Symcor’s logo is not splashed across the building and it’s not a household name, but just about every Canadian who makes a payment or writes a cheque has had their information pass through the company’s production centres. Like so many financial organizations, the security processes behind Symcor’s transactions run deep and as Chief Security Officer Duranleau is responsible for making sure the company’s operations are protected across the country and as it expands into the United States.

In the eight years since Symcor was established by three of Canada’s largest banks — Bank of Montreal Financial Group, Royal Bank Financial Group and Toronto Dominion Financial Group — Duranleau has been the company’s CSO.

Symcor processes two billion cheques, 150 million customer payments and mails more than 400 million customer statements annually. The three parent banks that launched the company rely on Symcor to research and process outstanding financial adjustments, as do its other clients.

Duranleau is responsible for the security at Symcor sites in Vancouver, Calgary, Winnipeg, Toronto and Halifax. There are more than 20 sites that are 24-hour shops running six days a week for the most part. Symcor employs 6,000 people and the company has begun branching out to the U.S. with a production site now operating in Charlotte, N.C.

He says his small department, consisting of just himself and a security associate, is “typical” of modern corporate security teams where many processes are outsourced and managed centrally.

“Our function is to focus on being advisory-oriented,” he says. “We don’t have the manpower to do the day-to-day management of all the other functions. In terms of physical security, we write the policy and establish the baselines and guidelines for what should be in sites depending on what takes place at each one — everything from alarm systems to CCTV to locks on doors and the types of vaults and other types of security containers we need to use.”

But in the last three years, Duranleau says more and more, he is consulted, along with other Symcor business unit leaders, by the senior management team regarding strategic issues that impact the business.

As CSO, he is increasingly asked to provide input on everything from a new service offering to a request for proposal (RFP) for potential clients as well as internal employee relation strategies that could impact the company. “When a decision is being made strategically, more and more we find IT and operations and security are consulted on what we think, when just three years ago we were an after thought. When we take on a new client we’re invited to consult on the project and our opinions are considered.”

Duranleau sees security as providing a value-added contribution to the organization, whether that is in securing the facility and its reputation today or making sure that, if possible, security is assured as part of obtaining future business. Last summer, Duranleau was able to sell Symcor executives on an 18-month project to upgrade camera and access control systems nationwide. It was a seven-figure investment and he had to make the business case before getting the green light.

“The project was to upgrade current systems and the return on investment was presented in terms of securing future contracts and related to expansion in the U.S. It was seen as an investment in the future and expectations of the company’s clients as we moved forward, not only due to regulatory requirements, but expectations of overall service.”

Symcor is not alone in its pursuit of security as a strategic investment. According to Greg Pellegrino, global managing director with Deloitte in Boston, Mass.,  security is increasingly being viewed not as a cost centre, but a means to protect brand, increase shareholder value and create competitive advantage.

“It’s easy to understand why companies and boards are beginning to take security more seriously,” says Pellegrino, adding the emerging “secure economy” is defined by five realities, including rapid change, new regulatory requirements, heightened threats and greater uncertainty, complex and interdependent risks (supply chains, multiple partners) and globalization.

“Investment in security is an opportunity and will become a key competitive differentiator in the marketplace,” Pellegrino commented at a recent public-private sector security conference held in Ottawa, Ont.

Investing in security goes hand-in-hand with protecting shareholder value and creating greater shareholder value.

Security has always been seen as the “go-to” in a crisis, Duranleau says, but it hasn’t been viewed as adding to the bottom line, until now.

“The fact I have a clear line to decision makers is very rewarding because you do get to try things and make recommendations where you wouldn’t normally have an opportunity,” says Duranleau. “Their position is to listen to people around them and make the business decisions and if the recommendation makes sense — whether it's from me or a colleague of mine who is from IT or business continuity.”

He sees it as an evolution of the security function from a time when security used to provide more tactical services. “As a result of downsizing you start cutting back your people — those who have remained in management positions have realized the only way they can add value is to become a better advisor.”

The expectation level for having things in place to be in business now, more than ever, includes security. Duranleau says Symcor’s president and CEO, Ed Kilroy, and the executive team are looking at business contracts and asking, ”˜In order to get that business and keep it what do we need to do?’

“We are able to add that little extra to the pitch whether it’s for new business — if we can say, ”˜We have that piece of security you’re really concerned about and the other four vendors bidding don’t, then it increases our opportunity. I’m part of the RFP process for every RFP we have, whether it’s here or in the U.S. and a lot of it’s the same — they want to know what do you have to secure your buildings? What do you have to secure data?”

Duranleau says he tries to look at the roadmap of the company in terms of where it is looking to grow and where he should be concentrating on how to evolve the security department with that growth plan.

His security career began in 1984 as a private investigator conducting insurance fraud surveillance involving individuals who were making potentially fraudulent claims to insurance companies for workplace injuries. “I liked the investigation piece quite a bit but wanted to try something else,” he recalls.

While conducting investigations he also worked at the Ontario Jockey Club ”“ now Woodbine Entertainment — at Greenwood Raceway in Toronto’s Beaches district. “I was getting a taste of both private investigations and the security officer role and decided to take my chance at expanding my investigation skills and joined the RCMP in 1987.”

He worked for almost 10 years in various departments of the RCMP including VIP protection for federal politicians and investigated organized crime, in particular, the trail of money from the proceeds of crime.

But Duranleau had become frustrated bouncing from one case to another without ever seeing any file through to resolution. He decided to look into a career in private security and landed a job at United Parcel Service (UPS).

“I started looking around and got my break, took a cut in pay and vacation time and made the move at just short of 10 years service, which is really unusual.”

His RCMP training, and in particular the skills obtained in knowing how to follow a money trail came in handy when he learned of the job at Symcor.

Over the years, Duranleau’s role at Symcor has evolved to one that must anticipate what questions and concerns might come from the executive offices and how he will respond to and advise senior management.

Reporting directly to the senior vice-president of general legal counsel (who then reports directly to Symcor’s CEO  he says it is incumbent upon him to keep up to date on developments in the industry and emerging trends.

“I’ve had to really focus on maintaining that open-mindedness and openness to learn. Not just to learning new things in security, but learning about the business world,” he says.

Duranleau also sits on a management security committee comprised of the heads of Symcor’s major business units which meet monthly, chaired by the chief information security officer (CISO) who looks after computing and network services. He is also part of the corporate emergency response team when it comes to any event where the business continuity plan is invoked.

With much of the security function outsourced, Duranleau relies heavily on regular audits conducted at each site to make sure the security policies created are being implemented and sustained.

“We do an annual site security survey — we spend two weeks a year at each site and in those two weeks we do a review of the physical security that should be in place and we poke at it and make sure it’s working. That includes everything from locks on doors to lighting, to cameras to vaults to any loss prevention procedures, securing items and procedures around that.”

Symcor also audits its mail couriers  via surveillance.

“We pick a couple of drivers at random, pick their routes, and watch them do their job so their contractual obligations are being followed and any gaps discovered are addressed through our sourcing folks,” he explains.

Over the last few years Duranleau says he has been challenged to anticipate and be proactive about what the business needs, ready to provide management with proactive answers.

Those in charge tend to ask just two questions: ”˜Who’s on the problem to stop the bleeding, and Is it going to happen again?’

“You identify the gaps and come up with cost effective solutions. And so when the senior people see results, in some way they know the next time they come to you the expectation is that you will be able to do that again. With that comes a level of trust and a level of confidence they have in people like myself.”