Identity Access Management for a Swiss private bank

Identity Access Management for a Swiss private bank

Key challenges

Swiss private banks have to comply with FINMA 2008/21 regulation and specifically with the appendix 3 regarding Client Identifying Data (CID).

The client had to implement an access control framework in order to monitor its data visibility and apply it to each of its IT systems: core banking system, CRM, shared drives and ECM.

The private bank operating internationally, one of the challenges was to apply different data visibilities whether the client CID (Customer Identifying Data) was Swiss or foreign, and whether it was accessed from Switzerland or abroad.

Our approach

Following regulator directives, the mission implemented the « need to know » principle in order to restrict access to the client data only to the persons who required in their daily tasks. To do so we:

Benefits

The customer uses an access framework based on Rule-based RBAC for its operational security. The mission allowed to migrate some of its application into the framework in order to control specifically the Client Identifying Data and restrict its access to Switzerland only.

In regard to the FINMA regulator, this mission allowed to validate this compliancy requirement expressed in FINMA 2008/21 appendix 3.

Technologies & Partners

Identity Access Management Swiss Private Bank
Identity Access Management Swiss Private Bank