Financial Institutions

The Bank Protection Act of 1968 (12 CFR Part 21) requires all federally supervised depository institutions to maintain surveillance cameras of sufficient quality to produce images usable as evidence in a criminal prosecution. For financial institutions in California, that minimum standard is the floor — not the target. Critical camera coverage locations include:

• Teller counters and cash handling areas — facial capture of every individual at the transaction line; required for robbery investigation and internal theft documentation
• ATM locations (exterior and vestibule) — covers both skimmer installation attempts and jugging surveillance; license plate capture for vehicles loitering near ATMs
• Vault and safe access points — time-stamped record of every entry and exit; critical for internal fraud investigations
• Entry doors and lobby — captures every individual entering before they reach teller lines; supports real-time threat detection
• Parking lots and drive-through lanes — monitors for suspicious loitering, jugging staging behavior, and vehicle threats before entry
• Employee-only areas and back offices — documents access to sensitive financial records, server rooms, and cash storage

AI-enabled cameras reduce false alarms by up to 90% versus standard motion detection and can flag unusual behavior patterns — extended loitering near ATMs, repeated badge access attempts, or after-hours vault approaches — before incidents escalate. Learn how live monitoring connects to your camera network →

Internal fraud is the silent threat most banks and credit unions underestimate. The average loss per internal fraud case is $1.5 million, and 38% of cases involve employee collusion — meaning multiple people working together to defeat internal controls. Real-time monitoring of access logs, camera feeds, and after-hours activity is the only way to detect these patterns before they compound. Ask about internal threat monitoring for your branch →

Security costs for financial institutions in California vary significantly by approach. Armed guard staffing carries the highest ongoing investment; AI-powered live monitoring delivers comprehensive coverage at a fraction of the cost. Here is a direct comparison:

Most California banks and credit unions operate with guards only during business hours, leaving ATMs, parking lots, and building perimeters unmonitored overnight. Guardian's live video monitoring provides full 24/7 coverage of every camera for under $3 per hour — including the after-hours window when ATM attacks, skimmer installations, and burglary attempts are most common. Get a security quote →

Financial institutions face federal regulatory requirements, active robbery and fraud threats, and internal vulnerability points that most commercial businesses do not. Setting up a compliant, effective security program requires these eight steps:

1. Conduct a Bank Protection Act compliance audit — verify all camera placements, alarm systems, and access controls meet 12 CFR Part 21 minimums before layering additional protection.
2. Map every cash access point and employee-only zone — teller drawers, vaults, ATMs, cash counting rooms, and server/records rooms each require dedicated camera coverage and access logging.
3. Install AI surveillance cameras at all identified risk points — cameras must produce images of sufficient quality to serve as criminal prosecution evidence per federal requirements; AI-enabled cameras exceed this threshold.
4. Connect all cameras to 24/7 live video monitoring — recorded-only systems detect incidents after the fact; branch security requires live agents watching for robbery staging, ATM tampering, and after-hours intrusion in real time.
5. Implement layered access control at employee-only zones — badge readers, PIN codes, and biometric access with time-stamped logs for every vault, server room, and back-office area entry.
6. Integrate panic and duress alarm systems with monitoring — teller silent alarms must connect directly to live monitoring agents who can simultaneously alert law enforcement and document the incident in progress.
7. Establish after-hours ATM and parking surveillance protocols — most ATM skimmer installations occur between 11 PM and 4 AM; dedicated overnight monitoring of ATM locations is the single most effective preventive measure.
8. Conduct quarterly security reviews with documented logs — FFIEC examination guidelines require institutions to demonstrate ongoing security governance; documented reviews, incident logs, and vendor records satisfy this requirement.

