We’ve worked together with the ABN AMRO for more than 20 years. We developed their original Signature Registration System (SRS), and we’ve made many changes over the years. Despite the impact of Corona, 2020 has been exceptionally busy. Migration to Azure is our current focus, but this year we’ve also worked on two other SRS enhancements: adding support for NJM (New Job Model) and AGF (Access Governance Foundation).
What is SRS?
SRS is a custom solution we built for ABN AMRO, but the principles apply to every large corporation. Large international concerns confirm and authorise their actions through a Power of Attorney assigned to individual employees. To manage transactions between branches, and between ABN AMRO and third parties, it’s essential to check both the signatures and the authority of employees. SRS (the Signature Registration System) authenticates these transactions.
Regular SRS changes
SRS is a crucial resource within the bank. Therefore, there is a continued need to extend and improve SRS to meet new requirements and to support infrastructure changes.
The latest version of SRS supports the entire workflow of applying for a new Power of Attorney (PoA) for employees. It also automates changes or updates to an employee’s authority, using regular updates from the in-house SAP HR system. These integrations keep SRS information up-to-date and reduce the amount of data-entry work within the PoA team.
The latest updates: AGF and NJM
When the bank changes its infrastructure, BSL has to be ready to make changes. We carry out many small changes under our maintenance agreement. However, in 2020 ABN AMRO introduced two changes that have triggered two significant developments.
- AGF (Access Governance Foundation) integration
- NJM (New Job Model) integration
Access Governance Foundation
Previously we identified SRS users using their network identity (sometimes called a GUID). We provided a management interface within SRS to assign roles and rights for each user.
We have now integrated SRS with the ABN AMRO Access Governance Foundation or AGF, which provides an authentication layer, linked to a global Active Directory. AGF-compliant applications can query the directory, discovering the rights assigned to each user. Now we have integrated SRS with AGF, ABN AMRO can manage users and their SRS roles via their central infrastructure. We, of course, don’t have direct access to the ABN AMRO security infrastructure, so during our development, we replicated AGF using Shibboleth/LDAP and the OpenID Connect (OIDC) protocol.
New Job Model
Integration with the ABN AMRO HR system means that we could automatically assign most Power of Attorney (PoA) authorisations, using function codes assigned to each employee. They previously had over 1300 function codes, each assigned to specific PoAs.
Understandably, the bank was looking to simplify the number of individual function codes, introducing the New Job Model (NJM). Unfortunately, this made the automatic assignment of Powers of Attorney very difficult – or more accurately – impossible. Whilst the PoA team could try and manage all of the PoAs individually; they have more than 7000 PoA assignments within the bank. They need to update these PoAs when new employees join, each time they move to a new role, or when they leave. Their workload would have increased dramatically, requiring an expansion of the PoA team.
The solution wasn’t straightforward, but together with the ABN AMRO, we decided to introduce a new workflow, so that department managers can now request, review and approve PoAs for any members of their team. Using initial insights into the NJM, we adopted an incremental approach, based on a series of user stories that defined the goals for the development. It was an Agile development, giving us many “touchpoints” with the client, during which we could fine-tune our ideas.
Success, and on to the next challenge
We completed these projects on schedule and have supported a series of acceptance tests. Both changes are now in production, and we have moved on to the Azure migration project.
These projects show just how flexible BSL can be. We have Identity Management experts available, covering a wide range of technologies and protocols. We also have designers and architects that work together with clients to design custom solutions, and then work with our developers to guide the development. And because all of these services are in-house, we can move quickly, and produce secure, high-quality solutions.
During our projects, the project leader is in regular contact with the client. New insights may significantly influence the direction of travel. It’s essential for us to work closely with the client, as we can minimise any impact on the development costs. And if additional work is unavoidable, we can present a range of options, giving the client full control of their budget and expenditure.
We provide a customised service because every project is different, and every client will have its own specific needs. We’ve been doing this successfully for more than 25 years. If you have any questions for us after reading this blog, or you’re looking for an experienced, local software developer, please contact us, and we’ll be happy to give you advice without obligation.