How can a comprehensive Digital ID framework prevent insurance companies and banks from potentially severe regulatory gaps?

Regulatory gaps in Digital ID Management can lead to high costs for insurers and banks

Many insurance companies and banks encounter difficulties in fulfilling the regulatory requirements for Digital ID Management (e.g., AML and KYC as well as segregation of duties regulations) resulting in regulatory findings and projects with budgets of millions of euros – only to close regulatory gaps. To avoid future gaps and to lay the foundation of a comprehensive Digital ID Management, they should focus their efforts on establishing a holistic regulatory Digital ID framework that encompasses the main areas of Digital ID Management and addresses the following key guiding questions.

Can your organization answer the guiding questions for these regulatory frameworks?

Identity and Access Management (IAM):

• Who has access to data and systems? This question refers to the need for organizations to have a clear understanding of the types of data and systems they have, and which users are authorized to access them.
• How is access granted and managed? This question refers to the need to have clear policies and procedures in place that define the processes by which access is managed and how segregation of duties is enforced.
• How is access secured and monitored? This question refers to the need to implement adequate security controls to protect against unauthorized and to monitor access events for signs of potentially malicious activity.

Privileged Access Management (PAM):

• Who has privileged access to systems and data? This question refers to the need for organizations to have a clear understanding of the users who have privileged access to systems and data because privileged users (such as administrators) have rights that allow them to perform critical tasks.
• How is privileged access granted and managed? This question refers to the need to have clear policies and procedures by which privileged access is managed.
• How is privileged access secured and monitored? This question refers to the need for organizations to implement appropriate security controls to protect against unauthorized access and to monitor access events for signs of potentially malicious activity.

Customer Identity and Access Management (CIAM):

• How is customer data collected and stored? This question refers to the need for organizations to collect and store customer data in a way that complies with data privacy regulations, for example GDPR.
• How is customer access to data managed? This question refers to the processes by which customers are granted access to their own data as well as to the data of other relatives or spouses.
• How is customer identity and access secured and monitored? This question refers to the need for organizations to implement appropriate security controls to protect customer identity and access, and to monitor access events for signs of potentially malicious activity.

What are the next steps?

In order to establish a regulatory framework that covers all aspects, three main steps should be taken:

1. Analyze your current framework according to the specific regulatory context and identify potential gaps before investigators raise findings – it is important to be proactive to avoid potentially high fines.
2. Assess whether your existing Digital ID Management systems can sustain the needs of the regulatory environment now and whether they are flexible enough to be rapidly adjusted for future requirements – in most cases, the Digital ID solutions are insufficient and require adjustment or exchange.
3. Create the framework and corresponding processes either with your existing or a new system and plan an appropriate change management approach to execute efforts effectively.

If you would like to assess your current regulatory framework or systems, or learn about your regulatory change management approach, we have the expertise to support you when it really matters.

The next article of this series will focus on the current customer experience challenges insurance companies and banks face and how Digital ID Management can improve client satisfaction.