Each bank shall adopt an adequate security program commensurate with its operations, taking into consideration its size, location, number of offices and business operations.

Objectives. These regulations are designed to:

a. Promote maximum protection of life and property against crimes (e.g., robbery, hold-up, theft, etc.) and other destructive causes;

b. Prevent and discourage perpetration of crimes against bank; and

c. Assist law enforcement agencies in the identification, apprehension and prosecution of the perpetrators of crimes committed against banks.

Designation of a chief security officer. The board of directors of each bank, or the country head in the case of a foreign bank branch, shall designate a chief security officer (CSO).

A full-time CSO shall be designated whenever the bank operates an extensive physical network of branches and other offices that regularly handle cash. For purposes of this section, extensive branch network means a bank has at least ten (10) branches and/or other cash handling banking offices.

A bank that falls outside the preceding criteria is considered to have reduced security risk exposure and may designate a senior officer to act as concurrent CSO provided that such designation shall not result to a conflict of interest situation.

In banking group or conglomerate structure, the parent bank or the primary bank may establish a group-wide security management system to facilitate a consolidated approach in handling security risks. This, however, does not relieve each bank from appointing its own CSO.

Qualification and responsibilities of the CSO.

a. Before appointing its CSO, the board of directors must ensure that its security officer-designate meets the following minimum qualifications:

(1) Be at least thirty (30) years of age;

(2) Be a college graduate;

(3) Have at least five (5) years experience in the field of law enforcement and/or security operations, two (2) years of which is in a managerial position; and

(4) Possess all the qualifications and none of the disqualifications provided for under Secs. 134 and 138, respectively.

In the event that the senior officer, acting concurrently as the bank’s CSO, does not meet the minimum experience defined under Item “(3)”, said officer shall be supported by a competent consultant/adviser who may be a person or a firm independent of the bank with special knowledge, skill and experience on security management matters. The hiring of said consultant/adviser shall be approved by the board of directors of the bank or the country head in the case of a foreign bank branch.

When assessing competency, the board of directors of the bank should consider the reputation and integrity, the extent of relevant education/training and the knowledge and experience of the consultant/adviser on security management matters.

b. All CSOs, including those acting in concurrent capacity shall be responsible for:

(1) Developing and administering a security program appropriate to the risk profile of the bank;

(2) Constituting a security management team, as appropriate;

(3) Conducting a security awareness program among bank employees on a continuing basis;

(4) Investigating bank robberies/hold-ups, recommending the filing of appropriate charges in court as the evidence may warrant and assisting in the prosecution of the perpetrator(s) thereof;

(5) Establishing an effective working relationship with the Bangko Sentral, PNP and other law enforcement agencies in the prevention of bank crimes and other natural and man-made hazards; and

(6) Implementing new techniques, methods and equipment to enhance bank protection measures in a cost effective manner.

Security program. The security program of each bank shall be in writing, duly approved by its board of directors or the country head in the case of a foreign bank branch. In addition, the security program shall define measures and procedures to detect and prevent the commission of bank crimes, as well as provide contingency plans in case of calamities, terrorist attacks and other emergency situations. The security program shall include the following:

a. Installation of the prescribed minimum security devices;

b. A schedule for the periodic inspection, testing and servicing of all security devices installed in each of the bank’s offices, designation of an officer or employee responsible for ensuring that such devices are inspected, tested, serviced and kept in good working order, and requiring record of such inspections, testing and servicing;

c. Standard operating procedures for the safekeeping of all currencies, negotiable securities and similar valuables in vaults or safes;

d. Provision for other security measures and procedures aimed at giving added protection to the bank, e.g., procedures for the transport of funds and other cash items, and defining responsibility for their implementation;

e. Provision for the training and periodic re-training of employees in their respective areas of responsibility under the security program, including the proper use of security devices and proper employee conduct during and after an emergency situation;

f. Contingency measures for security and rescue operations in emergency situations;

g. Provision for the posting of adequate number of security personnel in all vital and/or critical areas in the bank’s premises, and the minimum number of hours when each personnel shall be on duty; and

h. Such other provisions/measures as the president of the bank or country head in the case of a foreign bank branch may, in consultation with its security officer, deem appropriate.

Minimum security measures.

a. Guard system. All banking offices shall be manned by an adequate number of security personnel to be determined by the bank, taking into consideration its size, location, costs and overall bank protection requirement: Provided, That cash centers shall be manned by an adequate number of security guards as may be necessary during banking hours. For this purpose, cash centers shall refer to branches which also handle the cash requirements of other branches of the same bank.

b. Security devices. Within 120 calendar days from 23 September 2008 in the case of existing offices and before opening for business in the case of offices to be opened after 23 September 2008, banks shall effect the installation, operation and maintenance, as individually appropriate, of the following security devices in each banking office;

(1) A time delay device in the cash vault/safe;

(2) A lighting system for illuminating the area around the vault, if the vault is visible from outside the banking office;

(3) Tamper-resistant locks on exterior doors and windows;

(4) A robbery alarm system or other appropriate device for promptly notifying the nearest law enforcement office either directly or through an intermediary of an attempted, ongoing or perpetrated robbery;

(5) Anti-burglary or intrusion system capable of detecting promptly an attack on the outer doors, walls, floor or ceiling of the bank premises, including the vault(s); and

(6) Such other devices like the closed circuit television (CCTV) and video recording system appropriate to deter the commission of bank crimes and assist in the identification and apprehension of the culprit/s: Provided, That the bank security officer shall consider, among other things, the following:

(a) The incidence of crimes against the particular banking office and other business establishments in the area where the banking office is located;

(b) The amount of currency or other valuables exposed to robbery and other man-made hazards;

(c) The distance of the banking office from the nearest law enforcement office and the time ordinarily required for law-enforcement officers to arrive at the banking office;

(d) The cost of the security devices;

(e) Other existing security measures in effect at the banking office; and

(f) The physical characteristics of the banking office structure and its surroundings.

