Back to Work

Leading US Bank · Business Banking

The Journey to a Customer-Centric Access Platform

When customers can't confidently grant access to their own accounts, they either call support or over-privilege their employees. Both signal a broken experience. I led the UX strategy for ASM — a permissions platform serving 8.7M business customers — driving cross-functional alignment and validated concept design toward a simpler, clearer way to delegate access.

UX Research Service Design UX Strategy Co-Creation Fintech Design Leadership
Client Leading US Bank
Role UX Design Lead
Timeline 2023–2025
Status MVP Delivery · Q4 2025

Engagement Overview

A Five-Phase Journey from Alignment to Delivery

This engagement spanned two years — each phase building on the last, moving from a shared understanding of the problem through validated design concepts to MVP execution currently in delivery.

Phase 01
Align
Phase 02
Discover
Phase 03
Define
Phase 04
Design
Phase 05
Delivery
Now

My Contribution

What I Led Across This Engagement

As UX Design Lead, I owned the research direction, facilitated cross-functional alignment, and synthesized evidence into actionable design direction — bridging customer needs, business goals, and technical constraints across a complex, multi-stakeholder organization.

Research Strategy & Execution
Designed and ran a multi-method research program — quant & qual studies, heuristic evaluation, service blueprinting, usability benchmarking, and co-creation.
Cross-Functional Facilitation
Facilitated Quad alignment workshops (Design, Data, Tech, DCE), OKR definition, profile harmonization with 25 attendees, and a 2-day co-creation workshop with customers and product partners.
Strategic Synthesis
Synthesized 100+ RICE-prioritized CX gaps into a coherent design direction. Defined SMB personas now adopted across product, marketing, and customer success.
Concept Direction & Testing
Generated and tested 4 concept directions with BRMs and customers. Refined to 3 validated entitlement approaches with clear tradeoffs for engineering prioritization.

Overview

What is Access & Security Manager?

ASM is the bank's entitlement platform — the system through which business customers manage user access, roles, and permissions across their banking accounts. It is the operational backbone of how organizations control who can do what within their accounts.

The platform spans three distinct banking segments — Business Banking, Commercial Banking, and Private Banking — each with its own administrator tier, complexity level, and user expectations. Despite its critical role, ASM had grown fragmented, inconsistent, and difficult to use over more than a decade of organic growth.

8.7M+
Customers Impacted
Across all banking segments
8M
BB Admins
Business Banking
51K
CML Admins
Commercial Banking
500K
PB Admins
Private Banking

Our Customer

Meet Janet — The Small Business Owner at the Center

The primary ASM user is a small business owner like Janet — someone running a local business who needs to give trusted employees the right level of access to company accounts, without needing a banking or IT background to do it.

Janet — small business owner customer ecosystem diagram showing her 5 employee types and their access relationships

The Problem

Where Today's ASM Falls Short

Three persistent pain categories surface across every research touchpoint — representing failures at ASM's most fundamental job.

Problem 01
Overwhelming
Too many options, unclear labels, and dense permission tables leave customers paralyzed rather than empowered. The platform was designed for internal operations, not the business owners using it daily.
Problem 02
Unclear
Permission names don't map to real-world roles or actions. Customers can't confidently assess what access they're granting — or verify that changes actually took effect.
Problem 03
No Support or Communications
No in-platform guidance, no contextual help, and no proactive communications when something requires attention — leaving customers to figure it out alone or call support.
ASM original design — the existing permissions interface showing its complexity and fragmented layout

What We Heard

Straight From Our Customers

"I like having other people sign in to the account and have access — but it's not the most streamlined process."

— Business Banking Customer, September 2023

Cross-Functional Alignment

There's No Simple, One-Size-Fits-All Approach

Solving ASM required alignment across four disciplines — Design, Technology, DCE (Digital Customer Experience), and Data. I facilitated the Quad alignment model to ensure every decision was grounded in the customer, not internal priorities.

