Guardians of the Golden Arches: The McDonald’s US Security Program

While loss prevention may be a universal focus for retail organizations, McDonald’s US Security’s loss prevention program provides a wide spectrum of possibilities and a broad scope of challenges based on this particular type of organization. Here we will take a closer look at the security and loss prevention program for this icon in the quick service restaurant industry.

McDonald’s™. The name is instantly recognizable, conjuring up images of Big Mac™ sandwiches, Chicken McNuggets™, and World Famous Fries™. No matter where your travels take you across the globe, chances are you will find a McDonald’s, and chances are the hamburger you purchase in Doha, Qatar, will taste and look identical to the one you purchase in Peoria, Illinois.

McDonald’s is the juggernaut of quick service, the restaurant chain that eclipses its competition by an order of magnitude. Think your retail chain is pretty big? McDonald’s gets 27 million visitors per day, and that’s in the United States alone.

- Sponsors -

From a retail security and loss prevention program perspective, one can imagine not only the types of incidents that can occur at your average McDonald’s location, but the sheer number of them as well. To understand why this might be, just consider what goes on at the nearly 15,000 McDonald’s restaurants scattered throughout the United States through the dual mechanisms of lobby dining and drive-through service.

The local McDonald’s is often much more than a spot to buy food; it’s a well-known landmark in whatever city it happens to be in. The Golden Arches™ are often occupied by people seeking a place for morning meetings or parents enjoying time with their children over a Happy Meal™ in the Playplace restaurants.

For a demographics comparison, this author also visited several Southern California McDonald’s restaurants during the writing of this article. The drive-through lanes are occupied with everything from Bentleys to barely running jalopies. Translation—when asked who their demographic is, McDonaldÕs can confidently and with a straight-faced answer, “Everyone.”

When considering all of the circumstances that can and do occur at your average McDonald’s, one starts to form a picture of the lay of the land when it comes to loss prevention programs and security protection nationwide. To that end, McDonald’s possesses one of the most unconventional, yet effective, loss prevention teams in the business. They call themselves U.S. Security, which sounds as if it is some flavor of Special Forces SWAT team or other such covert group. And yes, they really are everywhere.

McDonald’s US Security Team

McDonald’s may be mainstream today, and its modus operandi might seem fairly conventional, but when the company founder Ray Kroc stumbled upon the McDonald brothers in the 1950s, he knew he had something special. It wasn’t so much the food (barbeque) or the location (sleepy San Bernardino, California), it was the whole package. Implementing a Ford-style food assembly line that produced burgers ultra-fast, McDonald’s became an instant hit, expanding like no other business before it, and to be honest, probably any business that comes after it.

McDonalds US security team 2015

McDonald’s US Security takes the uniqueness of principle that is McDonald’s and forges its own path in the loss prevention space. The result is a retail security organization that resembles exactly no other loss prevention program in the business. To be clear, U.S. Security seldom uses the term “loss prevention,” nor do they embrace the other industry alternative “asset protection,” either. Instead, they prefer to use the “security” moniker, although physical security is only a small part of what they actually do. And guess what—they do a stellar job with far fewer people than one might think possible.

US Security boasts a fairly simple organizational chart considering the behemoth size of McDonald’s. It is headed up by Senior Director Robert “Rob” Holm, who is the executive in charge of all U.S. safety and security efforts. From there and specific to the security function, the country is split into four zones—South and Northeast headed by Director Kevin Trimble; Central and West headed by Director Octavio Jara. The zones are broken down into regions with ten regional security managers (RSM) assigned to one or more regions. If you’ve been keeping count thus far, you’ve arrived at a grand total of thirteen individuals. Really? Certainly there must be some sort of accounting error.

Before wrapping your head around these statistics, it’s important to understand the business model that McDonald’s uses to operate. McDonald’s restaurants are comprised of two distinct types of restaurant. First, there are the company-owned restaurants, internally referred to as McOpCo restaurants, which is short for “McDonald’s-operated company” restaurants. Of the approximate 15,000 U.S. restaurants, roughly 10 percent are McOpCo restaurants, and they are the rudder of the ship, as it were.

According to Holm, “There are three reasons why McOpCo restaurants exist. First, to provide revenue for the corporation. Second, they are a petri dish, a place to vet new technologies and try things. And third, which is the most important reason they exist, they are a people pump. They train and develop future leaders for both inside and outside the restaurants.”

This takes us to the bulk of McDonald’s restaurants—the restaurants run by independent franchisees (“owner operators”). Owner-operator restaurants comprise the vast majority of the McDonald’s empire, and while the owner operators themselves must adhere to the terms and conditions of a franchise agreement, the individual restaurants are run in such a manner that the owner operators make their own financial decisions and run their businesses as they see fit. Of course, this sometimes presents a challenge to the U.S. Security staff, but more on that later.