Guardian manages steps 1 through 7 for branches across California. Start with a branch security assessment →

Financial institutions in California operate under multiple overlapping federal security frameworks, each with specific physical and electronic surveillance requirements:

• Bank Protection Act of 1968 (12 CFR Part 21) — requires all federally supervised depository institutions to install and maintain security devices including surveillance cameras producing images of sufficient quality for criminal prosecution, alarm systems, access controls, and procedures for robbery response and evidence preservation
• FFIEC Security Guidelines — the Federal Financial Institutions Examination Council establishes cybersecurity and physical security governance standards; FFIEC exams review camera coverage, access log retention, alarm response procedures, and vendor management documentation
• Gramm-Leach-Bliley Act (GLBA) Safeguards Rule — requires banks and credit unions to implement a written information security program addressing physical safeguards; camera footage and access logs are covered records under this framework
• PCI DSS 4.0.1 — mandatory as of March 31, 2025 for all institutions processing payment cards; requires monitoring of access to cardholder data environments and camera coverage of physical access points to payment systems
• Bank Secrecy Act (BSA) — requires documentation of suspicious activity; camera footage and access logs are primary evidence in SAR (Suspicious Activity Report) investigations

California banks also face state-level data privacy obligations under the California Consumer Privacy Act (CCPA) covering how surveillance footage and transaction monitoring data is stored and shared. Guardian configures all security programs to meet federal minimum standards with California-compliant camera placement and retention policies. Ask about compliance-ready security setup →

Financial institutions in California can record video throughout all public and employee-area locations. Audio recording requires compliance with California Penal Code §632.

California is an all-party consent state under PC §632 — recording a confidential communication without the consent of all parties is a misdemeanor, with civil liability up to $5,000 per violation. For these institutions, practical compliance means:

• Video-only cameras in lobbies, teller areas, and parking — fully permitted; no consent requirement for visual-only surveillance in areas where customers have no reasonable expectation of privacy
• Audio recording in customer-facing areas — requires clearly visible posted notice at every branch entry point stating that audio is being recorded; bilingual (English/Spanish) notice is best practice in California
• Teller intercom and drive-through audio — consent is typically implied by use of the system, but institutions should include audio recording disclosure in account opening documents to eliminate ambiguity
• Employee break rooms, private offices, or restrooms — prohibited under any circumstances regardless of security policy

Guardian configures all camera systems as video-only by default. Audio capability is deployed only with clear posted notice at all California-required disclosure points. Ask about California-compliant camera configuration →

Live video monitoring for financial institutions is a proactive service where trained human agents watch all branch cameras in real time — 24 hours a day, 7 days a week — from Guardian's monitoring center in Los Angeles. Unlike recorded-only systems, live monitoring enables agents to detect robbery staging behavior outside the branch before anyone enters, flag ATM tampering attempts as they occur, and dispatch law enforcement during an active incident rather than after.

Agents cover every camera simultaneously: teller lines, vault access, ATMs, parking, and perimeter. AI filters routine activity so agents respond only to genuine anomalies — an individual loitering near the ATM for 20 minutes at 2 AM, a vehicle circling the parking lot before open, or repeated badge failures at a restricted door. Each event generates a timestamped log that satisfies both internal audit requirements and FFIEC examination expectations for documented security governance. See how Guardian's live monitoring works for financial institutions →

ATM crime is a growing threat for California financial institutions. Bank ATM skimming rose 103% year-over-year in the first half of 2023 (FICO), and California accounts for the highest share of skimming incidents in the US. Law enforcement agencies across California have also documented a sharp rise in jugging — criminals who stake out bank ATMs, follow customers who withdraw cash, and rob them at a secondary location.