Design
JTBD & Needs — Explore a reimagined ASM experience centered around role-based templates, customer jobs, pain points, and mental models.
Data
Feature → Scalable Product — Support the product with data aligned to the future state of ASM. Move from feature mindset to scalable product.
Customer at Center
Every decision grounded in the customer, not internal priorities
Tech
One Bank Customer — Provide early feasibility feedback. Understand constraints on legacy platforms (e.g. GWS) that affect the CX.
DCE
SBO Entitlement Rates — Digital channel strategy tied to adoption, activation, and retention. Assess desirability of new experiences.
01
Phase One
Align
Why are we doing this?

Aligning on the Problem

Starting With a Shared Understanding of the Job

Before any research or design work could begin, the team needed a common definition of what ASM was supposed to help customers accomplish. I anchored the initiative on a single customer job-to-be-done and facilitated alignment on the frictions that made it hard to achieve.

JTBD
Manage my employees' access to my business banking accounts.
However…
The current ASM experience does not make it easy to grant or adjust access quickly and confidently.
There is no clear mental model for what different permission levels mean in practice.
Customers lack visibility into the full access picture across their organization.
No guided path for common tasks like onboarding or offboarding an employee.
Which results in…
Customers over-privilege employees out of uncertainty — creating security and compliance risk.
High support call volume as customers can't self-serve even routine access changes.
Lack of confidence that access changes actually took effect, eroding trust in the platform.

Vision & Success Criteria

What We Set Out to Build

Product Vision
To empower business owners to securely define employee access through an intuitive experience that ensures the right access levels across all channels — so they feel confident delegating access to their financial products to help run their business.
Driving Hypothesis
"Users given the right level of access will be empowered to fulfill their unique roles."
Ease of Use
Reduce time-on-task for core entitlement actions by simplifying flows and improving discoverability.
Product Usage
Increase adoption of underutilized features like security alerts and audit logs by surfacing them contextually.
Time Spent
Decrease support call volume by enabling customers to self-serve confidently — reducing burden on the bank's client service teams.
Customer Feedback
Improve satisfaction scores for ASM-related interactions through post-interaction surveys and NPS tracking.
02
Phase Two
Discover
What are our customers' problems and opportunities?

Discovery Journey

A Multi-Milestone Research Program

I structured discovery as a sequenced research program — each milestone building on the last, from platform assessment through validated concept directions. The goal was a complete evidence base before any design direction was committed to.

Discovery journey timeline showing 5 research milestones from CX Assessment through MVP delivery, 2023–2025

Profile Harmonization

Four Validated SMB Personas

I led a cross-functional harmonization workshop with 25 attendees to align on who ASM's customers actually are. We converged on four personas — each mapped to their organizational role, access level, and entitlement complexity. These became the shared language across product, marketing, and customer success.

Business Owner persona
Business Owner
Authorized Representative
Primary account holder with full authority over all access decisions. Delegates to others but needs confidence that controls are in place. Often has low platform fluency.
Manager persona
Manager
Signer
Can initiate and approve payments. Needs to understand their own access limits and quickly onboard or adjust access for team members within their scope.
Bookkeeper persona
Bookkeeper
Sub-User / Account Controller
Manages day-to-day transactions and reconciliation. Needs account data access without payment authority — a precise permission slice the current platform makes hard to configure.
Accountant persona
Accountant
Sub-User / Account Associate
Needs read-only access to statements and tax documents. Over-provisioning this role creates compliance risk, yet least-privilege is difficult to achieve in the current platform.

Profile Harmonization Workshop

The profile harmonization workshop brought together 25 cross-functional attendees to align on a shared set of SMB personas — validating the Business Owner archetype as the primary ASM user and establishing a common language across product, marketing, and customer success.

Profile harmonization — business owner workshop output

Research Synthesis

Six Key Customer Themes

Six themes emerged as the defining expectations of business banking customers — forming the design criteria against which every concept direction was evaluated throughout the initiative.

Fast and Easy
Access tasks in minutes, not sessions. Speed and simplicity are top-rated satisfaction attributes.
Safe and Secure
Confidence that controls are working — and that the platform flags anything suspicious proactively.
Access to Quick Support
Help when customers hit a wall — without leaving the platform or calling a support center.
Seamless Omni-Channel
Consistent experience on desktop, mobile, or in branch — manage access from wherever they are.
Empowered SBO
Business owners want to feel in control — capable of managing access confidently without a banking or IT background.
One Bank View
Unified view of access across all banking products — no managing permissions in separate silos per account type.

