UniCredit Bank AG Deutschland

UniCredit Bank AG Deutschland

Identity and access governance in a highly regulated banking environment

UniCredit Bank AG Deutschland

Identity and Access Governance in a Highly Regulated Banking Environment


The access management solution of UniCredit Bank Deutschland based on Omada Identity Suite manages user access to several hundred business applications of the Bank.

The Omada Identity Suite (OIS) was chosen by UniCredit Bank AG as it offered a lot of standard functionality and the flexibility to enhance the product by custom needs in an easy way. So, the first scope of the Omada solution was introduced in a short timeframe in 2013, with a sharp focus on business/IT alignment. Since then the Omada IGA solution runs stable and helps UniCredit meet rigorous regulatory compliance requirements.


Increased auditing pressures
A core value for UniCredit is to uphold its strong reputation. As such, an integral part of the business is to safeguard information and securely control, execute, and manage systems to deliver its high-quality products and services while maintaining the utmost level of security and compliance.

The German Federal Financial Supervisory Authority (BaFin) requires that banks possess and implement systems to ensure that access rights are both assigned and recertified correctly, and that toxic access rights can be identified and dealt with. Such regulatory auditing pressures combined with the bank’s expansion called for a unified approach to manage users’ access rights efficiently and securely.

 

Increase efficiency in managing access rights
UniCredit’s IT security department decided to initiate a project for access rights attestation surveys and later a comprehensive access governance project to automate the many time-consuming tasks related to access approval chains, provisioning ordering, access documentation and audit preparation.

The administration of several hundred applications raised the need to introduce an IAM solution that would manage the large number of roles and rights in a comfortable and efficient way assuring the requirements concerning governance topics.

One of the main challenges that UniCredit had identified, was the lack of transparency of granted access to applications. Access to a business application often consisted of access rights to many different target systems. This meant that clarification and definition of business applications and processes between the platform and IT-service providers was a prerequisite.

 

Application onboarding factory
Key decision factors were a strong flexibility of the solution, provisioning capabilities and advanced standardization of core identity governance and administration (IGA) functionality, which would enable UniCredit Bank AG to scale the solution according to business development and encompass increasing regulations.

During the project an ambitious project plan was created with emphasis on a short implementation and a structured, efficient approach to onboarding of business applications. Omada and UniCredit Bank AG improved the application onboarding together with the know-how concerning bank processes brought in by UniCredit AG and the IAM know-how brought in by Omada. Developing the UniCredit Bank AG solution together has also provided valuable input to Omada’s product with an influence on later versions of the Omada Identity Suite.

The solution delivers true business value:

  • Onboarding applications across heterogeneous platforms for central management and overview
  • A UniCredit reconciliation approach to determine if actual data in the target systems matches the desired state created by the solution based on the data in the Omada OIS system
  • Recertification / attestation surveys for manager/ owner approval of users’ access rights
  • Self-service access rights request portal
  • Standard SoD adjusted to business policies

Omada Identity Suite gathers all identity and access data from target systems in a central, unified view. The complete transparency and traceability have solved the issue of determining if the IT-service provider has provisioned requested access rights to applications into the target system. By importing all access data into Omada Identity Suite, UniCredit Bank AG can generate the needed reports to easily check compliance of rights and roles.


Clear milestones and a pragmatic common project approach
For the bank, the implementation project was a major undertaking that had intense management focus. Managers and application owners were deeply involved, collaborating on the various tasks involving specification, requirements management, data cleaning, training, custom development, recertification and communication.

The combined project team of Omada and UniCredit Bank AG aligned a clear implementation plan which includes activities on all sides, including the various business units. On a regular basis, applications to onboard were identified, roles were defined in the system, application criticality was assessed, access rights surveys were performed, and the applications were onboarded in a steady process that week after week ensured “green status lights” to secure the successful go-live on time and therefore the fulfilment of the BaFin requirements.

 

Stable solution for over six years now
After introducing a first release in 2013, the IAM solution of UniCredit has been enhanced and developed to a comprehensive tool for the assurance of compliance in daily business. The solution is running stable since then and the latest BaFin audit in 2017 has acknowledged the implemented solution as best in class.

 

Important IGA processes enable the business
Many new automated workflows have been set-up across the organization to ensure secure and efficient handling of access rights and applications. These include:

  • Evaluation process to determine the business criticality of applications / systems
  • Regular approval surveys to ensure access right relevance
  • Segregation of duty (SoD) handling to maintain business integrity
  • Approval processes implemented for newly requested access rights

The implemented solution from Omada has fulfilled UniCredit’s vision of a combined IGA solution with a “factory approach” for role management and quick onboarding of new applications.

The implemented solution from Omada has fulfilled UniCredit’s vision of a combined IGA solution with a “factory approach” for role management and quick onboarding of new applications.

UniCredit Bank AG | Germany

UniCredit Bank AG | Germany

Industry: Banking

Profile: UniCredit Bank AG Deutschland, part of the UniCredit Group, is a leading European commercial bank with more than 500 branches and over 14,000 employees. The Group operates across 17 European countries and holds one of the region’s highest market shares.

Solution: Omada Identity Suite

Suggested Reading

UniCredit Customer Case

UniCredit Customer Case

Identity and Access Governance in a Highly Regulated Banking Environment.

The Omada Identity Suite (OIS) was chosen by UniCredit Bank AG as it offered a lot of standardfunctionality and the flexibility to enhance the product by custom needs in an easy way. So, the first scope of the Omada solution was introduced in a short timeframe in 2013, with a sharp focus on business/IT alignment. Since then the Omada IGA solution runs stable and helps UniCredit meet rigorous regulatory compliance requirements.

Download the UniCredit customer case here in PDF

Download Customer Case

By using or further navigating this website, you agree to Omada's use of cookies. Click here to see our cookie policy.

Read Privacy Policy
Close