Entitlements are no longer just the archaic back-end mapping of permissions and access management logic that was long considered a table stakes offering. What was once a cumbersome exercise of granting specific permissions to clients/users has evolved into a robust value-added capability that banks are leveraging to glean business insights, enhance customer experience, improve operational efficiencies, and reduce fraud.
Macro trends tend to influence and drive change across product sets, strategies, and operational disciplines alike, and entitlements have been affected just the same. Regulations, such as Sarbanes-Oxley (SOX), the Gramm-Leach-Bliley Act (GLBA), and Basel Capital Accord (Basel II), create a need for strict permissions on who has access to what, when, and where. The burden is shared across financial services firms and their institutional/commercial clients who expect their banking partners to have sophisticated entitlement management solutions.
In addition to entitlements being considered a value-add product for their customer base, we note that these solutions can be leveraged as a safeguard against fraud within the day-to-day banking activity as well. Strict entitlement tools can mitigate much of the risk associated with payment processing. In addition to the benefit realization for a well-put-together entitlement management solution, client and financial service providers also share the same pain points.
Entitlements have long presented pain points for both banks and their clients, especially those with legacy security technologies. Many companies have deployed centralized directories across disparate systems for user data, Web SSO systems, and user provisioning products. Having an entitlements program that can integrate with these technologies has typically been a resource-heavy task, but thankfully, the introduction of API-based connections can alleviate this once IT intensive exercise. Highly regulated industries also demand complex rules to govern access to various applications. Further, these same industries often have complex hierarchies of roles, application resources, or actions that can be performed.
An effective entitlement program must allow the user to centrally define and manage application entitlements and enforce them across a variety of application environments. These processes should also be dynamic and transpire in real-time- as companies that rely on manual updates can become bogged down with service requests and discrepancy resolutions. Thankfully for most, entitlements have evolved from an access guardrail to a value adding solution for both banks and clients.
The Evolution of the Entitlement
Where legacy entitlements were once deemed a necessary response to mitigate cybersecurity risk, companies can bring a new age to entitlements as they redefine their processes. Sophisticated companies should look to introduce multi-factor authentication (MFA) with token, SMS, biometrics, etc., as additional safeguards during high-risk transactions and across all devices. Even the most advanced processes can be limited to the underlying systems they rely on. Legacy Infrastructure and credentials can bog down efficiency and present security risks, but new cloud-native architecture can enhance both security and scalability.
New identity management systems can also introduce automated provisioning for role-based or custom mapping of entitlements. These entitlements can offer fine-grain control (velocity, time of action, dollar value, approval flow) while facilitating approval processes and notifications on-the-go. Entitlement processes, if used to its full potential, offer a myriad of additional uses serving auditable events and customized reporting and analytics.
How Capco Can Help
Capco’s Commercial Banking practice helps banks of all sizes enhance their entitlements capabilities by strategically navigating the build vs. buy decision and weighing the benefits and risks associated therein. Capco’s subject matter experts have the tools and expertise to develop extensible and scalable platforms with open-banking interfaces; integrating with third-party applications and centralized user identity / access authentication systems. Capco is well-equipped to assist with core-banking platform transformations, leveraging the latest technology and trends in APIs to implement solutions that can create operational efficiencies and revenue while transforming entitlements into a differentiated value-add solution.