Skip to main content
Image coming soon

The Retail Bank Physical Security Lead Playbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Retail Bank Physical Security Lead Playbook

Branch access, ATM and vault controls, courier logistics, and physical-incident coordination with corporate security and the FFIEC examination team, in one written course plus a hand-built implementation playbook.

The branch-by-branch access review, the ATM vestibule camera coverage log, and the dual-control evidence for the vault and courier handoff is what the FFIEC examiner actually pulls. The policy is fine. The evidence trail across thousands of branches with mixed vendors is what fails.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

A Physical Security Lead at a large US retail bank owns the physical side of FFIEC IT Examination Handbook compliance, the branch and ATM access-control estate, the cash-in-transit and vault dual-control evidence, contractor escort policies, and the handoff to corporate security for executive protection and physical incident response. The role sits between facilities (who own the door hardware and CCTV procurement), corporate security (who own executive protection and the GSOC), branch operations (who own cash handling and dual-control), and IT (who own the access-control software and camera storage). Examination prep concentrates the pain. Examiners ask for branch-by-branch access-control review evidence, ATM vestibule and vault camera retention logs, dual-control evidence for cash-in-transit, contractor and vendor escort logs, and a clean physical-incident response trail. Most banks have all of the policy and most of the evidence, but the evidence is scattered across three vendors per branch, two ticket systems, and a corporate security team that runs on a different workflow. Pulling the audit package together becomes a four-week scramble that competes with the day-job of running physical security across a multi-state footprint. The course is the consolidated method for assembling the artefacts ahead of the exam, fixing the gaps that always show up (contractor escort logs, camera retention windows, dual-control sign-off completeness), and running a physical-incident package that hands cleanly to corporate security and the federal examiner.

What you walk away with

  • Assemble the branch-by-branch FFIEC physical security evidence package without the four-week scramble.
  • Close the contractor escort and vendor access log gap that examiners always find.
  • Consolidate access-control and camera retention evidence across mixed vendor estates.
  • Hand a physical-incident package to corporate security and the examiner so it lands clean.
  • Run the cash-in-transit and vault dual-control evidence trail so the courier handoff is audit-ready.