Profile Harmonization Quant Study

Quant Study Results — Executive Summary

Goal: To identify the "actors of influence" that SBOs work and consult with in their businesses. (Sept. 2023)

Top Personas
1. Business Owner · 2. Accountant · 3. Accounts Payable & Receivable · 4. Bookkeeper · 5. Business Partner · 6. CFO · 7. Accounts Payable

4 personas consistent with prior work. 3 new: AP&R, CFO, AP. General Manager removed.
Top 5 Jobs to Be Done
Access to accounts for: Paying bills · Paying employees · Receiving payments · Analyzing business finances · Add/remove employees & vendors to financial accounts
Top 5 Entitlements Turned On
1. See & refund transactions on Smart Terminal and POS app · 2. View activity and balance · 3. View and download tax documents · 4. Bill pay · 5. View statements, documents, and disclosures

Discovery Journey — Step 2

Understand Our Product

Activity: ASM CX Assessment  ·  Outcome: Prioritized gaps in our ASM product backlog.

Design
Understand our ASM entitlement experience
Data
Understand the data usage
Tech
Understand constraints on legacy platforms (e.g. GWS) that affect the customer experience
Product
Understand where the pain points are within our product entitlements

ASM CX Assessment

100+ Gaps, RICE-Prioritized for Impact

I led the CX Assessment of Business Banking and Digital across 3 product features and 3 customer use cases. Service blueprinting and heuristic evaluation with 14 evaluators produced a severity-rated finding set that anchored the design backlog.

Service Blueprint — 4 Key Gap Types

Type 01
Confusing Functionality
Users can't predict what actions do or verify that changes took effect.
Type 02
Missing Call to Action
Key next steps are absent or buried, leaving users stuck mid-task.
Type 03
Information Overload
Dense permission tables overwhelm decision-making — built for ops, not business owners.
Type 04
Inconsistent User Roles
Role labels and permission scopes vary across surfaces, eroding user trust.

5 Top Gap Themes — RICE Scored

  1. 01
    Navigation & Wayfinding
    Critical
  2. 02
    Permission Clarity
    Critical
  3. 03
    Confirmation & Feedback
    High
  4. 04
    Error Prevention
    High
  5. 05
    Cross-Segment Consistency
    Medium

RICE Prioritization Matrix

Each opportunity was scored across desirability and feasibility dimensions — customer need, employee impact, technical complexity, and dependencies — to produce a total RICE score that anchored the design backlog and stakeholder prioritization conversations.

RICE prioritization matrix scoring CX opportunities across desirability and feasibility

Service Blueprint

The service blueprint maps the end-to-end experience of a business owner managing employee access — from initial setup through ongoing changes — connecting frontstage customer actions to backstage systems and surfacing the moments of friction, confusion, and drop-off that the redesign needed to address.

ASM journey map — customer experience mapped across touchpoints, pain points, and opportunities

Heuristic Evaluation

The heuristic evaluation assessed ASM across 3 core use cases — adding a user, editing permissions, and removing access — rating each against a CX framework to surface the most critical usability failures.

Heuristic evaluation — ASM CX assessment findings across 3 core use cases

Future State Explorations

From Assessment to Vision

With a clear evidence base established, the team moved into future state exploration — testing role-based template concepts with BRMs, running blue sky concept tests, co-creating with customers, and benchmarking the current experience.

BRM Advisory Board

Strong Enthusiasm for Role Templates — With Important Nuance

BRMs provided strong enthusiasm and support for role-based templates as a concept. The advisory conversations also revealed that the nuances of what permissions are best for each role template — and how to handle custom roles — required further research before locking in a specific approach.

Role Template Framework Emerging
Business Owner / Leaders (all entitlements on) · Strategic Financial Roles — Accountant, Bookkeeper (all on except certain Checking/Credit card permissions) · Operational Financial Roles — AP/AR (operational access only).

