Synopsis 
 

This section describes the general requirements of the Security and Safety Guidelines and the responsibilities of the banks and SAMA. 
 

The purpose of the Corporate Security and Safety Plan (CSSP) is to provide a single document that incorporates all the procedures and processes to ensure the security and safety of the banks staff, assets and customers.

The CSSP is to include the overall security and safety policy of the bank and identify locations requiring dedicated plans and procedures for specific facilities.

The CSSP is to include the minimum requirements contained within this section and be prepared, introduced and implemented by the appointed Security and Safety Manager and/or a nominated external consultant.

The CSSP is considered a strategic document that will have an impact on every aspect of the banks business and therefore requires senior management commitment and approval.

The CSSP is to include a Corporate Policy Statement that confirms the commitment by the banks senior management and their enforcement of its content.

To ensure the successful enforcement of the CSSP the bank is to appoint a Security and Safety Manager and who is provided the necessary assistance and support to carry out his duties and responsibilities.

Whilst the CSSP is to be enforced, controlled and managed by the Security and Safety Manager, Its preparation and implementation can be undertaken and/or assisted by a nominated external consultant.

The CSSP is to include the minimum requirements contained within these guidelines and be available for audit and assessment by SAMA and/or its nominated representatives.

The Corporate Security and Safety Plan (CSSP) is to include all aspects that would affect the security and safety of the banks' staff, assets and customers.

The CSSP is to incorporate the policies, procedures and processes for both general and detailed requirements.

Whilst common elements will affect the bank as a whole, the more detailed requirements will need to be prepared for specific facilities. These facilities include:

The purpose of installing electronic security and safety systems is to enhance the physical measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.

No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximized to best effect.

Due to the variety and availability of internationally recognized standards it is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.

The every increasing availability of systems, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependent upon the security and business requirements of the bank.

The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all electronic security and safety system installations.

CCTV Digital Recording System:

The central element of the CCTV surveillance system is the recording medium. To ensure effective management, recording and storage of surveillance material it is to be undertaken in a digital format.

The type of system installed is dependant upon the requirements and capability of the bank. Ultimately, this can be either a hardwire system or an IT based solution.

Monitors:

To ensure effective monitoring and viewing of the CCTV surveillance system a 17" screen is to be considered as a minimum for all identified locations.

To ensure an effective recording period is adopted for all main buildings a minimum storage period of 1 month is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required.

In addition to the general requirements listed above the following standards are to be considered as minimum requirements for CCTV surveillance and recording systems in all main buildings:

CCTV Cameras - Surveillance Area:

CCTV Digital Recording System:

The operation and storage of the system is to be located in the Security Control Room. For smaller buildings it can be located in a secure area and monitored from the reception and/or the security guard position.
 

The primary risks and threats facing the banks are against its branch network and cash holding facilities. The geographic diversity and storage of cash / valuables makes them an attractive target for criminal activities.

In combination with other related systems the CCTV surveillance capability plays an essential role in deterring, recording and monitoring the potential risks.

The requirements covered within these guidelines include male, female and combined branches. Where combined branches are concerned they are to have separate recording and monitoring systems and controlled independently of each other.

To ensure an effective recording period is adopted for all branches and cash holding areas a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required. If specific recorded data is requested by SAMA a copy is to be retained by the bank for a period of 1 year.

In addition to the general requirements listed above the following standards are to be considered as minimum requirements for all branches and cash holding facilities:

Monitors are to be positioned so that the images are not clearly visible to the customers.

No more than sixteen (16) images are to be displayed on the monitor at any one time.

In addition to, and for the same reasons, the risk and threats facing the branches and cash holding areas, the ATMs are also a potential target for criminal activities.

To ensure an effective recording period is adopted for all ATMs a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required.

Whilst the ATMs located in the branches are supported by their security system, all ATMs are to incorporate the following minimum requirements:

CCTV Cameras - Surveillance Area:

In addition to the minimum requirements listed above for the CCTV surveillance and recording system the bank could implement a Central Monitoring System (CMS) which is considered preferable by SAMA.

The adoption of a CMS will provide a remote monitoring and (possible) recording capability that will enhance the banks' ability to respond to incidents and effectively mitigate the potential losses and damage as a result of a serious event that would affect its staff, assets, business and customers.

