Risk
Why Banks Are Embracing Circadian Risk for Smarter Security Decisions
Does your bank have a reliable risk management solution?
After a bank robbery, how long does it take your security team to pull records of security assessments for that location? If your bank is like many financial institutions, it could take a long time… or you might not be able to find that information at all.
In 2023, there were 1,362 burglaries, robberies, and larcenies of banks in the United States. After every incident, each bank must work with authorities to conduct a security review of the facility that was robbed. This includes reviewing security measures like doors, alarms, cameras, employee training and procedures. The review should also include previous security assessments and reports.
But do you know where those assessments and reports are, or do you have to dig through paper files or a lengthy spreadsheet to find the information? Are you able to find your last risk analysis for that branch?
Many banks’ security departments simply don’t have that information at their fingertips.
Are you losing data in spreadsheets? What about in filing cabinets?
Banks and financial institutions are constantly assessing the safety of their locations. However storing the data collected in those annual assessments gets tricky. For many large organizations, including banks, spreadsheets are the standard when it comes to collecting information about security and risk at their locations.
But this approach gets unwieldy, especially for banks.
There are 4,577 banks and 4,604 federally insured credit unions in the U.S.. In 2020, banks in the U.S. had an average of 19 branches, a number that’s trending up as financial institutions consolidate. The largest banks, however, have thousands of locations nationwide: in 2024 JP Morgan topped the list with 5,110 branches, followed by Wells Fargo with 4,349 locations, and Bank of America with 3,975 branches.
Using a spreadsheet to collect annual assessment data doesn’t scale. Nor does using a manual system of paper checklists. When you have 1,000 sites, it’s difficult to find information about a specific site at a glance.The more sites you add to a spreadsheet the more likely it is that errors will creep into the data.
Don’t use spreadsheets to track risk
Spreadsheets may seem like a good way of collecting risk information about bank branches. They’re accessible to most organizations and your employees probably understand the basics of Excel.
However, a spreadsheet is not a good database for managing, tracking, and remediating the security issues of a financial institution. Excel and similar software is simply not equipped to act as a risk database.
Why not? There are several reasons:
Spreadsheets don’t scale
Spreadsheets are static
Version issues
Human error
Spreadsheets aren’t secure (and neither are paper checklists)
Let’s take these one at a time.
Spreadsheets don’t scale: If your bank has just one or two branches, you might be able to use a spreadsheet for risk data. However, when you have many sites, things get complicated: it becomes difficult to find the information you need quickly. You may have a difficult time comparing security at specific sites. And we’ve all gotten lost in spreadsheets and accidentally looked at the wrong line.
Spreadsheets are static: Spreadsheets provide a record of data at a single point in time, but it’s difficult to use a spreadsheet to track remediations or changes. Someone needs to manually collect and enter information from a risk assessment checklist into the spreadsheet. This requires time, effort, and data entry is not a good use of your security team’s time. While the spreadsheet may be able to capture certain information, such as the number of cameras or fire extinguishers at a site, it’s also limited: a spreadsheet can’t tell you if your cameras are well-placed to catch a robbery suspect’s face or height, for example. You can’t see where those cameras are on the floorplan of a specific site.
Versions can be a problem: Anyone can make a copy of a spreadsheet, and that can cause confusion. Which version is correct? Which is the latest version? Do both versions contain their own information? Who will combine multiple versions back into a single document? Without a single source of truth about security at your bank branches, your team may not be able to find the correct, most up-to-date security information about a specific site.
Human error: With a spreadsheet, the potential for human error is boundless. For one thing, data entry is time-consuming and tedious. It’s easy for a bored or tired employee to make mistakes as they type in data from paper checklists. The risk of error increases the more people have access to the spreadsheet; a colleague might inadvertently change a formula and affect the entire spreadsheet, or accidentally delete data. Some data might not even make it into the spreadsheet — an assessor may misplace a checklist and the data can be lost.
Spreadsheets aren’t secure: With so much emphasis on cybersecurity, we often make the mistake of believing that paper is more secure than digital documents and that internal spreadsheets are more secure than a third party solution. Neither is true: paper can get lost, stolen, or destroyed. If anyone in your bank has access to a spreadsheet, it can easily be copied or tampered with. A financial institution can’t afford for any of those things to happen.
Should banks build their own risk management software?
Some financial institutions, already aware of the problems with using spreadsheets to track risk assessment data, take a different approach to tracking risk. They have built their own risk databases.
While this represents a more sophisticated approach to risk data collection and storage, it still poses some problems.
Basically, when you decide to create your own software, you become a software development company as well as a bank. You foot the bill for development, maintenance, updates, and trouble-shooting. You own the software, and that means you own every problem as well.
Development is costly: Hiring developers and creating a compliant software product to track risk in your bank can be expensive, and development is not just a one-time cost. Your product will need constant updates and maintenance over its entire lifecycle. You’ll need a team to maintain, secure, and refine the platform.
Development takes time: Development is also time-consuming. It might be months before your project is complete and you’re ready to track risk with your platform. In that time, any number of incidents could happen at your branches
Finding the right combination of expertise can be difficult: Your team might include finance and physical risk experts, that doesn’t necessarily mean they know how a risk management platform should be designed. Your organization needs to invest in developers who can build a database, for example, and who understand your compliance needs, the concerns around banking and risk, and who can bring your vision to life.
While all of this is possible, it’s not an easy process, and takes both time and money.
A simpler, more sophisticated solution for risk management
When your bank needs to assess risk, it needs to be done quickly — especially if there has been a robbery. Your team needs to be able to pull risk data about the site that’s been robbed so that the information can be examined and shared with police and FBI.
This is best done with a platform that’s designed to be a living document — a single source of truth that tracks all the risk information at each branch, and can show you the information you need immediately. Your platform should be able to aggregate risk analysis data, and let you look at any branch’s data, seeing where cameras are located in their floor plan, what security updates have been made most recently, and how many robberies have occurred at that site.
Circadian Risk’s digital platform consolidates your bank’s risk information in one database. It’s a single source of risk information; from the assessors who input their evaluations directly into the platform to the team members who use that data to create reports, presentations and checklists for remediation, everything is on one platform.
Circadian Risk takes your assessment data, collates it for immediate analysis, and aggregates it to immediately give you insights across your organization. The platform reflects remediations as soon as they are made, and there is only one version, securely stored on the cloud. And no matter how many locations your bank has, it’s never unwieldy. Circadian Risk grows with your financial institution.
‘This is the solution I’ve always wanted but didn’t know existed’
Banks use spreadsheets and develop their own databases because they don’t know a better solution exists. We’ve been told by many clients that they’ve wanted a solution like Circadian Risk, but didn’t know one was available.
One of the best parts of Circadian Risk is that you can get started quickly. Even if you’re working with us to customize our platform to your institution’s needs, implementation time is still quick — and we will work with you to onboard your team and get started. We are also here for the long haul; providing support, troubleshooting, updates, and constant improvements from our team of experts.
Take control of your bank’s risk today.
Contact our experts to learn how Circadian Risk can simplify and strengthen your security.
About the Author
