For professionals outside the field, corporate security has long been perceived by many as a relatively simple function and as an outpost for persons concerned about evacuation plans, physical security, stolen property, and break-ins. For many years, the image of a retired law enforcement officer monitoring closed-circuit television or patrolling a building’s lobby for suspicious persons wasn’t an inaccurate one.
“Twenty years ago, that was corporate security. Managing gate guards and locks, protecting stuff and protecting people,” Gene Ferraro, who spent thirty years as a corporate investigator and is the Chief Ethics Officer at Convercent, in Denver, a compliance software company, told ACFCS.
That version of corporate security as a ‘second-career’ profession for former law enforcement officers is far from the reality today. In the past two decades, corporate security has evolved into one of the most valuable anti-financial crime functions at corporations, including financial institutions.
The corporate security department often oversees an organization’s fraud detection and prevention operations, helps coordinate due diligence procedures to combat money laundering, pursues investigations and resolution of breaches of trust or the commission of crimes by employees, and executes many other duties related to financial crime control.
These financial crime control duties include protecting information technology systems, performing advanced data analytics to detect financial crime threats, guarding against insider commercial espionage, investigating bribery or other corruption, and deploying advanced access control technologies. These duties often involve frequent interface with other departments in the organization, such as compliance, human resources, legal and information technology.
Brand protection and business expansion rely on security
The term “corporate security” continues to encompass traditional security responsibilities, such as conducting internal investigations, maintaining emergency action plans, managing “guardforce” personnel, serving as a liaison to law enforcement agencies, and ensuring physical security.
Beyond that, Ferraro says, corporate security has evolved on pace with the changing technological capacities of institutions and companies.
“The change began in the 1990s,” he said. “As personal computers and other systems were introduced in the workplace, it became clear that gate guards, locks and cameras weren’t enough in terms of security. Protecting corporate information and intellectual property required a different kind of professional.”
In the advanced technological environment in which today’s companies and financial institutions operate, “the notion that the experience of sitting in a patrol car is integral to the security profession is obsolete,” Ferraro said.
Charles E. Andrews, regional vice president in Texas of ASIS International, a worldwide member association for security professionals, told ACFCS that another emerging responsibility for corporate security officers is what is often called “brand security” or “reputation management,” which refers to safeguarding the brand of the organization through social media monitoring and opensource investigations.
Brand and reputation now at the mercy of online ‘chatter’
“Much of what affects a company’s brand and reputation, positively or negatively, is the ‘chatter’ among people in the outside world,” said Andrews. “Today, that chatter takes place online.”
“Security teams are increasingly working with information technology, information security and cyber forensic personnel to protect their brands by monitoring online activity related to their organizations,” he continued.
Expanding a business to new locations requires collaboration with and recommendations from the corporate security department, as well.
“In the past, a company’s high-level leadership and marketing department would locate a site for a new office, build it, and bring security in just before opening to have them protect it,” said Ferraro. “Now that security is more sophisticated, businesses know they need to bring security in before they even go to the drawing board.”
Daryl Ives, a Senior Consultant at SightSpan and a leader in the firm’s security division in New Zealand, says security is especially important for organizations opening locations in emerging market regions, such as Latin America and the Middle East.
“Calling in security experts to locate a building site away from high-risk areas and to plan appropriate exit strategies is crucial,” Ives told ACFCS.
Overseas expansion brings FCPA risks
For many companies, overseas expansion also brings increased risk of bribery and other legal dangers, as evidenced by the cases exposing corrupt conduct of US companies doing business in China and other countries that have a high corruption index. The compliance challenges facing security officers in the circumstances are enormous.
“Corporate security professionals need to know about the Foreign Corrupt Practices Act, sanctions laws, the Sarbanes-Oxley Act,” said Ferraro. “Security today demands an internationally savvy, politically sensitive, business minded professional.”
Risk mitigation through security enhances profitability
Financial institutions and other corporations recognize that security is very important to business performance. It is critical to shareholder value. A company that lacks effective security, physical or otherwise, cannot be profitable.
“Detrimental actions against a company’s security, whether they are insider espionage or corruption, can compromise an organization’s financial performance,” said Ives.
Ultimately, corporate security represents a company’s commitment to the mitigation of risk. While no security team can eliminate all vulnerabilities, security officers must work to assess and reduce risk in efficient, cost-effective ways. More organizations than ever recognize the value of this.
“Corporate security should have played a high-level, high-priority role for a lot longer than it has,” said Ferraro. “Now it has an important seat at the boardroom table.”