Hope for best, plan for worst: Security advice after Fifth Third tragedy

Mass shootings are often met with the same collective questions in the aftermath: Where did he buy the gun? Why did he choose that location? How did he get past security protocols? Why did he do it? What do we do the next time this happens?

Because active shooters so often die by suicide or by cop, survivors and law enforcement sometimes do not get all of the answers to those questions. Yet that last one — what do we do the next time? — is a question bankers should be asking themselves after the recent attack at Fifth Third Bancorp’s headquarters building that left four dead (including the shooter) and at least two seriously injured.

What happened Sept. 6 in downtown Cincinnati should be a reminder to anybody who still needed one: It can happen anywhere.

“There are two common things you’ll hear from anyone who’s survived an event like this,” said Jin Kim, a recently retired FBI expert on active shooters. “The first one is, ‘I never thought it would happen to me,’ and the second is, ‘It happened so fast I didn’t know what was going on.’ ”

Though the odds of experiencing an active-shooter situation are slim, security experts say some basic workplace safety protocols should be a part of every company’s culture today, and they should include preparation for an active-shooter scenario. They say a good program needs to include security equipment and personnel as well as employee training.

Some large financial institutions have even invested in security systems that can detect the sound of gunfire and immediately alert local law enforcement.

FBI data on fate of active shooters in incidents in 2016 and 2017

Fifth Third had active-shooter protocols in place before the incident and has since begun an analysis of what worked during the shooting and where the company can further improve.

Those improvements include additional, armed security in and around its buildings in downtown Cincinnati, the company said. Fifth Third has also been actively seeking its employees’ feedback on the matter and is offering counseling.

“One week after the horrific shooting in Cincinnati, we continue the hard work of recovery. Part of that recovery includes a thoughtful review of the crisis,” Teresa Tanner, executive vice president and chief administrative officer, said in an email Thursday to American Banker. “We need to stop and learn and review with the right spirit, so we know how best to move forward.”

Of course, financial institutions large and small have long prepared themselves for the threat of an armed robbery. Certainly, that can be a good foundation for surviving an active-shooter scenario, insofar as it teaches staff how to react in a high-pressure, life-threatening situation, said Paul Benda, senior vice president of risk and cybersecurity policy with the American Bankers Association. But as he and others cautioned, active shooters are still an entirely different beast.

“A bank robbery and an active shooter are apples and oranges. You really can’t compare the two,” he said.

The FBI defines an active shooter as a person who is trying to kill many people in a busy or populated area, such as a school, movie theater, church or bank lobby. According to a report by the bureau, the U.S. experienced 50 active-shooter incidents across 21 states in 2016 and 2017, resulting in 221 people killed and 772 injured.

All the shooters were men, and they all acted alone, the FBI said. Thirteen committed suicide, 11 were killed by police, eight were stopped by citizens and 18 were apprehended by police.

Carol Dodgen, the owner founder of Dodgen Security Consulting, initially began her business consulting with banks and credit unions about robbery prevention. Over the past decade or so, however, training focused on workplace violence has eclipsed all the other work she does.

“We want to reduce the threat in every way that we can, but you can’t 100% secure every place,” Dodgen said. “Your job, if you’re caught in that situation and you’re waiting for the police to arrive, is to try to preserve life as long as you can.”

Depending where somebody is when a threat materializes, hitting the floor and hiding, as many people instinctively do, may or may not always be the safest strategy, she said. Whenever possible, a person should try to figure out where the threat is coming from and get away from it. However, sometimes sheltering in place also makes sense.

“You’re going to react as you’re trained, so that’s why it’s critical to walk through those plans,” she said. “You can’t assume that people know what to do.”

Each company or situation is unique, but Kim recommended an organization look at three key areas when preparing for a possible active-shooter situation.

The first is the integrity of security equipment and barriers. That can include security cameras or turnstiles at the entrance to a building, but more important it means that every physical security measure has a reason behind it and can be matched with a rapid response, he said.

The second involves operational procedures. That can be something as simple as never letting another employee piggyback on access to the building.

The third is resiliency of human capital. By that Kim means training employees and providing flexible guidance, not hard-and-fast rules, about how to respond in an active-shooter situation. People should not fixate on one practice as the best one for any active-shooter scenario, he said.

“You have to be fluid and adaptable in your circumstances,” Kim said. “At your workplace, being in the copy room versus the lobby versus the restroom versus at your desk is going to change how you react to an acute threat. Understanding your environment, first and foremost, and its vulnerabilities and the structural strengths you can take advantage of, is key.”

And when it comes to active-shooter scenarios, the size of a business does not matter.

Dodgen has worked with banks and credit unions of all sizes. While larger organizations have more resources to draw upon, she also said executives at smaller institutions often approach her to say, “I want you to scare them. They don’t think anything’s gonna happen here.”

Kim said that he has sometimes been surprised to see how little some very large companies have done to prepare for this potential scenario.

“Many companies are driven by the fear of scaring their employees,” he said. “They are doing a greater disservice to them by not addressing a very common concern among all citizens.”

For reprint and licensing requests for this article, click here.
Workplace safety and security Regional banks Community banking Risk management Fifth Third Bancorp
MORE FROM AMERICAN BANKER