Event Recording

Building a robust CIAM foundation, fit for the dynamic financial market

Log in and watch the full video!

As organizations are recovering from the pandemic, many of them embark on a digital transformation at high-speed. Investments to drive online business, powered by customer insights and an attractive user experience, yet secure and compliant to rules and regulations, have never been bigger.

NN, an international financial services firm with over 15,000 employees, is changing from a traditional insurance firm into a modern and online financial services firm that focuses on frequent and valuable customer interactions. NN is providing these online services across multiple channels in a secure and compliant manner while offering its customers an outstanding user experience. For this NN has implemented a robust innovative IAM platform that entails key functions like identification, verification, authentication and authorization, fit for the dynamics of the financial industry.

Join Ronald van der Rest & Bas Kerpel, who lead NN's IAM Platform Teams, as they explain how powerful Customer Identity & Access Management can be, when you are transforming your organization to become successful in doing business online. Ronald and Bas will share relevant insights into NN's IAM Platform and will touch especially on its identity orchestration capabilities.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Welcome to the final hour of the second stream of day two of EIC 2022. The stream is called digital transformation from idea to reality, I would like to introduce you to VA capital and owner fund vest. Not that German pronounced this time. They will talk about building a robust CIA M foundation. So consumer ID, consumer identity, and access management fit for the dynamic financial market. I'm really looking forward to that. I had to chat with them before. This is really interesting. Looking forward to your presentation. The show is yours.
Thank you very much. Hi everyone. Thanks for joining us. Building a new CRM platform in any business is a large challenge. And if you take it to your account, we are one of the largest financial institutions of the Netherlands. Over 5 million customers, 250 products ranging from insurance to pensions, life products and banking products. It becomes even harder. If you take into account that we are in an, in a transition coming from a traditional insurance company to a more digitalized, right? Digital last mobile insurance and banking company. It becomes even harder again and above that. We want to keep the current market open. So the shop needs to be open while we are making these changes. So it's a Herculean task. And how did we do that today? We're gonna share with you exactly how we did that. Yeah, it works. So if you want to change your business, if you want to transform the ability to change into adapt to your customer, questions is important. So this is a quote from our CEO, or really helping us to drive this, this innovation platform. And this ability to change relies on many factors. And one important factor is cm. And of course, this is the part where Ronald and I are responsible for. So this is the part we're gonna lift out. I think you might be interested in that.
The question comes, what is the best cm platform? There is none, at least in our endpoint opinion, there is none. Of course, there are a lot of vendors in the room who would say, no, ours is best and you can use it. And we totally believe you that's that's okay. We, we know you have great products, but there's not one point in place, which is perfect. So these are the three access that we take into account in our way of defining what is good. And we always start with the customer because we want to be customer centric and it started there and it ends there. So the customer wants seamless processes, frictionless processes that can be offered by cm, like applications. Bottom left, we see security and compliance and with security and compliance, we mean the total package. So this could be data privacy. We had a great piece of max million scrums yesterday, bringing new types of rules.
This could be all the regulation coming from ABA, DMB, whatever, but also heck is coming from outside and all the stuff we need to do to be secure and compliant. And on bottom left, we see of course, cost effectiveness. We know building a robust cm platform takes money. It will cost money and having higher quality will cost you more and taking more boxes in customer experience and security compliance will cost you perhaps even more, but it should always be affordable. And the cost of this doing business should not outweigh the cost of users wanting to pay for us. So the optimal balance is always within this triangle and we're trying to achieve that in every decision we make is also always within this triangle
And we're getting there. So we're in transition and we're getting there, but the day we will get, there will be outdated because of course, new leg legislation will come. New hackers will come. New compliancy rule regulation will come and we need to pivot and adjust. I might get extra budget to do stuff or less budget to do stuff. And then we need to pivot and adjust again. And of course, customer demand will grow. Eh, what is normal for a customer today will not be normal for a customer tomorrow? The data a competitor of ours will introduce new easier flows. We have to compete with them and get on par with them. So the optimum position is not somewhere in here. It's constantly evolving and, and building a robust cm platform is the way to meet that demands.
So striking this balance between user experience security and cost effectiveness is actually a continuous game. And we've been playing this game from over 175 years already. We did this from the inception of our organization and behind us, you see here a nice picture from way back, one of the earlier office buildings from an end place in Rotterdam. And in that day and age, we actually gave our customers a physical document that gave them proof that they had an insurance at our organization and better yet. We actually sent agents going through their homes, knocking on their doors and asking for an insurance premium, like 10 cents. And we did this on a weekly basis. So that's a very frequent up close and personal contact moment. And if you then looked at the triangle from the previous slide, that is a very secure process, actually, because at that moment in time, you have a relationship, you know, the identities that you're dealing business with.
