New IAM solution for Thüringer Aufbaubank

The regulatory requirements of MaRisk are increasing rather than decreasing. The Thüringer Aufbaubank was no longer able to meet them with its previous IAM solution. Therefore, the company decided to implement the Garancy® Identity Manager from Beta Systems IAM Software AG. In particular, it allows the implementation of a role concept, which had previously only been practiced to a limited extent, with which the principle of “no right without a role” can be consistently applied.

The Thüringer Aufbaubank (TAB), including its subsidiaries, employs around 800 people, most of whom work at the main location in Erfurt. As early as 2016, the development bank had already introduced a tool for central identity and authorization management as part of an IT governance project. After one year of operation and in view of the drafts of MaRisk and BAIT, however, it became clear that the software would not be able to meet the increasing regulatory requirements in the long term in the form it was then in use.

Audit according to §44 KWG gave the impetus

An examination according to §44 KWG, ordered by BaFin and carried out by examiners* of the Bundesbank, confirmed the opinion of the TAB and gave the final impetus: The existing IAM concept should be reconsidered, a new solution should be purchased. Tommy Grimmer, head of the IT control department at TAB: “It was important to us that it had good usability and that it met all current and future requirements of MaRisk and BAIT – as far as foreseeable. That’s why we decided on the software from Beta Systems, not least because a number of other banks are already working with Garancy® and have reported positive experiences”.

Administrative effort for the assignment of rights is significantly reduced

With the Garancy® Identity Manager the TAB implements the basic principle “No right without role”. This means that rights are only applied for via roles, the assignment of individual rights is only done in exceptional cases. “With Beta Systems, the roles are really tailored to professionalism, positions and functions,” explains Cindy Schöneweck, compliance officer in the IT management of Aufbaubank. From the basic principle follows: People who have the same job description also have the same access rights and are assigned the same business role. For each new hire, exactly those who are needed for the job are now selected from an existing set of rights and roles. This significantly reduces the administrative effort involved in assigning rights.

4 core systems and 60 further applications in the IAM

The next steps in implementing the IAM concept are the first recertification and the establishment of further specialist, functional and organizational roles. In addition, the remaining applications are to be transferred to Garancy®. “What we appreciate about Beta Systems is that we always have permanent contact persons here and that support is also very easy to reach,” says Cindy Schöneweck.