SAMA is currently reviewing this option for kingdom wide implementation with the following considerations:

An Access Control System is designed to provide a centralised control, management and recording of personnel throughout the banks facilities.

To ensure effective security of the banks facilities; Its critical assets, and the prevention of unauthorised access a dedicated system is to be employed.

Electronic Access Control Systems include the following types:

Access Control utilising mechanical locks and keys are Included within Section 4 'Physical Security and Safety Systems'.

To ensure the integrity and continuous operation of the Readers in the event of a power failure a separate battery back up supply is to be incorporated within the reader / controller. The internal battery is to have a minimum back up capability of 30 minutes.

Access control systems that utilise controllers are to have a maximum of eight (8) doors controlled from a single unit.

The central database for maintaining the record of authorised personnel and the access log is to have a separate automatic / simultaneous back up capability.

To ensure effective security, control and recording of specific locations and Restricted Areas, all banks are to implement one (1) of the above systems, mechanical alternatives or a combination of them and retain a log of events for a period of 6 months.

ID Cards:

All staff, contractors and visitors are to be issued and clearly display an ID Card that identifies them whilst in the banks facility.

The cards may be incorporated within the Access Control system technology described above or be independently produced.

All banks are to ensure an effective system is adopted for the process of requesting, issuing and managing of the ID Cards.

An Intruder Alarm System incorporates a number of different sensors to detect and alarm in the event of unauthorised access or presence.

All alarms are to be controlled through a panel and have both local and remote capability. Remote capability may include one (1) or a combination of the following options:

The remote location must have a 24-hour monitoring capability to ensure an effective response.

The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from any one of the identified systems.

The Intruder Alarm panel can either be a separate system or be combined with the Fire Alarm System.

The panel is to be located in a secure location and situated within a Restricted Area. Remote keypads for arming / disarming are to be located close to the exit of the area to be alarmed and not in a public area of the building or branch.

To ensure the integrity and continuous operation of the Intruder Alarm panel and its sensors / detectors in the event of a power failure a separate battery back up supply is to be incorporated. The use of a UPS system is to have a minimum back up capability of 48 hours.

The following sensors / alarms are to be fitted in the locations identified:

Hold Up / Panic Buttons:

These are designed to be activated if the operator / user is being attacked or threatened. The buttons are to be fitted in the following locations:

The buttons can be of double operation and suitably protected and positioned against false activation.

Passive Infra Red (PIR) Sensors:

PIR sensors are designed to detect movement in a given area under their surveillance. Sensors are to be a minimum of dual technology and Include enhanced features to minimise false alarms. The sensors are to be fitted in the following locations:

The PIR sensor is to have a visual LED self-test capability to demonstrate when movement is detected. This is to be active when in the armed or disarmed mode.

Seismic / Vibration Sensors:

Seismic sensors are used to detect vibrations from all types of attacks through solid structures. The primary purpose of the sensors is to protect and prevent access to the vault, cash holding areas and ATMs.

All sensors are to be flush mounted within the floor (where applicable), wall and ceilings and be suitably protected using a protective cover to prevent damage and as a trip hazard.

Locations to be fitted with seismic sensors are as follows:
 

Additional sensors are to be fitted to walls and ceilings adjoining other commercial or private properties.

Magnetic Door Contacts:

Restricted Areas identified above that do not have Electronic Access Control Systems are to incorporate Magnetic Door Contacts and linked to the Intruder Alarm Panel. Additional locations include all ground floor Emergency Exit doors.

Magnetic Door Contacts are to be fitted to the internal side of the door and located at the top open corner. Dependant upon the construction material and design of the door alternative contacts / switches may be used.

All doors with Magnetic Contacts are to have effective heavy duty door closures fitted.

Glass Break Detectors:

Glass Break Detectors are to incorporate dual technology that is capable of analyzing both flex (impact) and audio (shattering) frequencies.

Prior to the fitting of the sensors the glazed areas are to be checked for their type (sheet / tempered / laminated) to ensure their effectiveness.

If the glazed panels have film fitted, are of tempered or laminate type there is no requirement for the detectors.