Boots on the Ground

Where the rubber meets the road at McDonald’s US Security, you’ll find ten high-speed regional security managers, each responsible for providing expert security advice to hundreds of restaurants in their respective geographical regions. Most of them come from conventional retail loss prevention programs, while others do not.

Take Jennifer Schaefer for example, a RSM in the Midwest and Heartland region of the country comprising approximately 1,200 restaurants. Schaefer boasts a master’s degree in criminal justice leadership. Prior to coming to McDonald’s, Schaefer worked for such retail and gourmet coffee and food establishments as Target and Caribou Coffee Company. She also has significant experience as a judicial law clerk, correctional officer, and college professor, which gives her a wide plethora of experience to apply in the multi-faceted LP industry and QSR system.

William “Bill” Ball is another RSM in the Midwest territory (Ohio and Indiana) and serves as the go-to security professional for approximately 1,300 restaurants. “I started my loss prevention career chasing shoplifters at Sears for $5.45 per hour,” stated Ball, who later worked for Kohl’s, The Gap, and then Lowe’s, before beginning his career at McDonald’s.

Daniel Thomas, however, holds a somewhat different background. He currently serves as RSM for the Michigan and Chicago area regions, comprised of nearly 1,400 restaurants. Thomas came to McDonald’s eighteen years ago after serving as a police officer. “I spent ten years as a patrolman and detective with the St. Louis Police Department,” he stated.

The regional security managers hold an eclectic mix of talents and former avocations to be sure, but this diversity is what makes US Security so effective. Octavio Jara, director of US security for the Western US, was also a former police officer in his past life in Southern California before working as a member of the loss prevention program at AutoZone.

Senior Director Holm is a career security executive, having held similar positions at Honeywell, 3M, Imation, and the Tribune Company, among others. With such a small staff compared to similarly sized retail establishments, there are no novices, no trainees, and no second-rate people within McDonald’s  US Security. Each position is filled by a seasoned pro. What is interesting about U.S. Security as a whole is the corporate mantra that pervades the organization, which was summed up best by Holm when he said, “I’m not a loss prevention professional. I am a business professional who has expertise in the security field.” Thomas echoed that sentiment with a slight twist. “I see myself as a strategic business partner. If the restaurants only use me for security issues, they are missing out,” stated Thomas.

What Could Possibly Go Wrong

Before delving into McDonald’s US Security’s methodology, consider the range of incidents that can take place at your average McDonald’s. Some of these are germane to other retail establishments, while others are particular to McDonald’s, mainly because of the massive foot traffic within the restaurants on a daily basis.

“Over the course of a single week,” began Schaefer, “I was asked to consult on two missing deposit investigations, a credit card skimming incident, a multi-restaurant demonstration, and one private plane that crash landed in the parking lot.” Other, unique events are common as well, due to the sheer ubiquity of the chain.

“I recently had someone call a restaurant claiming there was an explosive device under one of the chairs, and it turned out to be a high-profile media event,” said Thomas. “Thankfully, no explosive device was found.”

Holm has perhaps the best explanation for the wide diversity of potential issues that may arise nationwide. “Twenty-seven million people per day visit McDonald’s restaurants. If you tell me there is a one-in-a-million chance that something will happen in our restaurants, then it will happen 27 times per day,” explained Holm.

Accordingly, the regional security managers are no strangers to calls at all hours of the day and night. “When I get a call in the middle of the night, my first question…is everyone okay? It is all about our number one priority—our people,” emphasized Schaefer.

With each regional security manager in charge of the loss prevention needs of several hundred restaurants each, how does US Security manage to execute their responsibilities at such a high level? “We are a one-man or one-woman show in the regions we support,” said Bill Ball. “Our primary responsibility is brand protection, which includes protecting our employees and customers, our corporate assets, and our strategic partners, all with the goal of providing the best restaurant experience for our customers.”

Spend enough time with the regional security managers, and you will hear the term “brand protection” mentioned a lot. It is not just a catchy buzzword that McDonald’s has adopted. It is in fact an actual detailed strategy with dozens of implications. To U.S. Security, brand protection is a multi-faceted strategy. “We have to protect the brand from different things—robberies, homicides, and burglaries,” said Ball.

Jara wholeheartedly agrees, yet adds further items to the laundry list. “Protecting the brand includes protection of confidential information, our reputation, our most valuable resources, our employees, and of course, our customers,” he stated.

