Harnessing the Power of Web Access Control Manager
OVERVIEW
In this case study, we will discuss how a Global Bank implemented our Web Access Control Manager to help them achieve adherence to the SEC Systems Compliance Integrity (SCI) regulation for their Single Bank Trading Portals. This has been part of their continuous improvement program to identify issues like this that proactively mitigate risk and result in fines and substantial reputational risk.
PROBLEM STATEMENT
Fixed Income and Foreign Exchange Single Bank Trading Portals allow traders to trade assets on behalf of their firm. With enhancements to these trading services, closed systems have been migrated to light weight portals delivered via the public internet. These closed systems were very expensive to maintain and used proprietary technology that was hard to support. Also, traders had to be in the office to trade or in a Disaster Recovery office, which was also very expensive to deploy and maintain. The lightweight portals via internet connectivity allow traders the flexibility to work in a hybrid environment. This flexibility came at a cost which is why Regulation SCI was established.
- Users of these portals know their Trading Portal credentials and could share them which effects the integrity of their trading
- Many of these systems have no auto time-out function which creates a security and compliance risk should a trader leave their desk
- Removing unused trading services is a very manual process and in many cases is not known and at best is not maintained
- There are no password reset policies with many of these services exposing the firm to being at risk in violating their own compliance password reset rules
- Process to add, remove trading services is manual and requires multiple processes to add or remove a user from the Access Identity Management System and vendor entitlements. Off-boarding of users has typically been a problem for the industry for decades.
OUR SEC SCI TRADING PORTAL SOLUTION
West Highland’s SEC Regulation SCI Trading Portal Solution addresses these issues enabling clients to achieve compliance with the regulation. It provides all the security and compliance capability outlined in the regulation. This includes:
- Storing all user and service credentials in a centralized vault
- The ability to set a timeout for each trader based on a timeout policy
- Provides reporting of non-usage to ensure service access is up to date and accurate
- Automation to receive service changes, adds, and removals from client Access Hubs
- Automation to reset passwords to trading venues based on client policies
- Integrates with client Access Identity Management (such as SailPoint) to normalize the different single bank entitlement file formats to a file format that the AIM requires
OUR SOLUTION DOES THE FOLLOWING
- Completely & securely controls access to portals / websites, etc.
- Ensures compliance with licensing agreements and SEC Regulation System Compliance Integrity rules
- Tracks usage / non-usage activities
- Integrates with client Active Directory, users sign into our service with their corporate credentials
- Integrates with client password Vault for storing each service credentials (user does not know their password)
- Integrates with client Access Identity Management (such as SailPoint) to normalize the different single bank entitlement file formats to a file format that the AIM requires
- Integrates with client Access Hub to automate the management of user add, moves, and changes
- Automated password reset policy (based on client policy) to ensure that passwords are refreshed. Our Global Bank Clients are very excited about Automated Password Reset as it completely removes the manual process of password resets and allows our software (WACM) to automate and control them.
- Saves the screen locations where the trader places their website windows – (Like the old green screen monitors)
- Fully deployed at client premise, or hosted / cloud deployed at client request
RESULTS
The client was able to control and report to senior management and the SEC that their trading portal access has the controls in place to ensure compliance with SEC Regulation SCI additionally reducing any financial risk due to fines and maintaining reputational integrity.
WACM has been tremendously successful and effective that clients are now implementing this beyond market data and into enterprise services such as legal, accounting, human resources, etc.
ABOUT WEST HIGHLAND
West Highland is a vendor-agnostic managed service provider, recognized globally as an industry authority and thought partner for market data, referential and professional services for 25 years.
West Highland is referred to as “The Gold Standard” for managing, installing and architecting robust market data platforms. We continue to lead the industry with innovative tools and services that increase visibility, manage capacity and maximize uptime while reducing overall operating expense.