So that's in that case, quite hard to do some fraudulent actions. And on the other end, that physical document that they had was also a pretty good user experience because back in the days, people really wanted to have something physical when they bought a product. So, and actually that was also quite cost efficient back then as well. So that was back then, but now let's fast forward actually 175 years later, digital transformation is happening and customers, they want one, it all, and they want it now. So how do we still maintain in that vibrant world? Up close, personal, irrelevant relationship with our customers?
Yeah. So for NN having that personal relationship revolves around the world, carefree or better carefree financial wellbeing because financial wellbeing is the product that we're delivering. And for me, this picture on the beach represents being carefree because when I'm on the beach, I play beach volleyball as a hobby, I'm totally carefree because then everything is gone. I enjoy the sun, ILO, enjoy the game and we're having fun. And that's what we're trying to achieve for our customers as well, that they don't have to think about their finances, not their material assets that they are secure. And every second, they're not thinking about that. They're having fun and we're helping them with that.
Are we doing that? This is a huge slide, a lot of text, but it's a graphical representation of our financial companion. So on the right hand side, you see one of our target audience, which is a hectic family. You might be a family, yourself having kids in young age, driving to swimming, lessons, to sports, whatever all day, you don't have the time to think about your finance. You don't want to think about your finance, you're building your financial position, but you do not want to do it while sleeping for each target audience. We will present a different type of app personality taking into account the needs and desires that you have as a target group. And on the left side, you see the company, of course, with all the products that we serviced through this, through this app, bring it back to cm. We want to be there when you need us and where your need, what, those are two questions that are relevant to see 'em any day. So, so here is the, the golden point where we want to make difference in the customer life cycle. There are so many life events, of course, at the start you'll onboard with us and we'll do the KYC thing who makes you sure that are. And we use those attributes in every step of the customer journey, along the way to authenticate you in that transaction.
So you might buy a new product, you might do a payment transaction, you might get a divorce. So all these life changing events make sense. They offer opportunities or perhaps not a divorce, or perhaps it does. I don't know, know, but there might be risks. There might be opportunities. And we want to be there when you need us, where you need us. So again, cm will help us make a difference in this sense. And if you don't do it correctly, it will make a difference in the wrong end of sense. Yeah. So we will be not an enabler of business or, but the DISA enabler of business. So how do we do this technically or not? Okay. If you do
Thing. Yeah, thanks. So buzz has thought about what we want to achieve and why we want a better cm platform, but for achieving that you need a proper cm strategy first and defining a strategy starts with observing your environment. So I'm just gonna give here a small gist of how we did this at an end to take you a bit through it. And it all starts with the retail customer when they do digital interactions with us, that mainly goes via the M Porwal, the web Porwal and also the mobile app and organizational wise that is backed by respective teams as well in, within an end. And they are driven by that same digital transformation that we together want to achieve. But this is not the only identity that we need to take into consideration because this is the business, good to consumer stream, but we also have the business to business streams as well.
So we have identities from our business customers and they actually have a specific other channel, mainly the business customer Porwal in there. They are backed as well by a team in our organization. And again, driven by the digital transformation. Now here comes the, the cool thing is the business customers. They are mainly the, the people or the organizations that have their retirement funds at and end, but I do so for their employees and the employees again are retail customers. So you see already there's relationships between these identities, which is important to take into consideration when thinking about your CRM strategy. Next part of the identity groups is the brokers. They're extremely important for an end. And they bring in a lot of revenue. They sell our products and they specifically use the broker Porwal for achieving that goal. Again, backed by a team driven by the digital transformation and last but not least, these are also of course related again with the, the retail customers.
They do it on behalf. So this is a business to business to consumer. Then we have the NN employees. That's also of course, really important identity. They take care of all kinds of support related questions for all these customers. And they do that via our co environment. Again, backed by another team, again, digital transformation. So taking this whole environment into consideration for cm, how do you place it then? Well, you have to cm teams driven again by the digital transformation, but you have to align with all those specific teams as well and impact on the different channels that we have. Now. There's one environmental factor that is also extremely important to us as a financial organization, because there's a lot of regulations surrounding us. The law and legislation here greatly impacts on the way that we need to do customer identity and access management. So we took this environment and translated them into the following requirements. The first one being robust, wait,
Hold on. We did not do this along. Right. So I wanna get a shout out to our implementation part and strategy part at PWC who helped us in this, this journey to make sure that we got the right requirements ready. So yeah, I wanted to mention that
