John Varrone comes to banking after 25 years with the U.S. Customs Service. Promoted to special agent in 1982, he spent several years investigating money laundering and drug crimes. Then, he began taking a management role, gaining additional responsibilities and oversight. During the mid-90s, Varrone spent almost six years working as the customs liaison to the U.S. Treasury Department of Enforcement.
After September 11, 2001, Varonne led both the Customs Service's effort to secure the ports, and the planning and implementation of "Operation Green Quest," an effort to shut down the money flow to terrorists and to the organizations that support them.
Now, he has joined Credit Suisse First Boston, reporting to Luther L. Terry, Jr., managing director and global head of CSFB's corporate services department. Although the position is not a new one within CSFB, Varrone's perspective and experience should certainly provide a boon to both the bank and to the broader financial community. He spoke with BS&T senior editor Ivan Schneider about his plans for the job.
Bank Systems & Technology: What are some of your top initiatives?
John Varrone: The first and foremost is the security and safety of CSFB employees and facilities. That's primary. Secondarily would be a strategic look at the organization and where we can take the corporate security department, and how we can value-add to all of the firm's operations.
BS&T: How do you measure the "value-add"?
VARRONE: Measuring value-added is sometimes a little bit difficult, no matter what the environment is. In my former environment, where people would say it's just on arrest activities and such, that's just one measurement. But at the end of the day, if they're all low-level arrests, then really, it doesn't mean anything.
I focus very much on data analysis and having the cleanest information with which to make decisions. The one way you can measure it is preparedness. We're moving in a direction to be the most prepared in every aspect of this organization , whether it's business continuity or crisis management.
BS&T: How do you know how much to budget for security?
VARRONE: I'm doing a ground-up review of what I'm doing and what I'm spending to do it. Only after six months will I be able to determine: Do we need to grow? There could be regulatory changes that could impact physical security and access. Those are the kinds of things that are unpredictable that are on the horizon. But I know I can't plan for them and put a dollar figure on it right now.
BS&T: What contact do you have with your counterparts at other banks?
VARRONE: I'm in very close contact with all of my colleagues. There are banking group meetings with the security chiefs in the New York-New Jersey area, and we meet every two to three weeks. I call them informal, but they're really formal meetings. On a first-hand basis, I know about 15 of 25 of them, just working throughout my career. So I have immediate connectivity to them. I believe I have their trust and respect, and they have mine.
The issues that are confronting them are national issues that confront the whole industry. Largely, I think the threat issue is probably the primary one: the overall threat issue-monitoring that, the safety of their organizations. If there's a common denominator among us, that's certainly the primary one right now.
BS&T: How does that kind of information get out to the rest of the banking community?
VARRONE: There's a combination of ways. My old organization just held a three-day conference in June. They had over 100 financial institutions in attendance, and they put out a variety of bulletins and threat information. It gets passed around the community in a formal process and gets shared further. It gets done through e-mail, it gets done through media, and it gets done with a lot of outreach that's ongoing, government-wide. With the ability to go onto the DHS Department of Homeland Security Web site and the other Web sites and drill down and pick up information, there's an incredible amount of information that's public source information. That's a real good thing.
BS&T: How is your government experience going to inform what you do at the bank?
VARRONE: One thing that has really interested me is Homeland Security's admission last month that the coding is flawed for the color-coded alert levels. I don't want to use the word flawed-they used the word flawed in the media, but it's not flawed. That's a work in progress, because it's the first time that the United States government took all sources of intelligence and wanted to advise of threat levels. That's a difficult process.
I hope to bring that experience into the financial services industry and help to define, as best we can, what the overall threat is-beyond the international threat-to the financial services industry.
BS&T: From your experience, is law enforcement getting what it needs from the banking community to do its job?
VARRONE: In my prior experience, the relationship has always been strong, but in the customs service, we were an unique organization. We had trade and law enforcement in the same organization. Over the last decade or so, we had developed our corporate-government partnerships in a variety of areas-we had them with the steamship companies, we had them with the airlines.
We'd be responsible for providing the law enforcement, potentially fining them civilly for violations, and developing partnerships with them. That's a pretty complex relationship when you throw those three things into one hat, but we navigated that and built up strong partnerships in a variety of areas.
We were responsible for intellectual property rights and copyright violations when I was in customs. We developed a very strong relationship with the software industry and the recording industry.
In the financial sector, when they had the emergence of the black-market peso exchange threat, we developed a relationship with top executives whose industries were touched by that. It wasn't one where we would tell the corporate people what we think they should do. We would go to these meetings with a very open mind of telling them what we see the threat and please develop guidelines to help yourselves.
BS&T: What differences do you expect between working in the government and in the private sector?
VARRONE: I actually think that the organization that I was part of was very progressive. People criticize government sometimes as being too slow and too bureaucratic. Contrary to that, I was in a dynamic organization that was moving very quickly in a lot of different directions, in a very positive way.
After 9/11, we had 85 percent compliance with the airline industry's advance passenger manifest. We were targeting and screening people well in advance of their arrival. We quickly moved out and made it mandatory compliance for all foreign airlines as well. We've done the same on the cargo side to secure supply chain security, and we've done that through a variety of initiatives that normally people would think would take years to initiate.
We quickly moved out with a container security initiative and physically deployed additional staff to eight countries, and we have agreements with 20 of the largest ports around the world.
BS&T: So the real question is how you're going to make the jump from a fast-moving government organization to a commercial banking entity.
VARRONE: I think I went from one fast-moving organization to another. It's a dynamic place, they're extremely talented people. I really think that under CEO John Mack's leadership, this bank is headed in the right direction, and is really going to be moving forward fast.