Stephen Baker: Securing Other People's Money
Stephen D. Baker
Vice President and Deputy CSO, State Street Corporation
All $27,430,000,000,000 of it. That is $27 “Trillion” with a capital “T” of other people’s money under custody at State Street Corporation. Most of their customers, actually, are other financial institutions as well as institutional investors, and their brand and business relies on the continuous vigilance of their executive leaders including Steve Baker, Vice President and Deputy CSO.
“State Street, which is the second oldest bank in the United States, was founded in 1792 and has a great foundation enabling us to look at risk profiles and support the business by addressing threats. Our bank’s strong focus on satisfying customers and investors, as well as protecting our reputation, has strongly integrated security into the business,” says Baker. “We are a leading trust bank, so the big bucket we manage as a business is risk.”
Global Security’s mission is to safeguard our people, property, information, reputation and ensure the continuity of business operations. Security does this through the continuous implementation and improvement of security programs and safety measures. Security’s participation on key committees such as Operational Risk, Country Risk and Vendor Risk committees, along with a reporting line to the Chief Legal Officer who serves on the Executive Management Committee, gives the State Street Security staff a very relevant place of responsibility. In addition Baker’s role on the Corporate Incident Response team eliminates information gaps and keeps his team ahead of the curve.
“I consider myself a business person first, with an expertise in security. Banking regulations can have some advantage for a security function to have direct view of expectations and demands on security. It enables us to influence and control the security-related risk management agenda,” he says.
Cybersecurity, political unrest/travel safety and terrorism/shareholder activism are some of the biggest risk issues and are heavily intertwined. “Our big ‘risk’ focus is the protection of our critical infrastructure. State Street is designated as a Systematically Important Financial Institution (SIFI) in the U.S. and globally because of its size, complexity, interconnectedness and the lack of readily available substitutes for the financial infrastructure it provides.” states Baker.
State Street Global Security is highly regarded by all of its stakeholders. The security team works closely with senior business executives. “By being integrated into the business, we understand the goals prior to planning. Reaching across the organization and working with the other business units is a favorite aspect of my job,” he says.
The financial services sector has its unique challenges and opportunities. Banking laws require banks to have a CSO. Jack Eckenrode is the bank’s Senior Vice President and Chief Security Officer. Security is required to develop a security program and present it to the Board of Directors for approval. That approval provides support for the programs implementation. The Global Security function also provides significant support to the Legal team through litigation support activities and to the Compliance group through its assistance with due diligence and investigations pertaining to global money laundering laws; Foreign Corrupt Practices Act violations; and employee ethics infractions. Security is a separate global division and has centers of excellence to maximize its effectiveness and efficiency. “By reporting to a member of the management committee, we have visibility into long-term plans and initiatives. This allows us to identify risks and present those risks and solutions early to the business people who own them. The result is that the bank makes the right decision as an entity. Security is neither dictating a policy nor being dictated to when it comes to risk management,” Baker says.
The security team has worked to measure all aspects of their value and cost matrix. One initiative separated constant RFP costs, such as hourly contract officers and equipment costs from variable costs including sick leave and vacation. By separating these items they are more able to predict expenses and budget across the organization.
A second initiative to improve security without increasing costs was the move from four leased office buildings to one bank-owned building. While the direct cost of security increased, they were able to document that the indirect costs funded by the bank at the leased buildings met or exceeded these direct costs. Thus, the cost transfer was equal. “This is a financial services company, and our bosses understand financials! It is my job to understand our security costs better than they do. That allows us to gain credibility and make the business case,” says Baker.
Security contributes to the direct bottom line results as well. By capturing actual entry and exit data through the access control system at their buildings, the bank was able to do occupancy modeling for the global real estate department, provide actual use and incident reports for insurance quotes and leverage travel information for employee tax issues. “We are able to reduce cost, increase efficiency and gain internal customer satisfaction as a result,” he notes.
Security conducts internal evaluations and surveys that result in security team members being highly regarded and valued. The key to success is ensuring prospective hires are a strong cultural fit with more of a business risk focus and less of an enforcement mentality. Second, training is critical. “We require our employees to identify training needs and complete these programs. We also have a flexible structure that allows volunteering, pursuing certifications, association involvement and participating on mentoring teams, on bank time,” says Baker. “And we lead by example. Everyone participates in these programs from the top on down to our interns.”
Security’s engagement in the business from inception to delivery ensures that State Street has solid enterprise risk management planning. “We are involved in company, not merely security decisions, which means there are no surprises. That is the critical difference that enables success. The many inbound calls we receive for advice points to our value across the company.
“By satisfying customers, regulators and providing a safe workplace for employees and visitors, Security will continue to be a viable entity by being engaged in the business and supporting the company’s goals. We are expected to be the experts and are often asked, ‘how do we get this done?’” concludes Baker. “We work each day to reduce risk, win customers over, meet regulatory requirements and support the business while safeguarding our people, all with management support! I love my job!”
- Annual Revenue: $9.8 Billion
- Security Budget: $29 Million
- Political Unrest/Activism
- Safeguarding State Street’s people, property, information, reputation and the continuity of business operations worldwide through the implementation and improvement of security programs and safety measures.
- Asset Protection/Theft
- Brand Protection/Intellectual Property/Product Protection/Counterfeiting/Fraud Protection
- Business Expansion Support
- Enterprise Resilience
- Fraud/IP Theft: External, Partnerand Insider Threats
- Employee Travel/Kidnapping & Ransom
- Regulatory Compliance
- Risk Management Planning Supporting Business Growth
- Supply Chain
- Technology Integration and Management
- Workplace Violence