and 11.
The branch manager asking why their ATM lobby needs the new standard is answered by modules 3, 7, and 8.

What you get with this course

  • Twelve written modules with worked examples for a top-tier US bank.
  • Branch threat assessment template, CCTV baseline template, access review evidence pack, alarm test log, vendor scorecard, variance log, annual report template.
  • A hand-built implementation playbook tailored to the specifics of the branch footprint and operational risk programme.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours: account in the Art of Service learning environment, all twelve written modules, all downloadable templates, and the hand-built implementation playbook are delivered together.

Before and after

Before

The branch security standard lives partly in policy, partly in vendor brochures, partly in the heads of long-serving regional security officers. Internal Audit keeps asking the same questions every cycle. Variances are tracked in three spreadsheets that do not reconcile.

After

There is one signed bank physical security standard. Every branch maps to it via a threat assessment. Variances live in one log with a named owner and a closure date. Internal Audit and Operational Risk reference the same artefacts the regional team uses. The OCC examiner gets a single binder.

What happens if you do not address this

Without the standard written and defended, the next Internal Audit cycle will catalogue branch-by-branch inconsistency as a thematic finding, and the next OCC operational resilience exam will treat physical security as a gap in the resilience programme rather than a discipline inside it. Both findings escalate to the board operational risk committee.

Who it is for

A Senior Physical Security Specialist inside a top-tier US bank's Corporate Security or Operational Risk function. Owns the physical security standard for retail branches, ATM estate, commercial offices, and operations centres. Reports into a Director or VP of Corporate Security. Partners with branch operations, facilities, real estate, IT physical access, vendor management, and Internal Audit. Reads OCC, FFIEC, and FinCEN guidance. Has to speak both the language of the alarm and access-control vendors and the language of the bank examiner.

Who this is NOT for. Not for retail loss prevention specialists working a single store. Not for corporate facilities managers without responsibility for the security standard. Not for security guards or contract guard force managers. Not for cybersecurity specialists looking for logical access control material; this is the physical layer.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Roughly twelve to fifteen hours of focused reading across the twelve modules. Most senior specialists work through it in a week of evenings or two long weekends, then keep the templates open as the standard is drafted.

Why $199 is the right number

Vendor white papers from alarm, CCTV, and access control providers cover their products, not the bank standard. ASIS Protection of Assets is a thousand-page reference, not a workbook. FBI bank robbery prevention guidance is a slim public document. The OCC and FFIEC handbooks describe expectations, not the standard text. This course is the missing middle: the standard a senior specialist at a US bank can stamp with their name, mapped back to the regulators and the references.

FAQ

Is this written for a US bank specifically?
Yes. The regulatory references are US federal (Bank Protection Act, OCC, FFIEC, FinCEN, FBI) and the operational context is a top-tier US retail and commercial bank with a national branch footprint and ATM estate.
Will it duplicate the corporate security policy?
No. It sits below the corporate policy and above the branch operating procedures. The first module shows exactly where the standard fits in the layered policy stack.
Does the implementation playbook account for my branch footprint?
Yes. The hand-built playbook is tailored to the specifics of your branch and ATM footprint, the operational risk programme structure, and the regulator profile the bank operates under.
How fresh are the regulator references?
Current as of the most recent published OCC, FFIEC, and FinCEN guidance and the most recent FBI bank crime statistics release. Annual review module covers how to refresh as new guidance lands.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!