The acquisition changed the bank. The access rules stayed — and got better.

The UBS headquarters building in Zurich, Switzerland.
Photo: Wikimedia

CAM

Brief

Migrate, extend, and re-platform a mission-critical client access management application from Credit Suisse to UBS's cloud infrastructure — ensuring 8,000 clients retain correct access to 85,000 assets without interruption.

Technology

Java 21, Spring Boot, JPA/Hibernate, PostgreSQL, Angular, TypeScript, OpenAPI/Apigee, JWT/MS-Graph API, Azure Kubernetes Service.

Specification-first API design via OpenAPI, integrated with Apigee for enterprise gateway routing. Real-time UI updates via Server-Sent Events.

8,000

clients managed

85,000

assets under management

150

business rules

Starting Point

2023. UBS acquires Credit Suisse in one of the most consequential banking mergers in European history. Thousands of systems need to follow. Among them: a platform that decides who gets access to what.

The Client Access Manager — originally developed by Irian for Credit Suisse — had been running in production for nearly a decade. It managed access to bank accounts and portfolios for 8,000 clients, enforced 150 business rules, and connected to 20 downstream systems. Not the kind of thing you casually rebuild.

The mandate: migrate the platform to UBS's Azure cloud infrastructure, connect it to a completely different set of systems, and extend both the data model and the UI — while keeping every existing client's access exactly as it was. Correctness here is non-negotiable: granting too little access costs clients money; granting too much costs the bank far more.

A screenshot of the CAM client search screen showing a search form and a table with client search results.

Development

Migrating a production system that has been running without incident for a decade is a different challenge than building something new. Every change has to be verified twice.

The Spring Boot application was retooled to run on Azure Kubernetes Services — replacing a legacy WebLogic application server with a modern, cloud-native deployment. New connectors were built for UBS's core systems: UBS Core Banking, the Portfolio System, KYC Hub, and Apigee Gateway. The data model was extended and the UI was updated to reflect UBS's business requirements.

At the same time, client data had to be migrated: every access assignment, every permission state, every audit trail entry. The rule engine — which lets business teams manage complex access logic without touching code — was extended to cover new UBS-specific scenarios. A dry-run simulation mode allows teams to preview the impact of rule changes before they go live.

A screenshot of the CAM rule engine editor showing a visual rule builder with conditions and logic.

Result

8,000 clients. 85,000 assets. 20 integrations. All access correctly transferred. All systems live.

The platform now runs on UBS's Azure infrastructure, connected to the full suite of UBS systems. Import jobs pull data from 20 sources on schedules ranging from real-time to nightly. Every state change, every user action, every rule evaluation is tracked in a full audit trail — regulatory compliance built into the architecture, not bolted on.

With extensive test coverage and automated end-to-end tests, the team maintains the kind of confidence that mission-critical infrastructure demands. The platform continues to evolve with UBS's business — new rules, new integrations, new requirements — without ever compromising the one thing it was built for: always getting the access right.

A screenshot of the CAM import/export overview showing data source connections, scheduled jobs, and recent run history.

Feeling inspired?

You have the idea — we have the solution.
We look forward to hearing from you.

Contact us

More Projects

The hand of a person holding a smartphone displaying the Bundesschatz web app.

Bundesschatz

A secure, user-friendly, and high-performance web app developed on behalf of the Republic of Austria.

View project
The interior of the Deutsche Börse.

Deutsche Börse

Europe’s largest and highly available power trading platform M7, operated by Deutsche Börse.

View project
The skyline of the city of Zurich.

Schweizer Privatbank

Self-service Identity and Access Management for streamlined access control.

View project
Facade of a classical Viennese building, home to Austria's financial infrastructure.

ADAS3

Greenfield rebuild of Austria's sovereign bond auction platform — managing EUR 315 billion in federal debt.

View project
Modern glass office tower representing the financial infrastructure of Credit Suisse.

AURA Distribution

Full reimplementation of Credit Suisse's mission-critical IAM distribution system — from proprietary Java EE 7 to OpenShift, in eight months.

View project
Screenshot of the AURA Runtime admin dashboard showing backend service overview with health indicators.

AURA Runtime

Modernization of Credit Suisse's central IAM authorization backend — from monolith to microservices on OpenShift, handling 10M+ requests per day across 4 global regions.

View project
Abstract visualization of a secure digital identity network with interconnected nodes.

AURA

Full-stack migration of Credit Suisse's central IAM system: 15 applications, 5M+ lines of code, migrated to Java 21, Spring Boot 3, and OpenShift in 8 months.

View project