Where sheet glass is used it is to be supported by the detectors.

The installation of a dedicated, integrated and effective fire detection, alarm and suppression system is critical for the safety of the banks staff, assets, business and customers.

The installation of smoke detectors is to be included in all rooms, stairwells, corridors, lift shafts, and public areas of a banks facility.

Fixed temperature thermal detectors are to be fitted to all kitchen and tea room facilities. Special attention is to be given to the fitting of thermal detectors within ATMs.

To ensure effective identification and response to a potential alarm activation a maximum of 20 detectors are to be registered in each zone if the system is not of the addressable type.

Manual Call Points are to be installed next to emergency exits, escape routes and located close to the fire extinguisher and hose reel points. The distance between Manual Call Points should not exceed 30m.

On the activation of an alarm an audible ringing is to be heard throughout the entire facility. An audible bell and visual strobe is to be visible from outside the facility.

The internal bells are to be rated at 108 dB and external bells at 120 dB.

The strobe is to remain active until the system has been reset.

Both the strobe and bells must be tamper resistant.

All cabling is to be fire rated and not run alongside power cables.

All banks are to ensure the fire alarm panel has both local and remote capability. Remote capability may include one (1) or a combination of the following options:

The remote location must have a 24-hour monitoring capability to ensure an effective response.

To ensure the Integrity and continuous operation of the Fire Panel, detectors and suppression systems in the event of a power failure a separate battery back up supply is to be incorporated. The internal battery is to have a minimum back up capability (under normal load) of 48 hours and then maintain the activation of the alarm for a further 5 minutes.

The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from the panel.

The Fire Alarm panel can be implemented as a separate system or combined along with the Intruder Alarm System. It is to be located in a secure room and remote annunciator panels near personnel operating on a 24 hour shift.

All installed equipment is to Include a one (1) year warranty period as standard.

On expiration of the warranty period all equipment is to be serviced and maintained by a qualified, recognised and registered supplier and/or service provider. A minimum schedule should include two (2) visits per year.

To ensure the effectiveness and capability of the system, regular internal tests are to be conducted. These tests are to be conducted on a monthly basis and the results recorded.

Evacuation procedures and floor plans identifying exit routes are to be prepared and positioned throughout the facility for maximum exposure.

All Emergency Exit doors are to be fitted with mechanical push bars / levers to facilitate a quick and easy access and open outwards in the direction of escape (Section 4).

To facilitate the safe evacuation process from a building once a fire alarm has activated the recruitment and training of Floor Wardens / Fire Marshalls is to be done from with the banks' staff.

Careful selection of individuals and their deputies will ensure all relevant areas are considered and included.

Internal and external lighting can enhance the security and safety requirements of the bank and assist the surveillance capabilities of the security guards and CCTV surveillance system.

Application, placement and types of lighting are to be carefully considered as part of the overall requirements.

All CCTV camera locations that do not have built in illumination are to be supported by external lighting.

All identified Restricted Areas are to maintain constant illumination.

All branches are to maintain constant lighting throughout the ground floor.

External lighting is to be available for all entry and exit points of a building including emergency exit doors.

Emergency lighting incorporating an internal battery back-up capability is to be available in the event of a power failure and automatically activate.

Emergency lighting is to be fitted in the following locations:

Emergency lighting must be capable of operating for minimum of 3 hours and fitted no less than 2m from ground level.

Emergency Exit signs that are not self-illuminating and to be covered by the back-up system.

Whilst the main power for the banks facilities will be supplied from the electrical grid there may be occasions where a disruption or power failure is experienced.

As identified above, all the main security and safety systems are to incorporate an emergency battery / UPS back up system that will provide sufficient power for a minimum of 30 minutes. This is designed to provide sufficient time to secure the premises until normal power is resumed.

In critical facilities the use of emergency generators is to be used. The following locations are to incorporate generators:

Once systems have been installed it is essential they are properly serviced and maintained by qualified, approved and experienced service providers.

The adoption of a comprehensive service and preventive maintenance contract will mitigate the possibility of system failure in the event of an incident and prolong the life of the equipment.

A minimum schedule of three (3) visits is to be conducted for all locations. Locations include main buildings, branches, data and cash centres, ATMs and warehouses.

