Years ago, I litigated a case in federal court in Massachusetts brought by three bank tellers who alleged emotional distress resulting from a bank robbery. The tellers sued my client, a prominent security provider, claiming that it failed to design the electronic alarm system properly.
Specifically, they claimed that one of two exterior doors of the bank should have been alarmed 24 hours a day; instead, that door, although locked from the outside, was set to disarm when the main door was disarmed during banking hours. While the other exterior door was clearly the customer entrance, the second door in question – used only by employees – was not.
On the morning of the bank robbery, the bank robber waited for the bank manager to disarm the alarm system at the main door, and then used a crowbar to pry open the second exterior door. The robber seemed to know – perhaps from an insider – that the side door and main door disarmed in tandem.
Upon entering the bank from the side door, the robbery took less than 10 minutes, and roughly $100,000 was stolen. The tellers suffered no physical injuries, and no panic alarms were triggered.
At Issue: The Bank Protection Act of 1968
One of the key elements of this case was who decided that the side door should not be alarmed at all times. Whether to alarm the door was the bank’s decision; however, the bank predictably disavowed any responsibility and blamed the security company.
While this is common when an incident occurs, the bank’s refusal to accept any responsibility was especially unjustifiable in these circumstances because, as a matter of federal law, the bank had its own security obligations.
Specifically, the Bank Protection Act of 1968 mandates that insured banks adopt security procedures to discourage robberies, and to assist in identifying and apprehending perpetrators. The Act designates four Federal supervisory agencies – the Comptroller of the Currency; the Board of Governors of the Federal Reserve System; the Federal Deposit Insurance Corporation; and the Director of the Office of Thrift Supervision – to promulgate minimum security standards for banks they regulate.
The Act was originally passed in response to an increase in bank robberies in the United States – a time when in-person banking was much more common. While banking and security technology have changed dramatically since 1968, the central point of the Act remains: The bank’s security officer is primarily responsible for developing and implementing a security plan.
Critical to the law are the bank’s obligations to create a written security plan, designate a security officer, establish opening and closing procedures, provide training for officers and employees, and present annual reports to the board on the effectiveness of the security program. Banks also must use some method of identifying robbery or burglary suspects, have devices to protect cash (such as a vault), have lighting for the vault, have tamper-resistant locks on doors and windows, and have an alarm system and other devices deemed necessary by the security officer.
This would include something as simple as assessing whether one of two exterior doors in a standalone bank is to be used or not used and alarmed or not alarmed.
The Verdict and What it Teaches Us
Our subpoena to the bank revealed that the security officer and the three tellers who sued us failed to address basic security. For example, there was no record of the security officer ever inspecting the door or testing the alarm system.
While there were records of the tellers inspecting the door, they admitted the inspection was cursory and did not include testing the alarm. In other words, they never opened the door to see if it was alarmed; instead, the tellers claimed they simply thought the door was always armed. One even claimed (falsely) that there was a sign on the door stating it would alarm if opened. The crime scene photos – taken within minutes of the robbery – showed no such sign.
The tellers also claimed that the door was not used (which could be true); however, it was immediately available for use and could have been logically used – at least as an exit for bank employees to the adjoining parking lot. Thus, a design that included a 24-hour alarm on that door would have heightened the risk of false alarms.
While this case taught us a lot about The Bank Protection Act of 1968 and the independent obligations of banks for their own security, the broader lesson is that security providers often have customers who have their own statutory or common law obligations to secure their own buildings.
The best practice is to meld these obligations to get the most protection possible from the security provider and the customer. That said, when an incident occurs and blame is alleged in many directions, as was the case here, litigants in the security industry should call on the customer to justify its own action or inaction.
A security company cannot prevent a robbery that already occurred, but they can learn from it and demand that banks and other businesses do their part to address their own security – whether in a federal statute or not.
