Raising Recertification Quality at FI-TS – Aligned with Governance and MaRisk

How FI-TS Replaced Excel-based Recertifications with a Scalable, Regulation-ready Solution Using NEXIS 4 – Ensuring Auditability and Compliance with BaFin Requirements

Stricter Governance, Higher Recertification Standards

As the IT service provider for the SparkassenFinanzgruppe and Landesbanken, Finanz Informatik Technologie Service (FI-TS) supports highly sensitive IT environments. In this context, access to systems and software must be tightly controlled — and recertified regularly.

With increasing governance demands and strict compliance requirements under MaRisk (BaFin), FI-TS sought to modernize its recertification processes. The goal: full auditability, role-level transparency, and better coverage of all user types.

From Excel to Enterprise-Grade Governance

Previously, semi-annual recertifications were handled via Excel. This method was prone to human error, lacked full traceability, and didn’t provide adequate assurance that managers had reviewed all assigned rights.

Inability to confirm that all authorizations were viewed

Difficulty handling technical users, exclusive roles, and HPU (highly privileged user) scenarios

No systematic mapping of twin roles or dynamic entitlements

Lack of completeness in line with MaRisk obligations

Integrated, Scalable Recertification with NEXIS

FI-TS partnered with the IAG experts at Nexis partner TIMETOACT GROUP to implement NEXIS as the new recertification platform. Designed as a web application, the solution uses a universal data model and provides:

Complete recertification of all users and roles — including personal, technical, exclusive, and twin roles

Granular UI-based configuration without scripting

Workflow-driven approvals to ensure every object is actively reviewed

Dynamic linking of third-party systems via REST and nightly exports

The software requires virtually no programming, but can be configured in the user interface and settings can be clicked together. This allows granular control of what is to be recertified and displayed.

Christian Höfs

Project Manager, FI-TS

Seamless Connection Across IAM Systems

The recertification solution integrates tightly with FI-TS’s core IAG software (Garancy IAM by Beta Systems). Nightly exports deliver complete, up-to-date views of:

All users and roles

Organizational structure and responsible managers

Twin roles and HPU-based entitlement constructs

Systems not natively connected to the IAG suite also feed account and rights data into the recertification platform. NEXIS consolidates this information and routes it to the correct approvers.

MaRisk-Ready Recertification, Fully Auditable

Compliance with MaRisk and internal governance policies

Completeness principle enforced via two-tier role model (business + component roles)

Real-time role status through continuous sync with IAG – not cut-off based

Improved audit trail and better manager experience

Foundation for role modeling and further governance automation

About FI-TS

Finanz Informatik Technologie Service GmbH (FI-TS) is a leading IT service provider for financial institutions in Germany. As a subsidiary of Finanz Informatik and a key technology partner to the SparkassenFinanzgruppe and Landesbanken, FI-TS delivers infrastructure, data center operations, and application services in highly regulated environments. Around 1,000 employees support both internal systems and those of affiliated financial institutions — with a strong focus on security, compliance, and operational reliability. The company operates from several locations, including its headquarters in Haar near Munich as well as offices in Hanover, Nuremberg, Offenbach, and Fellbach near Stuttgart.

Success Story FI-TS