To ensure the security of information contained on hard drives, internal memory and recordable mediums an effective disposal procedure is to be adopted.

Equipment identified for proper disposal are as follows:

Disposal is to take the form of electronic (erasing), or physical (destruction), or a combination of both to ensure the data is permanently removed.

Clear procedures are to be in place for the disposal of the above equipment/items and coordination between the Security and Safety Manager and the Information Security department is to identify the responsibilities dependant upon the internal processes of the bank.

The purpose of installing physical security and safety systems is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.

No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.

Due to the variety and availability of internationally recognised standards It is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.

The every increasing availability of, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependant upon the security and business requirements of the bank.

The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all physical security and safety system installations.

The increased use of glass in buildings and branches provide an alternative entry point to the much better protected main entrances.

Glass panels provide both a security and a safety risk to a facility, its personnel and customers.

The most vulnerable areas are on ground level and those obscured from public sight. To protect and secure these locations the following options are to be installed:

All bank facilities are to have at least one main entrance that is to be used for its primary access control point.

These entrances are to be kept to a minimum to ensure their control of access and surveillance capability. All staff and service entrances are to be treated in the same way.

All glass doors are to conform to the above standards (2.1) in the type and protection required.

All non-glass doors are to be of solid wood or steel construction and fitted with an eye-hole if an observation window is not available.

All access doors to the main entrances are to have a manual locking capability regardless of its primary operating action.

Dependant upon the use of the main entrance, the results of a Security Risk Assessment (SRA) and the procedures identified within the Entry Point Screening procedures of the Corporate Security and Safety Plan (CSSP), the following screening equipment may be required:

Emergency exit doors are the primary means of exiting a facility in the event of an incident and should provide unrestricted use from the inside.

As these locations are easily accessible from the outside they are to be secured using the following measures:

Internally:

Should the external security and safety measures be defeated and/or bypassed the internal systems are designed to delay and deter criminal activity as part of a layered methodology.

The internal security measures primarily concentrate on the Restricted Areas identified within a facility so that security can be effectively and efficiently focused.

Restricted Areas: are considered as follows:

Mechanical locks using keys are a standard means of securing doors throughout a facility.

In addition to the considered use of an electronic access control system, appropriate mechanical locks can be used in conjunction, or as a replacement, for the security of Restricted Areas (Section 3).

To compliment the electronic security and safety measures the physical requirements are as follows:

The teller areas are considered a Restricted Area and incorporate a number of electronic security systems/sensors (Section 3) to protect them during working and silent hours.

The main threat against the tellers is a hostile attack from a customer, armed robbery and direct access to the vault, safe and/or cash holding area.

In consideration with the electronic systems, security guards and effective procedures that accommodate the main threats, the following options are available for protecting the teller area:

Option 1: Open Cash Drawer

The main purpose of the above options is to provide additional delay for the police to respond as well as maximising the protection of the teller personnel, branch staff and customers.

As a result of a Security Risk Assessment (SRA) of the branch there may be a requirement to fit tempered/hardened glass to the top of the teller counter for Option 2. This will be dependant upon the risks identified in the area.

The primary storage, security and safekeeping for the majority of cash holdings, valuables and high value documents in a facility are kept in the designated vault and/or safe.

Vault

In addition to the electronic security systems identified in Section 3, the following physical measures are to be incorporated:

Amount / Value

(Cash and Valuables)

Safes

A safe is defined as a free standing, prefabricated secure storage unit whose protection originates in the prefabrication and which does not have holes through the protection other than those for locks and cables for anchoring.

The safe is to be designed and manufactured to meet stringent international testing authority standards and be approved and/or listed by an international recognised testing laboratory or agency.

The safe is to have a dual control mechanism that consist of one (1) of the following:

The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.

The safe must be positioned in a Restricted Area will the associated protection and systems identified within these guidelines.

Type A:

The minimum weight for this safe is 750kg (empty) and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.

All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 30 minutes.

Type B:

The minimum weight for this safe is 200kg and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.

All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 15 minutes.

Customer safety deposit boxes are to be contained within a room that incorporates the same requirements and standards as listed above for a vault.

