12 U.S.C. 93a, 1818, 1881-1884, and 3401-3422; 31 U.S.C. 5318.
(a) This subpart is issued by the Comptroller of the Currency pursuant to section 3 of the Bank Protection Act of 1968 (12 U.S.C. 1882) and is applicable to all national banking associations and all banks located in the District of Columbia subject to the supervision of the Office of the Comptroller of the Currency. It requires each bank to adopt appropriate security procedures to discourage robberies, burglaries, and larcenies and to assist in identifying and apprehending persons who commit such acts.
(b) It is the responsibility of a bank's board of directors to comply with this regulation and ensure that a security program which equals or exceeds the standards prescribed by this part is developed and implemented for the bank's main office and branches (as the term “branch” is used in 12 U.S.C. 36).
Within 30 days after the opening of a new bank, the Bank's board of directors shall designate a security officer who shall have the authority, subject to the approval of the board of directors, for immediately developing and administering a written security program to protect each banking office from robberies, burglaries, and larcenies and to assist in identifying and apprehending persons who commit such acts.
(a)
(1) Establish procedures for opening and closing for business and for the safekeeping of all currency, negotiable securities, and similar valuables at all times;
(2) Establish procedures that will assist in identifying persons committing crimes against the institution and that will preserve evidence that may aid in their identification or conviction; such procedures may include, but are not limited to:
(i) Using identification devices, such as prerecorded serial-numbered bills, or chemical and electronic devices;
(ii) Maintaining a camera that records activity in the banking office; and
(iii) Retaining a record of any robbery, burglary or larceny committed or attempted against a banking office;
(3) Provide for initial and periodic training of employees in their responsibilities under the security program and in proper employee conduct during and after a robbery; and
(4) Provide for selecting, testing, operating and maintaining appropriate security devices, as specified in paragraph (b) of this section.
(b)
(1) A means of protecting cash or other liquid assets, such as a vault, safe, or other secure space;
(2) A lighting system for illuminating, during the hours of darkness, the area around the vault, if the vault is visible from outside the banking office;
(3) Tamper-resistant locks on exterior doors and exterior windows designed to be opened;
(4) An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery, burglary or larceny; and
(5) Such other devices as the security officer determines to be appropriate, taking into consideration:
(i) The incidence of crimes against financial institutions in the area;
(ii) The amount of currency or other valuables exposed to robbery, burglary, or larceny;
(iii) The distance of the banking office from the nearest responsible law enforcement officers and the time required for such law enforcement officers ordinarily to arrive at the banking office;
(iv) The cost of the security devices;
(v) Other security measures in effect at the banking office; and
(vi) The physical characteristics of the banking office structure and its surroundings.
The security officer for a national bank shall report at least annually to the bank's board of directors on the effectiveness of the security program. The substance of such report shall be reflected in the minutes of the Board meeting in which it is given.
(a)
(b)
(1)
(2)
(3)
(c)
(1)
(2)
(3)
(4)
(i) The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation or to avoid any transaction reporting requirement under Federal law;
(ii) The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or
(iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
(d)
(e)
(f)
(2) A national bank need not file a SAR for lost, missing, counterfeit, or stolen securities if it files a report pursuant to the reporting requirements of 17 CFR 240.17f-1.
(g)
(h)
(2)
(i)
(j)
(k)
(l)
(a)
(b)
(c)
(1) Provide for a system of internal controls to assure ongoing compliance;
(2) Provide for independent testing for compliance to be conducted by bank personnel or by an outside party;
(3) Designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and
(4) Provide training for appropriate personnel.