From robbery and ATM risk to the Bank Protection Act, here's how banks and credit unions build a security program — the officers, the alarms, the compliance, and the cost.
Banks and credit unions occupy a strange position in the security world: statistically safer than they have ever been, yet still legally obligated to defend against a threat model most businesses never face. Federal law has required financial institutions to maintain a formal security program since 1968, robbery remains a live risk at teller lines and ATMs, and examiners will ask to see your written plan. Bank security is not a discretionary line item you can trim in a lean quarter — it is a board-level compliance duty backed by federal regulation, plus a genuine safety obligation to the people standing between the counter and the cash. This guide explains what the law actually requires, where guards fit, what it costs, and how to hire a provider that can pass an exam.
Every federally regulated bank must comply with the Bank Protection Act of 1968: designate a security officer, adopt a board-approved written security program, and install minimum devices (alarms, tamper-resistant locks, vault/asset protection, lighting). Physical guards are not federally mandated but are standard at cash-heavy branches, high-crime locations, and for workplace-violence protection — usually armed officers, running roughly $28–$55+ per hour. Layer that with alarms, video surveillance, and mobile patrol, and hire a licensed, insured provider with financial-institution experience.
The threat model: robbery, ATMs, cash-in-transit, and violence
Understanding what you are defending against determines what you buy. The headline risk — armed robbery of a branch — has fallen dramatically. The FBI's Bank Crime Statistics recorded just 1,362 bank robberies in 2023, the lowest total since before 1990, and 2023 was the first year on record with zero deaths from reported bank robberies. That decline is real and worth internalizing: it means a fortress mentality is often the wrong spend. But "rare" is not "gone," and the risk profile has shifted rather than disappeared.
The concrete exposures a bank security program must address today:
- Branch robbery. Still the classic threat — note-passers, demand-and-flee, and the occasional takeover. Deterrence, staff response protocols, and identification/evidence quality matter more than resistance.
- ATM crime. Skimming, jackpotting, physical attacks on machines, and robbery of customers at walk-up and drive-through ATMs — especially after dark. Lighting and surveillance are the primary controls.
- Cash-in-transit (CIT). The armored-carrier handoff is a recurring vulnerability. Federal law treats armored-carrier robberies as a distinct category; the exposure sits at the curb during loading, not in the vault.
- Vault and after-hours burglary. Lower frequency, higher loss. This is the domain of alarms, safes, and construction — not people.
- Workplace violence. Increasingly the driver of guard staffing — angry customers, domestic situations spilling into the lobby, and disputes at high-friction moments like foreclosure or account closure. This is the risk category that most often justifies an armed officer at a modern branch.
What federal law requires: the Bank Protection Act of 1968
The foundational statute is the Bank Protection Act of 1968, codified at 12 U.S.C. 1882. It directs federal banking regulators to set minimum security standards, and each regulator implements it through its own rule: the Federal Reserve at 12 CFR 208.61, the OCC (national banks) at 12 CFR Part 21, and the FDIC (state non-member banks) at 12 CFR Part 326. The substance is nearly identical across all three. If you operate a federally insured depository institution, one of these rules governs you.
The Act imposes four core obligations on the institution's board of directors:
- Designate a security officer. The board must name a security officer with authority to develop and administer the security program (within 30 days of opening for national banks; within 180 days of joining the system for Fed member banks).
- Adopt a written security program. A board-approved, written plan covering the main office and every branch, designed to discourage robberies, burglaries, and larcenies and to help identify and prosecute offenders.
- Install minimum security devices. The rules specifically require a means of protecting cash and liquid assets (vault, safe, or secure space); a lighting system to illuminate the vault area during darkness if visible from outside; an alarm system to promptly notify law enforcement of a robbery or burglary; tamper-resistant locks on exterior doors and openable windows; and "such other devices as the security officer determines to be appropriate."