Bedo. So it needs to be robust. It needs to be also based upon open standards, because obviously we want to also build upon towards the future and it's gonna be new solutions, new applications coming in, and we don't want to be locked in into this proprietary protocol. So open standards is really important aspect in it. We wanted it to be flexible and low code because we have this really complex environment and we don't want to be wasting our time on just writing code. We want to really create these so short delivery life cycles and push features to production quickly. And that local part really helps us in that non-repudiation omnichannel support and progressive pro profiling all requirements that we want to take into considerations when looking at our processes regarding identification authentication and authorization on our services. So this is what we take into consideration when we started building up the stack. Now, how does it look like our backbone foundation is for? So they've been with us from the beginning and a really important element in how we set up the cm stack. It was really a mature fend, and we further enhanced it actually with the, the solutions from transmit security. We actually use as our orchestration layer to build out all these different identity journeys quickly in a local manner as well.
And they cater for the different channels that we already explained in the previous slide and also for the different identities, but then it's not finished yet because there's a lot of things happening on the identification part. So we took it into another partner of ours, which is fourth line for the verification processes and for the third party authentication mechanisms that are also constantly involving and surfacing in the industry. We actually connect where NIC of, and when you successfully go through this process and all these funnels, you get to the crown jewels, which is our API gateway, where we manage the authorizations as well together with the rest of the step. Now this is obviously our new world, but we are a very old company, one over 175 years. We also have a lot of legacy systems. So we need to keep the shop open. So while we were moving towards this new stack, we actually had to make sure that we integrated correctly with our legacy systems
And the combination of the orchestration, the foundation yesterday, Martin Cooper gave the, the keynote speaking with the new introduction of awards for us, at least composable. We never used the word, but we recognized the composable part within this picture. So we're very glad that we're on par with those new new regulations. Yep,
Exactly. Because we now have the stack that enables us to pivot around in the robust triangle to exactly fit the requirements that we want to achieve to become that agile organization that we need to be also on the cm level.
Oh my turn again. Yep. So this is in Dutch cause we're a Dutch company, marketings were using this slide to market. We sponsor this beautiful man it's called alio Kip yoga who ran the marathon in under two hours, one hour and 59 minutes, which is awesome. And we took that as a challenge and an inspiration. So we say it, Hey, on the KYC part, why don't we onboard our customers at a banking grade level in on the two minutes. So let's take one minute to 59 seconds as a goal. And we know this is highly ambitious because the benchmark in the market is somewhat higher, but why not? You shoot for the, for the stars you land on the moon, if you miss. So we're happy to take on this challenge and we're trying to, to make this happen. And at the moment it looks pretty, okay, so this is one of the things our users will, will notice by building up our stack.
Second part is around authentication. So we all know authentication. It's a word being used here today. I think a zillion times, I just wanna name three items, how we use that. So one is omnichannel. So you go to the chatbot and you say, Hey, I'm getting a new address. I want to move. And that's just a chatbot. The chatbot cannot confirm your identity. So we put place a push notification in the app, you authorize there with your fingerprint or your face ID. And that point of time, the mutation, all the backend systems will be done instantly.
Secondly, what was it? What was my second example? Oh, changing, changing out in case, I mean, sorry, changing journey. So let's say you use S apple phones for doing face ID. And let's say version 15 of apple is compromised. The phase ID software is compromised today. Apple will release a new patch or later on this week, but today our customers are compromised and might be exploited. So real time we can go into our transmit journey and sign off the face ad part. And let's use only authenticated messages with our pin number, keeping it safe, mitigating the risk instantly at real time. So that secondly, and thirdly risk based authentication. So if I want to pay Ron yesterday, we went for drinks in a Mercedes-Benz arena and I pay him 10 euros. Of course, that's an amount with a low risk to a person. I know it's okay, but now I want to buy a summer holiday in Romania. This doesn't happen very often. At least not for me. I dunno how it is for you guys. But so this is of course, much higher risk. The amount is higher. The location is higher and fact that not within my general normal behavior pattern, it's also higher. So then we need a step of authentication and the step of authentication is real time brought to the user. So those are just three examples of functions. Our users will are already seeing or will be seeing
Now what did it in the end all result in? So we now have this, have this cm platform, but in the end, it comes down to creating trust. So it's again in the triangle first and foremost, we are trusting now that we can easily jump into the new, low and legislation. So our regulators are pretty happy about the trust level there. Second of all, we have created the really seamless developer experience with it as well. So like was already mentioned low-code environment only requiring to do some service side changes and not on the clients. So it's a very seamless experience, but for and foremost is the customers themselves at day one. It all they want now. And we've been already playing this game with them for 175 years and have this trustworthy relationship with them and we're going to continue to do so for the upcoming future. So thanks everybody. And obviously if you want to know more, feel free to hit us up during the networking drinks.
Thank you very much. Great presentation, nice lights, really great presentation. Thank you very much. I, I have to do this as well. I have to find a partner. So we, unfortunately we don't have time for questions, but hit them up as they said. Yeah,
We're here all night. So if you wanna contact us, do it in the app or whatever, and we'll be doing drinks. Yeah.
Right. So I have to move over to the next speaker. Thank you very much.

Stay Connected

KuppingerCole on social media

Related Videos

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Webinar Recording

A Winning Strategy for Consumer Identity & Access Management

Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00