The electronic security systems (Section 3) are also those required for this location. Special attention in the fitting of the internal CCTV camera is to be considered to ensure it does not cover the area designated for the customer to inspect its content.

All safety deposit boxes are to have dual control high security cylinders.

In addition to the above listed secure storage rooms there may be a requirement to secure and protect other materials.

The use of cabinets primarily provides protection against fire and environmental damage. Whilst they do provide a level of security this should be considered limited.

All cabinets are to have locks that, if tampered with, will provide visual evidence.

Fire Resistant Cabinets:

The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.

The fire resistant cabinets are designed to protect environmentally sensitive items such as:

Steel Cabinets:

The steel cabinets are designed to protect sensitive items such as:

The risk of a fire in a facility is potentially greater than any other form of hazard or incident type. The ability to effectively detect and quickly extinguish a fire is critical in minimising the potential damage to life and the assets of the bank.

In addition to the electronic safety systems (Section 3) it is the use of automated and hand held fire suppression systems that will ensure an effective response.

The positioning, quantity and use of these equipments are available through international standards (eg NFPA), Civil Defence standards and requirements. These should also be clearly identifies within the Corporate Security and Safety Plan along with the identification of responsible personnel, their training on how to use the equipment and in emergency evacuation procedures.

The main suppression equipment types are as follows:

Water Sprinkler Systems:

Dependant upon Civil Defence requirements on the locations, standards and specifications the bank is to install an automated water sprinkler system to all underground car parking areas.

Clean Gaseous Systems:

In sensitive electrical locations there is a requirement to minimise the damage to the equipment in the event of an automated system activating.

This is achieved by using a system such as FM200 (or equivalent) but will require the room to be sealed against air leaks. Due to the non toxic nature of this type of system it is also considered essential in similar areas that are occupied by bank staff and/or contractors.

Fire Extinguishers and Fire Hoses:

A wide range of fire extinguisher types are available (water, powder, chemical) and their positioning will be dependant upon the locations they are designed to protect.

The majority of extinguishers will be water based (Class A Fires). Electrical / Computer rooms will require the use of dry powder types (Class C Fires) and positioned accordingly. The minimum capacity for any extinguisher is to be not less than 6kg.

Should extinguishers over 10kg be required they should be trolley based.

The positioning of fire hoses is to ensure sufficient coverage is achieved between them so that no area cannot be reached or is inaccessible.

Emergency water supplies are to be available to support the hoses in the event of a failure of the mains water supply. This can be achieved by reserving a given amount of water in the existing water tanks or by having a separate tank specifically for the fire fighting system.

The use of generators (Section 3) will also be required to support the pumps in the event of power loss.

Signage is to be located at each position where extinguishers and fire hoses are fitted.

As a minimum requirement they are to be located in the following areas:

The Cash in Transit (CIT) operations currently pose the greatest risk to the banks. It is during the transit and movement of cash and valuables between the secure storage locations that it is most vulnerable.

This section describes the internal procedures and requirements of the bank for the movement, handling and safeguarding of cash and valuables.

As all banks outsource the CIT function a separate document has been prepared for companies that provide this service.

This section is designed to work in coordination and conjunction with the other section requirements outlined within the SAMA Guidelines.

Cash:

Includes both local and foreign currency bank notes and coins.

Valuables:

Includes all negotiable documents and materials such as cheques, bills, bonds and guarantees. This also includes precious stones, metals and customer safety deposit boxes.

CIT Manager:

This person is assigned by the bank and responsible for the internal coordination of the CIT service and is to be assisted by identified personnel for kingdom wide operations.

Consignor:

The person or party involved in the dispatch/sending of the cash or valuables.

Consignee:

The person or party involved in the receipt of the cash or valuables.

To ensure the security and safety of the CIT operations the bank is responsible for maintaining and coordinating the necessary documentation for the movement and handling of cash and valuables.

The following records and documentation are required:

The bank is responsible for the compliance of these guidelines and may utilise the services of an external security consultant to ensure the CIT requirements are met for all applicable facilities and equipment.

The CIT Manager and/or the Security and Safety Manager are responsible for the implementation, coordination and maintenance of the above requirements.