The 12 modules

Module 1. The FFIEC IT Examination Handbook physical security section, read for the Physical Security Lead
What the FFIEC IT Examination Handbook actually asks for in the physical security section, read in the language of the artefacts you must produce: the branch access review, the dual-control evidence, the camera retention log, the contractor escort log, the physical incident response trail. Module 1 walks the section paragraph by paragraph and lists the artefact each paragraph implies, so the examination prep is anchored to a document checklist, not a policy review.
Module 2. Branch access review at scale across a multi-vendor estate
The branch-by-branch access-control review when the estate runs three door-hardware vendors, two access-control software platforms, and a dozen acquired-bank legacy systems still in service. The module covers consolidating the access-rights export across vendor tools, the standard schema for the consolidated review, the sampling approach that the examiner accepts, and the remediation log for orphaned credentials and stale contractor cards across thousands of branch doors.
Module 3. ATM vestibule, ATM kiosk, and walk-up unit physical controls
Physical security for the ATM estate: vestibule access during off-hours, camera coverage and retention windows, ATM enclosure tamper evidence, skimmer and shimmer inspection cadence, and the evidence trail the bank needs when an ATM is compromised. The module covers the standard inspection log, the camera coverage gap report that fleet managers can run themselves, and the incident package format the corporate security team can lift directly into a federal report.
Module 4. Vault, cash-room, and night-drop dual-control evidence
Dual-control evidence for vault entry, cash-room access, and night-drop reconciliation that holds up to a sample-based examination. The module covers the standard dual-control log, the way to evidence dual-control when one of the two officers is a roving manager covering multiple branches, the camera-and-log cross-reference the examiner will run, and the remediation path for branches where the dual-control evidence breaks down on staffed-light days.
Module 5. Cash-in-transit and courier handoff controls
Physical controls and evidence trail for cash-in-transit: courier vendor controls, tamper-evident bag chain of custody, dual-control at handoff, branch and vault evidence retention, and the reconciliation between courier manifests and branch cash logs. The module covers the standard courier handoff log, the gap report for missing dual-signoff at the bag-seal stage, and the package the bank needs to retain for the FFIEC and the courier vendor's own audit.
Module 6. Contractor and vendor escort policy, log, and gap closure
Contractor and vendor escort is the single most common gap that examiners find. The module covers the contractor escort policy that the branch teams will actually follow, the daily and weekly log format, the escort-evidence cross-reference against badge access exports, the way to close the gap when third-party HVAC, IT, and ATM vendors are on a fast-turn ticket and the branch team did not log the escort, and the back-fill method that the examiner accepts.
Module 7. CCTV and camera retention evidence across mixed vendor estates
Camera retention windows differ by vendor, by branch generation, and by storage architecture. The module covers the standard retention requirement read against the FFIEC and bank policy, the gap report across the vendor estate, the camera-down and recording-gap log, the chain-of-custody for camera evidence used in an incident, and the consolidation method when the bank has cloud-stored, NVR-stored, and DVR-stored footage in the same estate.
Module 8. Physical incident response and the handoff to corporate security and the GSOC
Physical incident response from the moment the branch alarm fires through the handoff to corporate security and the GSOC, and ultimately to the federal examiner if reportable. The module covers the incident package format the GSOC accepts, the timestamp and evidence chain for a robbery, an after-hours breach, an ATM attack, and a violent-customer incident, and the way to keep the Lead's evidence trail intact when corporate security runs on a separate ticket system.
Module 9. Executive protection coordination and the principal-residence physical security overlay
Coordination between the Physical Security Lead and the executive protection team for principal residences, executive travel, and high-profile branch visits. The module covers the standard interface, the access-control overlay for executive offices and floors, the evidence trail when an executive incident touches a branch, and the way to keep the FFIEC examination evidence package coherent when executive-protection evidence has restricted access.
Module 10. Workplace violence, active-assailant drill, and branch staff training evidence
Workplace violence and active-assailant preparedness in the branch network: the drill schedule, the training evidence trail, the branch-staff sign-off log, and the way to evidence the program in a way the FFIEC examiner and the bank's HR and risk functions all accept. The module covers the standard drill report, the year-on-year training evidence package, and the remediation path when a branch missed a drill cycle.
Module 11. Physical security data and the metrics the examiner and the board both ask for
The metrics package the Physical Security Lead owns: branch access review completeness, contractor escort gap rate, camera retention compliance, dual-control evidence completeness, incident response time and package quality, drill completion rate. The module covers the standard board dashboard, the standard examiner package, the way to track month-over-month closure of the FFIEC physical security findings list, and the way to present the trend so the head of risk can defend the spend.
Module 12. Examination week: assembling the package and walking the examiner through it
Examination week itself: the document index the examiner expects, the order of the walk-through, the sample-pull rehearsal, the standard answers to standard examiner questions on the physical security section, the way to keep corporate security and branch operations aligned during the week, and the close-out memo capturing the gap list for next cycle. The implementation playbook is hand-built for the buyer's footprint and vendor mix.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

FFIEC examination prep week landing on the Physical Security Lead's desk with the physical-controls section as the long pole.
Contractor escort log gap discovered late in the prep cycle across a mixed-vendor branch estate.
Cash-in-transit dual-control evidence breaking down on staffed-light branch days and the courier vendor audit asking the same question.
Physical incident handoff between branch, corporate security, GSOC, and the examiner running on three different ticket systems with no consolidated trail.

What you get with this course

  • Twelve written modules in the Art of Service learning environment, each anchored to a concrete physical security artefact the role owns.
  • Downloadable templates and worked examples for every module: access review log, contractor escort log, camera retention gap report, dual-control sign-off, courier handoff log, physical incident package, examination week document index, board metrics dashboard.
  • A hand-built implementation playbook delivered alongside course access, tuned to the buyer's branch footprint, vendor mix, and corporate security operating model.
  • 30-day money-back if the package does not match the role.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours: account provisioning in the Art of Service learning environment, all twelve written modules and all downloadable templates available.

