Request a Demo
Finance & Insurance

Role-Based Access Governance at Scale: W&W Group Case Study

The Wüstenrot & Württembergische Group implemented NEXIS to establish a structured authorization role model – reducing governance complexity and strengthening compliance across its financial services operations.
Finance & Insurance

ABOUT WÜSTENROT & WÜRTTEMBERGISCHE

Wüstenrot & Württembergische AG (W&W) is a listed financial services group headquartered in Stuttgart, formed in 1999 from the merger of two long-established companies. The group operates across two core business segments – BausparBank and Insurance – offering security, home ownership, risk protection, and asset formation. 

With around 13,000 employees and approximately six million customers, W&W is the largest independent financial services provider in Baden-Württemberg. Through an extensive network of partner sales organizations and broker channels, the group reaches more than 40 million people across Germany.

Managing authorizations consistently and correctly across this scale requires a structured governance framework – one that keeps pace with regulatory requirements and organizational complexity. 

  • Headquarters: Stuttgart, Germany
  • Employees: ~13,000
  • Customers: ~6 million
  • Operations: Germany-wide

With NEXIS, W&W was able to

Implement a Company-Wide Authorization Role Model

Introduce structured, role-based authorization assignment across all organizational units

Simplify Entitlement Assignment for New Employees

Bundle dozens of individual authorizations into manageable business roles - assignable in a single step

Ensure Segregation of Duties Compliance

Enforce SoD rules systematically across the authorization landscape

Visualize the Entire Role Landscape

Display role structures and their context at a glance using NEXIS role visualization capabilities

Reduce Administrative Effort in Access Management

Cut the workload involved in authorization applications, administration, and recertification

Achieve High Acceptance Across All Stakeholders

Enable line managers and business departments to understand and validate role structures independently

The Challenge

As regulatory requirements in the financial sector continued to increase, the W&W Group recognized the need for a structured, systematic approach to authorization management. Ensuring that employees held only appropriate access rights – and that those rights were correctly documented and auditable – had become a strategic priority. 

Without a role-based model, authorization assignments were handled individually. New employees required dozens of separate entitlements to be issued manually, creating administrative overhead and increasing the risk of incorrect or excessive access. Compliance with segregation of duties requirements was difficult to enforce and even harder to demonstrate. 

W&W needed a consulting and implementation partner capable of delivering a complete authorization role model – designed along the organization’s structure, aligned with regulatory standards, and built to last. 

 

The goal was to: 

  • Introduce a structured authorization role model across the entire organization
  • Ensure appropriate, policy-compliant assignment of access rights
  • Reduce the administrative effort in user and authorization management
  • Enable transparent visualization of roles and entitlements for business and IT stakeholders
  • Reduce business risk through consistent SoD enforcement

The Approach

Working in close collaboration with implementation partner IPG, W&W developed and rolled out a comprehensive authorization role model using NEXIS – structured along the organization’s functional units and built on a combined bottom-up and top-down analysis methodology. 

Bottom-Up / Top-Down Role Analysis

Functional user requirements were systematically mapped to authorizations using a combined analysis approach - ensuring the resulting roles reflected actual business needs.

Organizational Rollout Along Business Units

Implementation followed the organizational structure unit by unit, allowing findings from each phase to continuously improve results in subsequent ones.

Parallel Delivery by Internal and External Experts

IPG consultants worked in parallel with W&W's internal specialists throughout the implementation - combining best-practice methodology with deep organizational knowledge.

Role Visualization with NEXIS

NEXIS enabled new business roles to be developed, validated and visualized in context - making the entire role landscape transparent and understandable for line managers and business departments.

Bundled Role Assignment for Streamlined Onboarding

Instead of issuing individual authorizations, new employees now receive bundled business roles - significantly reducing administrative effort and error risk.

The Results

The introduction of the authorization role model with NEXIS significantly strengthened governance across the W&W Group. Authorization assignments are now structured, transparent, and consistently aligned with business roles – reducing both administrative complexity and compliance risk. 

The visual representation of role landscapes in NEXIS played a key role in driving adoption. Line managers and business departments could understand and validate role structures without relying on technical IAM expertise – a critical factor in achieving broad stakeholder acceptance across the organization. 

Results: 

  • Simplified authorization assignment:
    Dozens of individual entitlements consolidated into assignable business roles
  • SoD compliance:
    Segregation of duties requirements enforced systematically across the authorization landscape
  • Reduced administrative workload:
    Effort in authorization applications, administration, and recertification measurably reduced
  • Transparent role landscape:
    Full visibility into role  structures and their organizational context via NEXIS visualization
  • High project acceptance:
    Clear, visual role representation drove understanding and buy-in from line managers and business departments across the organization 

“With NEXIS, we can efficiently perform role mining to gain fast and accurate role proposals. Furthermore, the tool helps our business teams and IT to better understand our role composition for optimization measures.”

Niklas Murr Product Owner IAM, dm

See How Structured IAM Governance Works in Practice

See how NEXIS helps organizations replace manual access administration with scalable, traceable, and audit-ready governance.

Request a Demo

Read more Success Stories