- Report annually to the board. The security officer must report at least once a year on the implementation, administration, and effectiveness of the program.
Note what the Act does not do: it does not mandate security guards, and it does not prescribe specific vault construction specs. The "other devices" clause is risk-based — the security officer weighs the incidence of crime in the area, the amount of cash exposed, and the distance to the nearest law enforcement. That risk assessment is where guard staffing, additional cameras, and hardening decisions get justified and documented. When examiners review your program, they are checking that these judgments were made deliberately and written down, not that you hit a fixed hardware checklist.
GLBA, FFIEC, and the physical side of data protection
Robbery is the visible threat; customer data is the regulated one. Under Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), financial institutions must maintain a security program with administrative, technical, and physical safeguards for customer information. For banks and credit unions, that duty is implemented through the Interagency Guidelines Establishing Information Security Standards; for non-bank financial institutions, the parallel obligation is the FTC Safeguards Rule at 16 CFR Part 314. Examiners assess banks against the FFIEC IT Examination Handbook's Information Security Booklet.
Why does a physical-guard buyer care about a data rule? Because the guidelines define "customer information" to include records in paper, electronic, or other form. That pulls the physical branch environment squarely into scope. Access control to back-office areas, secure storage and shredding of documents, protection of the ATM and its cabling, controlled visitor access, and background-checked personnel with access to customer information are all physical safeguards under GLBA — not just IT concerns. A guard force that manages door access, escorts vendors, and enforces clean-desk and secure-disposal protocols is part of your GLBA physical-safeguard posture, and a competent security vendor should understand that overlap.
Where security officers fit — and armed vs. unarmed
Because guards are not federally mandated, staffing them is a risk-and-liability decision. In practice, financial institutions deploy officers for a handful of clear reasons: visible deterrence in the lobby, managing workplace-violence incidents, controlling access to secure areas, and providing a trained first responder during a robbery or medical event. The most common configuration at a branch is a single uniformed officer covering banking hours.
The armed-versus-unarmed question is the central one. Many banks default to armed security for branch coverage, reasoning that a robbery is inherently a violent-crime scenario. Others deliberately choose unarmed security guards whose role is observation, de-escalation, access control, and coordination with police — accepting industry guidance that resisting a note-passer with a firearm can escalate a low-violence event into a lethal one. There is no single right answer; it depends on your location's crime data, your insurer's position, and your own risk tolerance. What matters is that the choice is documented in your risk assessment and that armed officers carry the correct state licensing, firearms permits, and use-of-force training.
Beyond the branch guard, a mature bank security program layers several services:
| Layer | What it addresses | Typical form |
|---|---|---|
| Branch officer | Robbery deterrence, workplace violence, access control | Armed or unarmed post, banking hours |
| Video surveillance | Evidence quality, ATM monitoring, remote oversight | Cameras + video surveillance, often monitored offsite |
| Alarm & vault | After-hours burglary, panic/duress | Central-station alarm, safe/vault, panic buttons (BPA-required) |
| Mobile patrol | Multiple branches, ATMs, after-hours checks | Mobile patrol across a route |
| Corporate/HQ | Headquarters, data centers, executives | Corporate security program |
For institutions running many small branches or unmanned ATM sites, mobile patrol is often more cost-effective than a fixed guard at each location — a marked vehicle running scheduled and random passes, closing and opening branches, and responding to alarms. Larger organizations extend the program to headquarters, cash-processing centers, and executive protection under a broader corporate security umbrella, and treat one-off events like shareholder meetings or grand openings with dedicated event security.
