Security Roles
The FintechOS security architecture is a unified framework designed to help clients identify and manage potential security risks across various business scenarios and environments.
Security roles are an integral part of this architecture, providing structured access control to safeguard data and minimize exposure to cyber threats. By assigning appropriate security roles, you can protect sensitive information and configure organizational layers that support secure communication, collaboration, and reporting.
The FintechOS platform comes with a set of default security roles, which you can find or assign in Studio by following the Security Roles documentation.
On top of this, Backoffice Insurance comes with its own default security roles, to empower certain users and restrict access to others only to the actions that they are allowed to do. Find below the security roles for certain areas of Backoffice, as well as the permissions that they have, such as rights to create, edit, approve, and so on. Some security roles have access to multiple areas of the product, such as Policy Servicing Officer which has permissions to Policy Admin and Billing & Collections.
These security roles take into account the "4‑eyes principle", which is a governance and risk‑management concept widely used in fintech, insurance, and other regulated industries. Two separate, authorized individuals must be involved in completing a critical action. One person initiates the action, and a different person must review and approve it before it becomes effective.
This prevents fraud, errors, and unauthorized changes, especially important in financial and insurance workflows.
Default Backoffice Security Roles
The following security roles are for Backoffice:
-
Backoffice Portal: Access and configure form extensibility.
-
Policy Admin Manager (super user): Oversight of all areas;
-
Product Admin Officer: Covers Product admin configurations, dictionaries, transaction types, indemnity/excess rules / manages system parameters;
-
Product Admin Supervisor: View, create, edit policies and masterpolicies. Reviews and approves configuration changes.
-
Policy Servicing Officer: Creates and manages policies/master policies, renewals, lapses, suspensions, cancellations. Initiates and recalculates mid-term adjustments / reports in use. It includes the permissions for former roles (available for versions smaller than 24.5): PolicyInfo, PolicyUser, Quote Admin.
-
Policy Servicing Supervisor: Reviews and authorizes policy actions (renewal, reinstatement, cancellation). Validates and authorizes MTAs before binding / reports in use. It includes the permissions for former roles (available for versions smaller than 24.5): PolicyManager, PolicySuperUser, Quote Admin.
-
Payment Officer: Posts payments, runs allocations, manages fees and invoices, notifications, filing documents/notes, tagging policies. It includes the permissions for the former role (available for versions smaller than 24.5): Operations User.
-
Payment Supervisor: Validates allocations, authorizes collections and fee adjustments. It includes the permissions for former roles (available for versions smaller than 24.5): Operations Manager, Operations SuperUser.
-
Reinsurance Officer: Configures and manages reinsurance contracts, treaties, and cessions for policies. It includes the permissions for the former role (available for versions smaller than 24.5): Reinsurance Info.
-
Reinsurance Supervisor: Reviews and approves reinsurance setups, changes, and settlement allocations. It includes the permissions for the former role (available for versions smaller than 24.5): Reinsurance Manager.
-
Claims Officer: Manages claim assessment, and payment processing. It was renamed from the former Claims Manager role.
-
Senior Claims Officer: Handles large, complex, or disputed claims, and payment processing. It was renamed from the former Claims SuperUser role.
-
Underwriter user: Performs risk assessment and makes policy decisions within defined authority limits. It was renamed from the former Underwriter user role.
Policy Administration
Find below the security roles and their permissions for certain areas of the product:
| Cluster | Policy Admin Area | Role Name | Possible Actions / Permissions | 4-Eyes Pair |
|---|---|---|---|---|
| Product Management | All areas | Policy Admin Manager (super user) | Full rights over all areas | n/a |
| Product Configurator |
Insurance Data Model Product Admin Configuration Generic Dictionaries Transaction Types Indemnity Limits & Excess System Parameters |
Product Admin Officer | View, Create, Edit | Product Admin Supervisor |
| Product Admin Supervisor | Approve, Reject, View, Create, Edit | n/a | ||
| Policy Servicing Officer | View | n/a | ||
| Policy Servicing Supervisor | View | n/a | ||
| Payment Officer | View | n/a | ||
| Payment Supervisor | View | n/a | ||
| Policy Lifecycle Management & MTAs
|
Policy/Master Policy Cancellation Suspension Renewal Reinstatement Lapsing Bulk Processes Quote and Bind MTAs |
Policy Servicing Officer | View, Create, Edit (Quote and Bind) | Policy Servicing Supervisor |
| Policy Servicing Supervisor | Approve, Reject, View, Create, Edit (Quote and Bind) | n/a | ||
|
Billing & Collections |
Payment Payment Allocation Fee Management Billing & Collection Invoices & Notifications |
Payment Officer | View, Create, Edit, Send Notifications | Payment Supervisor |
| Payment Supervisor | Approve, Reject, View, Create, Edit | n/a | ||
| Policy Servicing Officer | View | n/a | ||
| Policy Servicing Supervisor | View | n/a | ||
|
Reinsurance |
Reinsurance |
Reinsurance Officer | View, Create, Edit | Reinsurance Supervisor |
| Reinsurance Supervisor | Approve, Reject, View, Create, Edit | n/a | ||
| Payment Supervisor | View | n/a | ||
| Policy Servicing Supervisor | View | n/a |
Claims
Find below the security roles and their permissions for certain areas of the product:
| Cluster | Claims Area | Role Name | Possible Actions / Permissions | 4-Eyes Pair |
|---|---|---|---|---|
| Claims | Claims management | Claims Officer | View, Create, Edit | Claims Supervisor |
| Senior Claims Officer | View, Create, Edit | Claims Supervisor, Senior Claims Officer | ||
| Claims Payment Officer | View, Create, Edit, Send | Claims Supervisor | ||
| FNOL & Claims management | Reinsurance Officer | View | n/a | |
| Reinsurance Supervisor | View | n/a |
Underwriting
Find below the security roles and their permissions for certain areas of the product:
| Cluster | Underwriting Area | Role Name | Possible Actions / Permissions | 4-Eyes Pair |
|---|---|---|---|---|
| Underwriting management | UW/Quote | Underwriter user | View, Create, Edit | Senior Underwriter, Underwriting Supervisor |
| Underwriting management | Underwriter user | View, Create, Edit | Senior Underwriter, Underwriting Supervisor | |
| Underwriting Supervisor | Approve, Reject, View, Create, Edit | n/a | ||
| Policy Servicing Officer | View | n/a | ||
| Policy Servicing Supervisor | View | n/a | ||
| Reinsurance Officer | View | n/a | ||
| Reinsurance Supervisor | View | n/a | ||
| Claims Officer | View | n/a | ||
| Senior Claims Officer | View | n/a |