I'm very happy to be standing here. And the reason why I am standing here is that basically our implementation-- we started with One Identity, I think it's almost now three years ago-- is considered successful. It says it here but it's really-- I'm really proud with all the ING colleagues in the room to be able to be here and to give this presentation.
So it's not only me. It's together with the partner together, with the colleagues from ING, we're really happy to be there. So before we start, my name is Wim Beems. I was driving the implementation of a new model for identity and access management, together with selecting the technology. And on the other side--
My name is Ciro, and I was leading the [INAUDIBLE], to help the customer to achieve the project.
Thank you. So before we start with more deep dive, let's give a short introduction for those who do not know what ING is all about. And most of you most likely know that it's something to do with financials. We were created by a merger with a banking combination, called NMB Postbank and an insurance company, a long way back called, [INAUDIBLE].
Later on, that combination, NMB, was renamed. It was ING Bank and the Postbank. And in 2009, there was a merger between ING Bank and Postbank, and we basically became ING. Just before that, in 2008, most of you remember we had something to do with the financial crisis.
In the Netherlands, that meant that we were obliged, due to some governance support we received in that area in that period, to split up again the banking and insurance. We completed that in 2013. And after that, it's only a financial banking institution. We have some close ties with the insurance company, but mainly financials.
Next to a wholesale banking industry, which is represented, from the top of my head in 40 countries, we also have 37 million retail customers in 11 countries. And not so many employees as Airbus has, but we have approximately 90,000 internal and external employees, for which we need to do identity and access management.
Quickly, most of you will know it, but let me explain why IAM is important in a banking institution. So first of all, it's all about protecting the data of our customers. This is so very, very important for us. I cannot stress that enough. Next to that, we have, of course, the fraud protection, complete departments within ING who do a fraud analysis, have specific systems for fraud detection, et cetera. So that is really, really part of the security posture of ING.
I think it's fair to say that, from a regulatory perspective, the world is changing. If you look 10 or 15 years ago, if you have implemented Role Based Access, and people were not sending any more emails directly to functional mail departments, where they said, I want access for this application or this application role, then you were already one of the big guys. That's not true anymore.
Internal auditors, external auditors, regulators-- European Central Bank for us is the regulator. That is, they are really driving the level of regulatory requirements. So that is important for us as well. And we need to adhere to that definitely. For instance, people are just expecting that we now have fully-implemented automated reconciliation-- and we'll get back to that-- preventive segregation of duties-- we'll get to that, as well.
Operational efficiency-- well, obviously that's all about automation, automating access, granting access. So people request it, and at the same moment in time, almost instantaneously they will have access for that application. And that leads, overall, to a user experience where we want to have as much as possible the self-serve portals available. I will explain later in the presentation that we are not completely doing everything self-serve, but I will explain later why that is.
So how is Identity and Access Management organized within ING? First of all, we have a global IAM team. That was established after some advice from a very well known consultancy firm. Please, ING, if you want to improve on IAM, if you want to control on IAM, you need to set up a global IAM team.
Responsibilities and accountabilities for this team are setting the standard, making sure that we have the control standard for Identity and Access Management, and also making sure that we have a surface on which all the entities of ING can embark for Identity and Access Management. Please bear in mind, if I'm referring in this presentation to Identity and Access Management, I will put it in blue letters on the screen later on.
But we focus at the moment, for this implementation, mainly on the access management of the personal accounts. So I think that's important to realize. So you can see we are partly located in Amsterdam, and partly in Katowice, in Poland. That is basically the global IAM department.
And next to that-- by the way, also in Poland and also in the Netherlands, but you cannot see that because I have the squares there. You have everywhere the local IAM Centers of Excellence. So the local IAM Centers of Excellence are basically making sure that the objects we use to grant access-- the roles and everything else-- the assets are onboarded to the technologies. Those are local teams in the entities which we work closely together from a global IAM department. I started this journey from the global IAM team, and I work very closely together with all the local IAM entities.
So what are other stakeholders? Of course, we have the second line risk and the corporate identity and risk management team, who has identified all the IT risk areas, have the risk scoring model, et cetera. We have the corporate audit service, we have an external auditor, which at this moment, is KPMG for us. And we have the
43:47