Each bank shall install, operate and maintain security devices which are expected to give a general level of bank protection equivalent, at least, to the standards prescribed herein.

c. Vaults and safes. Vault walls, ceilings and floors, shall be made of steel-reinforced concrete or such other equally safe materials/specifications. Vault doors shall be made of steel or other drill and torch resistant material, equipped with a dual combination lock and time-delay device, and provided with inner and outer grill doors: Provided, That all vaults constructed after 23 September 2008 shall be equipped with a breathing/ventilation device and emergency button capable of giving audible and visible signal in case of accidental lock-up.

A vault record book shall be maintained to record all activities relative to the opening and closing of the vault.

Safes should be sufficiently heavy or be securely anchored to the premises where located. The door shall be equipped with a combination lock with a time-delay device if used for safekeeping cash and other valuables. The body shall consist of steel with an ultimate tensile strength of 50,000 pounds per square inch or the equivalent in metric system.

Safe and vault combinations must be changed whenever the custodian is terminated or transferred to another place of assignment. A record of the names of the holder of the keys and combinations shall be maintained for each lock, safe, vault and compartment. Changing of combinations shall be documented to pinpoint responsibility and to ensure confidentiality and proper observance of this requirement.

d. Security of the premises. For emergency purposes and where applicable, each banking office shall be provided with a back door with a steel or grill door which shall be used as an alternative exit door for evacuation in case of fire, flood, bomb threats, wind damage, explosion, civil disturbance, earthquake, or other emergency.

Steel grills, where applicable, shall support exterior glass doors and windows of all banking offices for protection against any forcible entry. Access to the back door shall be limited to authorized bank personnel. Opening and closing thereof before and after banking hours shall be recorded in a registry.

Firearms and other deadly weapons shall not be allowed inside bank premises except when so authorized by the bank. A signage for this purpose shall be conspicuously placed near the main entrance door of the bank. Specific guidelines as to when to allow firearms and other deadly weapons inside bank premises should be incorporated in the security program.

A bank shall maintain within its premises a record of the addresses and telephone numbers of the nearest law enforcement agencies, hospitals, rescue agencies and fire departments.

The security officer of each bank shall conduct, at least annually, a security survey of bank premises and make available the inspection report to Bangko Sentral examiners during regular examination.

The bank shall conduct fire, earthquake and bomb threat drill at least once a year.

e. ATM. ATM sites shall be provided with adequate security. Where there are no security personnel assigned to secure the ATM, an anti-tampering device shall be installed or the ATM and its immediate surroundings shall be regularly inspected to promptly detect any attempt to rob or destroy the same.

f. Armored Car Operation. To ensure the protection of crew members and valuables, all armored vehicles shall be built with bullet-resistant materials capable of withstanding the firepower of high-powered firearms, e.g., M16 and M14 rifles. Moreover, armored vehicles shall be equipped with a vault or safe or a partition wall with a combination lock designed to prevent retrieval of the cargo while in transit. When in use the armored vehicles shall be provided with at least two (2) armed guards and its operations must be supervised by at least two (2) officers of the bank.

All canvass bags that contain cash and other items of value shall be provided with padlocks for security and control purposes. Armored cars shall not be operated a mobile bank.

Reports. Banks shall conduct a review and self-assessment of their security program to ensure their compliance with prescribed security requirements. Any substantive amendment thereto shall be approved by the bank’s board of directors or country head in the case of branches of foreign banks. The self-assessment of compliance with prescribed security requirements together with the updated security program (if amended during the year) shall be submitted annually to the appropriate supervising department of the Bangko Sentral on or before 30 January of the following year in accordance with the format shown in Appendix 10. The self-assessment together with the updated security program shall be considered Category A-2 reports.

Bangko Sentral inspection. During regular examination, the Bangko Sentral reserves the right to perform a compliance assessment of the adequacy of a bank’s security arrangements. The Bangko Sentral, with approval of the Governor, may also conduct at any time a targeted inspection of the bank’s implementation of its security program to determine compliance with regulations. For this purpose, the Bangko Sentral may avail of the services of experts as resource persons.

Sanctions. Any violation of the provisions of this Section, as well as non-compliance with the minimum standards set forth or any directive of the Monetary Board issued pursuant hereof, shall be subject to the administrative sanctions provided under Section 37 of R.A. No. 7653 and may, depending on the materiality or seriousness of the violation, constitute a ground for considering the same as an unsafe or unsound banking.

(Circular Nos. 969 dated 22 August 2017 and 823 dated 10 January 2014)