Blue Sky Concept Test

Concepts Tested

We kicked off the design of the blue sky concepts with two distinct prototypes based on ideas pulled from research, gap discovery work, heuristic evaluations, and collaboration from the entire product team.

Prototype A — User-Focused Concept

A reimagined Access & Security Manager dashboard giving admins an at-a-glance summary of user actions, pending transactions, and their own profile — reducing time-to-task from the first screen.

Prototype A — user-focused Access & Security Manager dashboard

Prototype B — Company-Focused Concept

A refreshed Access Manager home with a consolidated user list, quick-action shortcuts, and a proactive Insights panel surfacing security alerts and pending approvals in context.

Prototype B — company-focused Access Manager with insights panel

What the Prototypes Revealed

Company Categorization
Useful for large accounts — added noise for smaller ones. Needs to adapt to business size.
Accounts First
Users preferred choosing accounts before entitling — a key mental model shift that reshaped the flow.
Combined Tab
Merging Account & Security tabs was overwhelmingly successful for helping users find ASM.
Step Navigation
Horizontal step navigation with reduced steps received strong positive feedback.
User vs. Company
Both concepts tested equally well — for different reasons: scannability vs. proactive insights.

Co-Creation Workshop

Four Concepts, Co-Designed With Customers

Workshop goal: conceptualize a next-gen entitlements experience enabling business owners to quickly, confidently, and securely assign permissions based on employee roles. By end of Day 2, the ASM Quad, product partners, and 6 SB customers had co-designed and tested 4 user-centric solutions.

Concept 01 — JTBD-Based Entitlement
Concept 01
JTBD-Based Entitlement
"What do you want this person to do?" — surfacing permissions by task rather than by system category. Entitlement is organized around jobs-to-be-done.
User-focused
Concept 02 — Role-Based Templates + AI Assist
Concept 02
Role-Based Templates + AI Assist
Permission templates by role (Accountant, Co-owner, Operations) with an AI-powered chatbot to guide setup, answer questions, and help configure custom roles.
AI-assisted
Concept 03 — AI-Guided Role Recommender
Concept 03
AI-Guided Role Recommender
"What best describes this person's role?" — guides the user to a list of recommended roles with viewable permission details before the user confirms the assignment.
Guided flow
Concept 04 — Activity-Based Entitlement
Concept 04
Activity-Based Entitlement
Align entitlements with real-world day-to-day activities: "View Money Movement, Send Money, Receive Money, Approve/Control Money, Payroll" — making permissions tangible.
Activity-aligned

Key Findings Across All Concepts

What SBOs Told Us

Four consistent signals emerged across all tested directions — forming the foundation for the refined design approach and informing every subsequent design decision.

User Information Flow
Strong preference for entering user information before assigning entitlements. "Accounts first, entitling second" matched how owners think about adding a person to their business.
Customization and Flexibility
SBOs consistently valued the ability to customize and fine-tune entitlements beyond a starting template. Role templates are a great starting point, but flexibility to adjust is essential.
Trust and Simplicity
High trust in the bank's recommendations combined with a preference for straightforward experiences. Bank guidance feels helpful, not patronizing — when it's clear and accurate.
Role and Entitlement Clarity
Clear, accurate categorization of roles and entitlements is critical. Customers need to understand what each permission actually does before they can assign it confidently.

Benchmark Test

Validating the Gaps With Real Data

250+ BB/CML/PB users were tested on 3 flows in current-state ASM: adding a sub-user (Accountant), adding their entitlements, and promoting a user to proxy admin. The results confirmed the severity of the identified gaps — and established the baseline to measure the redesign against.

68%
Task completion rate — with 32% failing or abandoning core entitlement flows.
3.8/5
Average user confidence — high uncertainty even among those who completed tasks successfully.
250+
Users tested across BB/CML/PB segments to establish a measurable redesign baseline.
So I know I'm in the right screen [...] but I don't see "add user".
User searching for the 'add user' button
Could this be tiered so that it's easier to use and go through it?
User on the entitlements page
I'd say the layout is not great to create a proxy admin and to add authorized user. Those links should be clear.
User on the All Users page
03
Phase Three
Define
Define, refine, and test our entitlement experience concepts.

