Reg P provisions - too much freedom?

Reg P revisions - too much freedom?

Remember the Federal Reserve's anti-crime rule, Regulation P? It and corresponding regulations at FDIC, the Comptroller's Office, and the Office of Thrift Supervision are on the verge of their first significant revision in 21 years.

The coming

Background. Reg P implements the Bank Protection Act of 1968. The act was passed in the wake of significant rises in bank robberies and related crimes during the '60s. For the first time, federal regulators had to devise anti-crime standards to be followed by insured depositories. The regulations were adopted in 1969 by the Fed, FDIC, OCC, and the Federal Home Loan Bank Board.

Revision of Reg P is actually several years overdue, according to Thomas A. Durkin, director of regulatory planning and review in the Office of the Secretary of the Federal Reserve Board. He explained to bankers at ABA's recent National Security and Risk Management Conference that Reg P has been under Fed review for several years, as part of the agency's program of routine regulatory maintenance.

Last year, the process moved to the front burner.

Spirit of revision. Overall, the proposed revisions to Reg P are intended to update and streamline the current rule. Numerous obsolete requirements are knocked out and the tone of the entire proposed revision is more general.

The intent, according to Durkin, is to create a regulation flexible enough to adapt to changing times and continual improvements in technology.

The more specific the regulation is, the Fed believes, the more likely it is to be overtaken by technology. For example, requirements contained in one of the appendices to the regulation call for surveillance systems capable of operating for at least three minutes and that use film at least 16 millimeters in size. In an age when continuous video surveillance is more typical, such requirements are hardly relevant.

As a result, the revised regulation emphasizes the security responsibilities of boards of directors and security officers.

"We're not sure bureaucrats in Washington can regulate for every possible contingency," explained Durkin. He pointed out that about half the nation's bank robberies are drug related and likely not preventable through any measure. He added, "If we thought we could eliminate bank crime with a regulation, we would."

Details of revision. The Fed's proposed rule would apply to state-chartered banks that are members of the Fed. It would require these steps:

(1) Each bank's board, with ultimate responsibility for the security program, must appoint a security officer.

(2) That officer must devise and administer a written security program.

(3) The security program must include procedures covering at least: opening and closing; safekeeping of valuables; and identification of persons committing crimes against the bank.

(4) The program must include at least the following security measures: a secure space for cash; lighting to illuminate the vault area at night, if it is visible from outside the bank; an alarm system that alerts the nearest law enforcement agency; tamper resistant locks on exterior doors and windows; and "such other devices as the security officer deems to be appropriate."

(5) Annually - at the least - the security officer must report to the board regarding the program's efficacy.

Not-so-radical surgery. The appendices to the regulation would be cut completely. Appendix A features the numerous outdated technical requirements alluded to earlier. The proposal would leave most of the decisions of technique and equipment to the bank.

Appendix B, on the other hand, lists common-sense instructions bank employees are to follow during robberies - such as observing robbers' auto license plates. Durkin says the Fed's staff believes that, while Appendix B once served a purpose, nowadays employees don't need to be told to do such things.

One last change: the Financial Institutions Reform, Recovery and Enforcement Act did away with the Bank Protection Act's requirement that depository institutions file reports on their security measures with their federal regulators, substituting the requirement to report to the board.

At press time the proposals had not yet been published in the Federal Register. The Fed was waiting for the other agencies' proposals to make their way through internal approval processes. Once the proposed Reg P is released, Durkin said bankers will have 60 days to comment on it.

Price of flexibility. It was obvious from the discussion period that followed Durkin's presentation at the ABA conference that some bankers may not feel comfortable with such flexibility.

The standards the present Reg P puts forth give bankers numerous "thou shalts," according to session moderator Phillip G. Sprick, vice-president and director of security at $4.1 billion-assets First Commerce Corp., New Orleans. Sprick said there is a certain level of comfort in the existing Reg P standards for a bank that's in compliance. Greater flexibility, he continued, means greater responsibility - and, as some bankers in the audience pointed out, potentially greater liability should things go awry and the security officer and the bank end up in court.

Addressing these concerns, Durkin said the Fed doesn't "want anybody's liability to increase and we don't want to see crime increase." However, he said, it expects management to exercise judgment and keep up with current practices.

As an example, Durkin noted that bandit barriers have never been required under Reg P, although they can be helpful in some branch locations. Durkin said bankers need to know what security steps other institutions are taking and determine if their institution is meeting security needs dictated by each office's locale.

Continuing with his example of the barriers, Durking said," If some teller got shot, and you didn't have them, and everyone else in the area did, then I suspect you'd have some [liability] problems."