For the third time in 18 months, a credit union employee and her family have been abducted from their own home as part of a robbery (CU Journal, June 2).
The abduction/robbery raises questions about whether there is anything credit unions can do to protect employees and whether proper security is in place inside credit union facilities.
Experts told The Credit Union Journal there are certain precautions credit unions can take, but acknowledged the vulnerability to such crimes remains in place.
In the most recent case, an employee of $20-million Whitehall Credit Union in Columbus was abducted from her home, along with her children ages 2,4 and 6, and driven at gunpoint to the credit union, forced to open it and give money to the perpetrators. No arrests have been made. It follows similar incidents at another Ohio credit union and a credit union in Wisconsin. In addition, one bank and six check-cashing outlets in Columbus have been victimized in similar abduction/robberies.
The fact that no arrests have been made in the two years since these crimes began-and that no arrests appear imminent-means credit unions and other financial institutions may need to review their disaster planning. Unfortunately, it may not be enough.
"There is only so much a credit union can do, particularly since these crimes are starting off at an employee's residence," said Vince Wagner, a risk management specialist at CUNA Mutual Group, Madison, Wis. "This is a type of disaster, and if you ask credit unions if they have a disaster plan, just about all of them will say 'yes.' But if you look at those plans, you'll find very few of them with contingencies for something like this."
He said the three incidents in 18 months does not necessarily show a trend. "Certainly, it's more than we've seen in the recent past," Wagner noted. "And of course, it may be happening more among other financial institutions, but we only work with credit unions."
As The Credit Union Journal reported June 2, there have been eight abduction/robberies just in Columbus alone over the last two years, Columbus Police are offering crime prevention tips to financial institutions in that city.
What Employees Can Do
"First of all, employees need to be cognizant of people watching them, say from an adjacent lot, particularly at open and close," said Sgt. Shaun Laird of the Columbus Robbery Squad. "In each case, once inside, the perpetrators are relaying to the victim that they've been watching them. It's obvious they are conducting surveillance. They know the routine, they determine who has access. There has never been a time when they have picked a person who doesn't have access."
He said employees also need to be aware of people who may be following them or trying to observe their routines at home, and should consider mixing up their daily routine a little so that they're not quite so predictable a target.
As for what the institutions can do at their locations, Laird pointed out two commonalities among the institutions that have been hit in Columbus. "Most of the locations do have cameras, but they're activated by employees when they come in and open up, and then they are turned off at night when they leave. On entering the building with the perpetrators, the employees are never given a chance to turn those cameras on, so we have no footage of any of these crimes."
In each of the Columbus cases, the perpetrators have also selected only those locations that have no time delay on their vaults or safes, Laird added.
Some Steps May Not Work
But even upgrading to 24/7 cameras or putting time locks on vaults or safes may not be much of a deterrent, Wagner suggested.
"You can go to cameras that are on 24-by-seven, for example. Or, I assume all these places had some sort of alarm in place that had to be deactivated by the employee, so you arrange with your security company that the cameras go on any time the alarm system is deactivated," he offered. "But most crooks are familiar with security cameras, so they know to blacken the lens of the camera, typically with spray paint.
"Most credit unions don't have vaults, they have safes, and most safes don't have time-locks on them. It can be expensive to put them on, but it can be done," Wagner continued. "The time-lock becomes a difficult issue because your employees' safety is paramount. I'm not sure how the robber would know ahead of time about a time-lock or not, even if they have been doing a lot of surveillance-most safes are not out where the public can see them-only the employees see them. Add to that the fact that you don't know how a perpetrator is going to respond when the time-lock is discovered. It adds to the risk because of the frustration. Some will understand that there's nothing the employee can do and just walk away, but others maybe won't.
"Robbers take control. The idea is for you to retain as much control as possible."
Employees Must Inform CU
In addition to making employees aware of abduction scenarios and that they may be being watched, employees also need to make sure the credit union knows if the employee thinks he and/or the credit union may be under surveillance. Depending on the situation, the CU may need to alert law enforcement.
Employees also need to make sure the credit union knows as much about them and their itineraries as possible.
"We had a credit union where the CEO was on vacation. A fax came in saying that the CEO had been caught for speeding two states away and needed the credit union to wire him some money, but in fact, the CEO was out raking the yard, he wasn't two states away," Wagner related. "Fortunately, the CEO made sure someone knew what he was doing on his vacation, so the credit union knew he wasn't two states away and didn't respond to that fax."
In the case of an abduction-robbery or other hostage-taking situation, the same thing applies. "We suggest they put together some confidential information in a sealed envelope, something that will help identify him, a contact list with important phone numbers, etc.," Wagner commented. "We have some of our own people who have done this."
Other Steps To Take
At the same time, an employee who has access to the safe or vault should ensure this confidential information isn't readily available to the public. "They may want to have an unlisted phone number, for example. They shouldn't respond to inquiries for the community directory when they're asked for their title at work or a description of what they do."
Employees also should make their families aware of these safety issues, teaching children how to answer the phone and what information not to give over the phone, for example-and also how to respond if something like this should happen.
And communication with law enforcement before anything goes wrong can make a big difference, too.
"Typically, in these types of activities, a federal law enforcement agency is involved, but the first responders are still going to the local law enforcement, so talk to them about prevention tips and what to do if something happens," Wagner advised. "This is still very infrequent, to our knowledge, but that doesn't mean credit unions shouldn't plan for this type of disaster."