Refined Entitlement Concepts

Three Directions Tested With BRMs and Customers

The team iterated on the top co-creation directions and tested three refined concepts with Business Relationship Managers and customers. Each direction addressed the core research findings from a distinct angle, with clear tradeoffs for engineering prioritization.

Direction 01 — Jobs to Be Done
Direction 01
Jobs to Be Done
Tabbed grouping: Money Movement, See Activity, Manage Employees, Communications. Permissions organized by what the user needs to do — not by system category.
Direction 02 — Product Grouping
Direction 02
Product Grouping
Permissions grouped by financial product — Checking, Credit Card, Merchant Services, Tax Actions. Account-first navigation with a left sidebar tracking which account is being edited.
Direction 03 — Tiers
Direction 03
Tiers
Most closely represents current state — with targeted improvements for clarity, hierarchy, and navigation. Serves as the benchmark against which the other directions are measured.

Dual Track Roadmap

Two parallel tracks defined our path forward — Modernization for incremental CX improvements, and Redesign for the full future-state entitlements experience.

Dual track delivery roadmap — Modernization and Redesign tracks running in parallel

What We Learned

Key Takeaways From Define Phase

Testing three distinct entitlement models surfaced a consistent signal. These learnings directly shaped the design refinement work in Phase 4.

01
Account-First Navigation
Customers consistently wanted to choose accounts before assigning entitlements — a mental model shift that needed to be built into the core flow.
02
Clear Role Labels
Permission names needed to map to real-world roles and tasks. Jargon-heavy labels eroded confidence — plain language that matched how owners think about their employees was essential.
03
Flexibility Beyond Templates
Role templates were a strong starting point, but every SBO wanted the ability to fine-tune. Rigid templates felt constraining — customization drove confidence in the final assignment.
04
Phase Four
Design
Refine and test the entitlement concepts further with BRMs and customers.

Research Insights

What Refined Testing Revealed

Refined concept 1 — Jobs to Be Done
Refined Direction 01
Jobs to Be Done
Tabbed grouping based on common financial jobs to be done — Money Movement, See Activity, Manage Employees, Communications.
Refined concept 2 — Product Grouping
Refined Direction 02
Product Grouping
Permissions grouped by financial products — with a left sidebar tracking which account is being edited.
Refined concept 3 — Tiers
Refined Direction 03
Tiers
Most closely represents current state — with targeted improvements for clarity, hierarchy, and navigation.
User Mental Model
Many participants felt that assigning entitlements by account was more intuitive than selecting accounts for each entitlement. "This approach simply makes sense." — P4. Account-first, entitle-second was consistently preferred.
Navigation and Guidance
Many participants expressed a desire for more conversational language and guidance. Users appreciated the inclusion of icons, which enhanced comprehension and made scanning easier. The sidebar displaying accounts was particularly helpful for identifying which account they were editing.
Progress Tracker
The left sidebar in the "product categories" concept, which displays accounts, assists users in monitoring the account they are currently editing — a critical wayfinding mechanism for multi-account businesses.
Desired Functionality
The feedback on the "choose all" feature was varied, but a majority appreciated the ability to select all options in the entitlement section. Many users also expressed a desire for progress to be saved automatically as they navigate between screens, applying changes immediately after submission instead of relying on a "save progress" button.

Actionable Design Principles

What Goes Into the Next Design Iteration

1
Account-First Structure
Consider organizing accounts on separate pages, allowing admins to select entitlements for each account individually.
2
Icons for Scanning
To enhance user experience, incorporate section icons for quick scanning and visual appeal.
3
Sidebar Wayfinding
Utilize a sidebar to indicate the account being edited and enable users to easily navigate between accounts.
4
Guided Flow Inspiration
Look to successful apps like Credit Karma, Turbo Tax, or Gusto for inspiration on user flow.
5
Careful Access Labels
Avoid using "full access" except for co-owners, admins or proxy admins.
6
Bulk Selection Controls
Include an option for "Choose all" in entitlement sections for granularity without over-entitling users.
7
Segment-Aware Features
Note that the feature "Copy entitlements" was not well-received by small business owners due to their limited number of accounts.
05
Phase Five · Current
Delivery
MVP Entitlements redesign — moving research into production.
Currently in Delivery

Where We Are Today

From Discovery to Delivery

The team is currently executing the MVP Entitlements redesign — moving the Octagon component work forward by migrating the legacy BlueJS implementation to React, paired with targeted design enhancements that address the highest-priority CX gaps identified across two years of research.

