Securing Staff Movements with IAM & PAM Automation at TSB Bank

TSB Bank’s previous approach to managing staff movements and access involved manual processes that presented several issues:

• Inefficient Role Changes: Manual updates caused delays and inconsistencies.

• Compliance Risks: Access was not always updated in line with staff role changes, increasing the risk of unauthorised access.

• Offboarding Gaps: Delays in revoking access and limited visibility into privileged accounts increased security concerns.

• Lack of Automation: Existing, non-automated workflows lacked scalability and did not meet regulatory expectations.

The bank also had to maintain compliance with the Privacy Act 2020, AML/CFT legislation, and Reserve Bank of New Zealand guidelines, which emphasises secure access controls and the protection of sensitive data.

Activate delivered a tailored solution that introduced automation, improved oversight, and strengthened compliance:

• Role Change Automation: Automated user updates and dynamic role-based access controls using .NET Core and Microsoft Graph.

• Offboarding Enhancements: Automated access revocation, delayed deactivation to support handovers, and secure removal of privileged accounts.

• Privileged Access Management (PAM): A PAM module was deployed to manage privileged accounts, with automated provisioning and de-provisioning supported by monitoring dashboards.

• Custom Workflows: Updated service desk workflows and web templates to streamline access changes, along with enhanced reporting and notification systems.

Activate helped TSB reduce manual processing time for role changes, staff transfers, and offboarding. The solution also enabled the bank to free up internal teams to focus on more strategic initiatives and strengthen security by reducing the risk of unauthorised access.

Key Outcomes:

• Consistent and automated role and access updates

• Streamlined privileged access controls

• Workflows aligned with industry best practices and regulatory requirements