What bank security costs
Guard labor is the dominant cost, and it tracks the same market as any other sector — bank posts sit at the higher end because they usually require armed, experienced, well-vetted officers. As a planning range for 2026:
| Service | Typical rate | Notes |
|---|---|---|
| Unarmed branch officer | ~$20–$32/hr | Access control, de-escalation, observation |
| Armed branch officer | ~$28–$55+/hr | Higher licensing, insurance, training load |
| Mobile patrol (per branch/ATM) | ~$40–$90/visit | Shared route lowers per-site cost |
| Video surveillance install | Project-based | Plus monthly monitoring if outsourced |
Rates vary widely by market, hours, and risk. A single armed officer covering ~50 banking hours a week runs into the low-to-mid five figures per branch per year; 24/7 coverage multiplies that. For grounded numbers, see our guides on how much security costs, armed guard cost, and unarmed guard hourly rates, or model your own scenario with the security cost calculator. Weigh guard spend against the alternative: many low-frequency risks (after-hours burglary, ATM tampering) are better and more cheaply controlled by alarms and cameras than by a body in a chair.
How to hire a bank security company
Financial institutions are held to a higher diligence standard than most buyers, and your vendor selection is itself part of your GLBA and Bank Protection Act compliance story. Work through this checklist:
- Verify state licensing. Confirm the company's guard-agency license and, for armed posts, individual firearms permits — in every state where you operate. Our guide on how to verify a security company license walks through the state-by-state lookups.
- Confirm insurance. Require a certificate of insurance naming the bank as additional insured, with general liability and — critically for armed posts — assault-and-battery and firearms coverage. See what to check on a security vendor's COI.
- Demand financial-institution experience. Ask for bank/credit-union references and confirm officers are trained on robbery response, the "silent" bait-money and duress protocols, and GLBA-adjacent access control — not just standing at a door.
- Check background-screening and use-of-force policy. Because officers may access areas holding customer information, vetting is a GLBA safeguard. For armed posts, review the written use-of-force and de-escalation policy directly. Our primers on use-of-force law and guard arrest powers explain the legal boundaries.
- Get post orders in writing. Tie the scope to your risk assessment and written security program so the deployment is defensible in an exam and against a negligent-security claim.
The same disciplines carry over from adjacent high-value sectors — the access-control and asset-protection playbook overlaps heavily with retail loss prevention, warehouse and industrial security, and corporate campus security. If you also protect a headquarters, data center, or executive team, read the full hiring guide before you run an RFP.
Buyer takeaway
Bank security is a compliance obligation first and a staffing decision second. The Bank Protection Act sets a non-negotiable floor — security officer, written program, minimum devices, annual board report — and GLBA/FFIEC pull physical safeguards into your data-protection duties. Above that floor, guard staffing is a documented risk judgment: armed or unarmed at the branch, mobile patrol across a footprint, alarms and cameras for the low-frequency high-loss events. Match the spend to your actual crime data and workplace-violence exposure, hire a licensed and insured provider with genuine financial-institution experience, and put everything in writing.
Ready to staff a branch, a network, or a headquarters? Get free quotes from licensed, insured security companies with banking experience, or browse providers in your area to start comparing.
Frequently asked questions
Are banks legally required to have armed security guards?+
What is the Bank Protection Act of 1968 and who enforces it?+
How does GLBA affect physical security at a bank branch?+
How much does it cost to put a security guard at a bank branch?+
Should a bank hire an armed or unarmed security officer?+
Share this guide
Sources
- 12 CFR § 208.61 — Bank security procedures (Federal Reserve, Bank Protection Act implementing rule)
- 12 CFR Part 21 — Minimum Security Devices and Procedures (OCC, national banks)
- 12 CFR Part 326 — Minimum Security Devices and Procedures (FDIC, state non-member banks)
- Gramm-Leach-Bliley Act — Safeguards / Section 501(b) (Federal Trade Commission)
- Interagency Guidelines Establishing Information Security Standards (Federal Reserve)
- FTC Safeguards Rule — 16 CFR Part 314 (non-bank financial institutions)
- FBI Bank Crime Statistics 2023
- FBI Bank Crime Statistics (program page)
Related guides
Need to hire a security company?
Get free quotes from licensed security companies in your area.
Get free quotes