MVP Entitlements Redesign — Now
Migrating the entitlements experience from BlueJS to React (Octagon components) with design enhancements that resolve key CX gaps originally identified in discovery — clearer labels, account-first navigation, and improved role assignment flow.
Role-Based Discovery — 2026
Continuing with role-based template exploration and additional rounds of customer testing — building on the validated concept direction to define the next phase of the ASM experience.

Delivery Roadmap

Final roadmap — ASM delivery plan

MVP Delivery · 2026

The MVP Entitlements Experience

The first shippable milestone — a redesigned entitlements flow built on the Octagon component system, incorporating the highest-priority CX improvements identified through research. The longer-term north star, a fully role-based entitlements experience, is currently back in active discovery.

Final MVP design — the target ASM entitlements experience

Retrospective

What We've Learned Along This Journey

What Moved Us Forward
Quad Alignment across Design, Data, Tech, and DCE created a shared north star from day one.
Clear scope definition prevented the initiative from expanding beyond what the team could meaningfully deliver.
Impacted product and partner collaboration kept engineering and business leadership bought in throughout.
Building on discovery insights from previous teams avoided duplicating earlier work and accelerated alignment.
Design Thinking activities — co-creation, service blueprinting — created alignment artifacts that outlasted the sessions.
80/20 — knowing when to stop 'digging' and move to synthesis kept momentum without sacrificing quality.
If We Had a Magic Wand
More visibility into competing initiatives — large bank migrations (e.g. FRB) affected velocity in ways that were hard to anticipate.
Clearer process for how discovery connects to backlog and delivery — the handoff between research and engineering needs sharper definition.
Right ceremonies, forums, and tools to document process as a team — Jira, 6QTR roadmap, Monday.com — so insights don't live only in decks.

Outcomes

A Multi-Year Foundation — Now in Delivery

The initiative delivered a comprehensive research and strategy foundation that aligned leadership across product, engineering, and business lines — and a delivery roadmap now actively driving multi-year investment in ASM's future.

8.7M
Customers Impacted
Research and strategy covering the full ASM customer base across Business, Commercial, and Private Banking.
100+
CX Gaps Documented
RICE-prioritized backlog mapped to customer impact and business cost — driving a 2-track delivery roadmap.
4
SMB Personas Adopted
Validated persona framework now used across product, marketing, and customer success at the bank.

"This project is the work I'm most proud of in my career — not because of the designs, but because of what it took to get there. Leading a two-year initiative from discovery through definition, design, and MVP delivery at this scale required as much facilitation, alignment, and strategic clarity as it did design craft. It taught me that great design leadership means making the complex navigable — for your team, your partners, and ultimately your customers."

What's Next

Role-Based Design Meets SecureAccess

With the MVP entitlements redesign in delivery, the next chapter brings two parallel threads together — a return to role-based discovery to design and validate the full entitlements experience, and the introduction of SecureAccess, a vision for what ASM becomes when AI is built into the core of how access is managed.

Role-Based Design — Back in Discovery
Building on validated concept directions, the team is re-entering discovery to design and test role-based entitlement templates with customers — moving toward the full future-state ASM experience.
SecureAccess — North Star Vision
A reimagining of access management built on the ASM foundation — with AI-suggested permissions by role, anomaly flagging, and plain-language guidance. The owner stays in control; AI guides, not decides.

"ASM told me what the problem was. SecureAccess is my vision for how AI could finally solve it."

View the SecureAccess case study →

All Case Studies Next: SecureAccess AI