The external transportation of cash and valuables is primarily undertaken by CIT service providers. The requirements, procedures and regulations for these companies are contained within the separate document 'Cash in Transit Procedures for Transportation Companies'.

To ensure the secure and safe movement and handling of cash and valuables, the minimum requirements for banks are as follows:

The bank is responsible for the coordination, verification and performance of the CIT service provider. Regular assessments of the service providers' procedures are to be conducted by the CIT Manager, Security and Safety Manager and/or external consultant.

The transportation of cash and valuables outside the banks property is to be notified to the appointed police contact by the bank or CIT service provider.

Should the CIT service provider not be able to deliver a consignment in time the SLA is to clearly identify the procedures for storing and securing it until it can be delivered.

The use of the above-mentioned CIT Operating Schedule will ensure the police are aware of the routes, locations and activities.

Whilst it is preferable to have a police escort and presence during the delivery operations and ATM replenishment it may not be possible due to availability of resources. It is the banks responsibility to ensure they are informed and maintain the CIT schedule they, or the service provider, has established.

The CIT Manager is responsible for the coordination of the schedule and that the police are provided sufficient notice.

Nominated deputies can undertake this task but must be authorised by the above.

Dual control is to be maintained until the transfer has taken place and the CIT Transfer Form has been completed.

The Branch Manager or Cash Centre Manager is to coordinate with the above staff to identify the transfer of cash and valuables for the next working day with the CIT service provider.

The CIT Manager or representatives are to ensure the CIT Transfer Forms and Records are correctly completed, maintained and securely stored for each location.

Once the preparatory phase has been completed the two (2) authorised personnel are to recheck seals and the security of the bags or containers and verify the transporting personnel against their ID cards.

On completion and signing of the CIT Delivery Receipt Form the bags or containers are to be handed over to the authorised carriers.

The original and a copy of the CIT Transfer Form are to be sent in a sealed envelope to the consignee.

If cash or valuables are being sent to SAMA an authorised bank employee is to be present during the handover. The authorised employee is to acknowledge the receipt of the consignment from the carriers after checking the bags or containers are securely sealed.

The authorised bank employee is then to deposit the consignment, forward the deposit receipt and record the transaction.

Only authorised bank employees are to receive the cash and valuables from the carrier along with the CIT Transfer Form.

On verifying that the bags or containers are securely sealed the two (2) authorised bank employees are to sign the CIT Delivery Receipt Form.

On confirming the contents of the bags or containers are correct and in order, the two (2) authorised bank employees are to sign the CIT Transfer Form.

On completion and recording of the checks and receipt of the consignment, a copy of the CIT Transfer Form is to be sent to the consignor.

The Cash Officer or Cash Centre Manager is responsible for checking the forms and records in line with the procedures laid down in the CSSP.

Cash and valuables being received from SAMA is to follow the above (6.0) requirements.

Insecure Bags or Containers - in the event of tampering, missing seals and/or any other signs of insecurity of the bags or containers they are to be refused unsigned and returned to the carrier immediately for investigation.

The authorised checking personnel are to make a report and the following are notified and sent a copy of the report:
 

When returned consignor the bag or container is to be checked by the original authorised personnel for verification.

In the event of a loss of cash or valuables a report is to be prepared and signed by both the consignor and consignee.
 

All original reports are to be held and maintained by the CIT Manager for safe keeping.

Dependant upon the nature of the incident and whether it was resolved or not, the CIT Manager may involve the Security and Safety Manager and/or other identified personnel should further investigations be required.

Training is to be provided for personnel authorised to conduct these operations that includes the following:

The replenishment and servicing of Automated Teller Machines (ATM) is to be regarded as a CIT operation when the machine cannot be replenished within a secure area.

The replenishment operation is to be undertaken by a minimum of two (2) authorised personnel.

All replenishment operations are to be conducted in the presence of armed guards.

Lobby ATMs:

Where relevant, all doors and access points to the ATM lobby or replenishment area are to be secured and locked prior to the opening of the ATM.

The use of blinds and screens are to be maximised to prevent unnecessary visibility of the replenishment operation.

External ATMs:

The replenishment teams will be assisted by the team in the armoured car. The cash containers are to remain in the vehicle until they are required and are as close to the ATM as possible.