A Two-Pronged Approach

Each RSM has to deal with the two distinct retail environments—McOpCo locations and franchisee restaurants—both of which have their own separate and unique needs. Said Ball, “We have to fly at a much higher level. We have to stay cognizant of resources and time. We have to handle things by phone, which includes coaching and investigations.” Although occasionally, as Thomas pointed out, “Sensitive issues require boots on the ground, and you need to get into a restaurant.”

What makes US Security’s job such a challenge is the inherent dichotomy between the McOpCo restaurants and the franchisee restaurants. On the one hand, LP needs within the McOpCo restaurants function much like any corporate loss prevention program. In those restaurants U.S. Security enjoys a tabula rasa approach at loss prevention activities. Things like camera systems, safes, lighting, alarm systems, and exception-reporting software can all be purchased as a whole and then rolled out to each location much as would happen in any other corporation. In this environment, McDonald’s US Security team is free to test new technologies and practices, which can then be offered as solutions to the owner operators. In McOpCo restaurants, these new methods and procedures are thoroughly vetted, so by the time they are offered to owner-operator restaurants, US Security knows they are proven solutions.

Don’t think, however, that US Security merely issues an edict or proclamation and then leaves it to the owner operators to follow. That’s really not how it works. “We are here as a resource for best practices. In the end, it is their restaurant, their time, their employee base,” said Schaefer.

Ball expanded upon that thought. “McOpCo restaurants are the test beds, the restaurants that we do all these things in to show what works,” he explained. “Then the franchisees can see that it works and determine whether or not to adopt those methods within their restaurants as they see fit.”

When called upon by owner operators, the RSMs can serve as valuable resources and consultants for the loss prevention program. Said Thomas, “We try to walk in their stores from a loss prevention standpoint and determine which LP methods might be effective from a security and cost standpoint and which might be less so.”

In many cases, the adoption of new technologies or methods involves a large degree of consulting and influence with the owner operator. “It’s all about building those relationships,” stated Ball. “It’s your subject-matter expertise that you have to convey to the operators. You have to show them results through metrics, through data.” Ultimately, however, the owner operators are free to do what they see fit from a security standpoint, including what equipment to use and what process to employ. U.S. Security’s role is to make sure they understand the options and resources available to them to make their restaurants safer and more secure.

In fact, US Security is also quick to point out that McOpCo’s test bed status is a tool for the owner operator, a resource they can tap into, showing them that certain best practices work and are not merely a corporate push. “What we do from a security standpoint at the corporate level needs to make sense to our owner operators,” explained Jara. “Our McOpCo restaurants provide us an opportunity to showcase new security initiatives, technologies, and put them in place to demonstrate to our owner operator the value that these systems work. This type of relationship is rewarding for us because it gives us the ability to put our influencing skills to work.”

In many cases, the regional security managers act as lobbyists at the local co-op meetings. Each major city will have its own co-op, which is a group of owner operators and McOpCo restaurants that hold monthly meetings. “Every co-op gets together each month,” said Ball. “As a security professional, you want to get on those agendas to influence McOpCo’s business and operations, and then hopefully, McOpCo can influence the owner operators on security best practices.”

Thus, to the thousands of franchisees across the nation, US Security can take on a number of roles when supporting an owner operator. Depending on the situation, that role could include a security professional resource, a trusted advisor, or a strategic business consultant, with the goal of helping them address all manner of loss prevention program issues. Whether it is offering assistance with the selection of a surveillance camera system, or referring them to an armored car service, assisting with an internal investigation, or serving as a liaison to local law enforcement, McDonald’s US Security is there to consult.

Considering that the RSMs don’t have any direct loss prevention staff that report to them, they clearly have a lot on their plates. However, when asked whether he could use more LP staff, Holm replied, “Part of me says yes. It’s a knee-jerk reaction. The thing is, we are not a security company. We are an operations company that sells hamburgers. In that sense, I have 90,000 security members on my staff.”

At the end of the day, it is truly remarkable that such a small team is so effective in protecting what just might be the most identifiable brand across the globe. It ultimately comes down to the attitude of retail security pervasiveness throughout the organization, as Holm puts it, “from the boardroom to the crew room.” Every employee is a loss prevention node, and each owner operator has a vested interest in brand protection and the safety and security of McDonald’s restaurants. And with US Security at its best, the brand is in great hands with the Golden Arches shining brightly!

EDITOR’S NOTE: McDonald’s, Big Mac, Chicken McNuggets, World Famous Fries, Happy Meal, and The Golden Arches are trademarks of McDonald’s Corporation and its affiliates, and are used with permission.

This article was first published in 2015 and updated in May 2021.

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.