Within 24 hours: hand-built implementation playbook delivered alongside course access, tuned to the buyer's branch footprint, vendor mix, and corporate security operating model.

Week one: branch access review template and contractor escort log template in pilot use across a sample of branches.

Week two: camera retention gap report run across the estate, dual-control sign-off template in pilot at the staffed-light branches.

Week three onwards: examination week document index maintained as a living artefact, board metrics dashboard reporting monthly.

Before and after

Before

Examination prep is a four-week scramble that pulls the Physical Security Lead off the day-job, the contractor escort gap surfaces late, camera retention evidence is inconsistent across the vendor estate, the incident package handoff to corporate security is ad hoc, and the package the examiner pulls is assembled in panic.

After

The branch access review, the contractor escort log, the camera retention evidence, the dual-control package, the courier handoff trail, and the incident package all live in a known location with a known schema. Examination prep is a two-day rehearsal against a maintained document index. The Physical Security Lead walks the examiner through the package in the order the examiner expects, and the close-out memo writes the next cycle's gap list for free.

What happens if you do not address this

Without a consolidated method, the next FFIEC examination week consumes the Physical Security Lead's calendar, the contractor escort gap and the camera retention inconsistency surface as findings, and the incident package handoff to corporate security continues to run ad hoc. Findings carry forward, the spend defence to the head of risk gets harder, and the role spends more time assembling evidence than reducing physical risk across the branch estate.

Who it is for

Physical Security Lead, Director of Physical Security, or Senior Manager Physical Security at a US retail or universal bank with a branch and ATM footprint, owning the FFIEC physical security evidence trail and the handoff between facilities, branch operations, corporate security, and IT for physical access and incident response.

Who this is NOT for. Corporate security executives who own only executive protection. Pure GSOC analysts with no examination evidence responsibility. IT security professionals with no physical-estate accountability. Single-branch credit-union security officers. The course is built for the Physical Security Lead whose desk is where the FFIEC physical-controls evidence package gets assembled.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Approximately 8 to 12 hours of focused reading across the twelve modules, plus 6 to 10 hours of branch-team and corporate-security coordination to put the templates into pilot use, plus the implementation playbook walk-through which the buyer schedules against their own examination prep cycle.

Why $199 is the right number

The alternative is to keep assembling the examination package from scratch each cycle, lean on the bank's corporate security policy library which does not include the artefact templates, or hire a Big4 examination prep engagement that costs 20 to 50 times the course price and still leaves the role to maintain the artefacts after the engagement ends. The course is the consolidated method plus the templates plus a playbook the role owns at the close.

FAQ

We already have policies for all of this. What does the course add?
The course is not a policy library. It is the artefact templates and the consolidated method for assembling the FFIEC physical security evidence package across a mixed-vendor branch estate, plus the implementation playbook hand-built for the buyer's footprint.
Our corporate security team owns executive protection and the GSOC. Does this overlap?
Module 8 and module 9 are written for the handoff between the Physical Security Lead and corporate security. The course does not duplicate corporate security or GSOC work. It makes the handoff and the evidence trail land cleanly across both functions.
We use a Big4 firm for examination prep. Why this course?
The course is the in-house method the Physical Security Lead owns at the end. The Big4 engagement ends, the role still owns the evidence trail, and the templates are needed every cycle. The course price is two orders of magnitude below the engagement and the templates are the buyer's after delivery.
How is the implementation playbook hand-built?
After purchase, Gerard reviews the buyer's branch footprint signal, vendor mix, and corporate security operating model from the buyer's intake, then delivers a playbook tuned to that estate alongside course access. No templating, no AI-generated content, no generic fill-in-the-blanks.
What if the course does not match our estate?
30-day money-back. The course is built for a US retail or universal bank with a branch and ATM footprint and an FFIEC examination cycle. If the buyer's estate is materially different, refund and move on.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.