During the replenishment the armoured car team is to remain vigilant and is responsible for the protection of the team and the cash containers.

Dependant upon availability the police may also be present to provide additional security and protection to the replenishment teams and the cash containers.

Should the replenishment schedule change from the prepared itinerary this is to be communicated back to the CIT Manager or regional representative. Any changes are to be sent to the nominated contact in the police to ensure their presence during transit and replenishment operations.

Police presence is dependant upon availability of resources and CIT operations should maintain their schedule of timings and identified routes.

Training is to be provided for personnel authorised to conduct these operations that includes the following:

In addition to the installation and implementation of other security and safety measures to protect the banks' main buildings and branches, a security guarding service to be used.

The purpose of using security guards is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.

No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximized to best effect.

The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for the use of security guards for the banks main buildings and branches.

The security guard(s) is intended to compliment the use of other security and safety systems, measures and equipment.

The deployment of security guards throughout the banks main buildings and branches is to be closely monitored and supervised by the service provider and the banks personnel.

To ensure sufficient guards are available to carry out their responsibilities, an assessment is to be carried out to identify the quantity and requirements. This can be part of the Security Risk Assessment or undertaken as a separate report.

The security guards can be contractors or directly employed by the bank.

Detailed responsibilities and requirements are to be identified within the Corporate Security and Safety Plan (CSSP) and controlled, monitored and enforced by the Security and Safety Manager.

The primary responsibilities of the security guard is as follows:

The Security and Safety Manager is to ensure that the information contained within the Security Guard Shift Report is reported, acknowledged and any appropriate action taken. Apart from immediate/emergency actions the report is to be checked and acknowledged at the start of each working day.

Prior the changeover between shifts, the oncoming guard is to have physically checked his area of responsibility and acknowledged the content of the previous shift report.

All security guard locations are to have detailed Post Instructions that clearly identify their function, responsibilities, incident response and reporting chain. These will form part of the CSSP (Section 2).

The effective use of security guards will greatly reduce the risk of criminal elements considering the facility a potential target for their activities and in preventing easy access.

One of the primary responsibilities of the security guard is the control of access to the building or branch.

To assist in the control and identification of personnel an ID Card system is to be employed by all banks.

All security guards are to be aware of the Restricted Areas within their area of responsibility.

All buildings and branches are to have 24 hour security guard presence and working hours and overtime are to conform to the regulations laid down in the Saudi Labor Law and are the responsibility of the service provider.

The security guards are responsible for the enforcement of a Clear Desk Policy and are to report any infringements within their shift reports.

The security guard is to enforce the wearing and prominent display of the issued ID cards by all personnel working and visiting the building.

A Building Log Sheet is to be maintained at each reception/access point. The log sheets are to include all personnel (without ID) and visitors that enter the building. The information is to include the following:
 

Visitors are not to be given access without being escorted by the visited bank employee or a security guard. The bank employee is responsible for their visitor until they are returned to the reception desk and logged out.

The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).

The security guard is to enforce the wearing and prominent display of the issued ID cards by all employees and contractors whilst working in the branch.

Customers are only permitted entry during the banks official opening hours.

Cash In Transit (CIT) operations are considered a separately and can be found in Section 5.

Bank employees are only permitted access to the branch during out of hours if prior permission has been provided by the Branch Manager or his nominated deputy.

Access to the branch out of working hours, regardless of permission, is to be visually confirmed by the guard prior to allowing entry.

The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).

All cleaning personnel are to be escorted and/or supervised whilst working within Restricted Areas during out of hours. This can be undertaken by a bank employee or the security guard dependent upon the policy of the bank.

The contract company providing the cleaning services are to issue a list of all personnel, and their duty hours, to the building reception desk or branch security guard.

Changes to the names and/or hours are to be confirmed in writing by the nominated supervisor/manager of the service provider.

Whilst it is mandatory for all buildings and branches to maintain 24 hour security, the installation of a remotely monitored alarm/surveillance capability may be considered for the reduction in security guard numbers and presence.

All implemented and/or proposed systems should be prepared in writing and sent direct to SAMA for review and consideration.