Effective ATM protection requires a layered approach:

• High-resolution cameras with license plate capture — positioned to record every vehicle approaching and departing the ATM; jugging investigations rely heavily on vehicle identification footage
• 24/7 live monitoring of ATM camera feeds — skimmer installations almost always occur between 11 PM and 4 AM; live agents can detect tampering attempts in real time and dispatch law enforcement before the device is installed
• Motion-activated lighting around ATM vestibules and exterior machines — high-intensity lighting is one of the most effective deterrents against both skimmer installation and physical ATM attacks
• Anti-skimming hardware on ATM card readers — jitter mechanisms, card reader overlays, and deep-insert skimmer detection should be maintained and inspected monthly
• Patrol response for verified after-hours ATM alerts — live monitoring agents dispatch mobile patrol units to confirmed suspicious activity at ATM locations within minutes

Guardian provides ATM-specific monitoring protocols for branches across California. Contact Guardian about ATM security for your branches →

Access control for financial institutions must balance customer accessibility with strict employee-area restrictions. Effective layered access control includes:

• Badge reader + PIN dual-factor access for vault and back-office entry — single-factor access at high-value zones is insufficient; dual-factor creates an admissible log entry for internal fraud investigations
• Time-restricted access credentials — employees should only have access to sensitive areas during their scheduled hours; after-hours access attempts automatically trigger alerts to live monitoring agents
• Mantrap vestibule systems at branch entry — double-door entry zones where the outer door must close before the inner door opens; eliminates tailgating at the lobby entry point
• Biometric access at the highest-risk locations — vault and server room entry using fingerprint or palm recognition eliminates credential sharing, a common vector in internal fraud at branches
• Video intercom at after-hours customer access points — ATM vestibule after-hours entry controlled by intercom or keypad with camera logging; prevents unauthorized loitering at entry-controlled ATM zones

Guardian integrates all access control hardware with live monitoring — agents receive real-time alerts on after-hours access attempts, door held-open events, and repeated credential failures. Ask about access control integration for your branch →

Internal fraud is one of the most financially damaging threats banks and credit unions face — and one of the least addressed by physical security programs. The average internal fraud scheme runs for 14 months before detection, with an average loss of $1.5 million per case. Thirty-eight percent of cases involve employee collusion, and 48% are initially detected through tips rather than system controls.

Physical security measures that directly reduce internal fraud exposure include:

• Real-time monitoring of access logs at vault and cash handling areas — live agents watching for access patterns outside normal job functions or scheduled hours; anomalies flagged immediately rather than discovered in a post-incident audit
• Dual-custody procedures documented on camera — vault openings, cash counts, and wire transfer approvals that require two employees present, with camera confirmation of compliance
• Separation of access credentials from supervisory roles — managers should not hold the credentials to disable or delete camera footage; access administration should be handled by a separate security role
• Teller drawer camera coverage with time-stamp synchronization — synchronized timestamps between POS transaction records and camera footage eliminate the ability to dispute cash handling discrepancies
• After-hours alert protocols for all employee access — any employee access to restricted areas outside scheduled hours generates an immediate alert to both monitoring agents and branch management

Guardian's programs include specific internal fraud detection protocols built around your branch's transaction workflows and staff access patterns. Learn about Guardian's security guard services →

Selecting a security vendor for financial institutions in California requires verifying credentials and capabilities that go beyond standard commercial security providers:

1. Active PPO license from BSIS — all California security companies must hold a Private Patrol Operator license from the Bureau of Security and Investigative Services. Verify at bsis.ca.gov. Guardian holds PPO License #121089.
2. Demonstrated Bank Protection Act compliance knowledge — the vendor must understand 12 CFR Part 21 requirements and document how camera placement meets federal minimums for your institution type.
3. Experience with FFIEC examination requirements — vendors who serve banks should understand what FFIEC examiners look for in documented security governance, incident logs, and vendor oversight records.
4. Local California monitoring center, not outsourced — for banks and credit unions, law enforcement response time is critical. Guardian's monitoring agents are in Los Angeles — they know local LAPD, Sheriff, and CHP protocols and communicate directly with dispatch rather than routing through an out-of-state call center.
5. Documented audit trail capability — the vendor must provide timestamped incident logs, camera access records, and response documentation satisfying both internal compliance teams and external FFIEC examiners.

Guardian Integrated Security serves financial institutions across California with BBB A+ rating, PPO #121089, and an AI-security team based in Los Angeles with financial industry security experience. Contact Guardian for a security assessment →