Financial Services — Global Banking · IAM Infrastructure Overhaul · HSBC

IAM Infrastructure Overhaul Project Manager Simulation — HSBC

Deliver a regulatory-mandated Identity & Access Management overhaul at HSBC after the FCA and PRA issue a formal Section 166 notice citing critical weaknesses in privileged access controls. Replace a 15-year-old Active Directory/LDAP identity estate with a modern Zero Trust IAM platform across 200,000 employees in 62 countries — while the bank continues to process $4.5 trillion in daily foreign exchange transactions. The regulator has set a hard deadline. The DOJ consent order from the bank's prior compliance failures adds a second layer of scrutiny. Failure means potential restrictions on HSBC's UK banking licence. Gain hands-on project management experience over 27 days of real decisions, stakeholders, and PMO deliverables — no prior experience required.

27-day simulationAdvancedHybridFinancial Services — Global BankingIT: Information Security

Start this simulation Try the first day free →

The scenario

HSBC Holdings plc — $66B in annual revenue, 200,000+ employees, operations in 62 countries, and $4.5 trillion in daily foreign exchange volume — has been directed by the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) to overhaul its Identity & Access Management infrastructure. A Section 166 Skilled Person review completed 5 months ago identified critical weaknesses: 14,000 orphaned privileged accounts with no ownership, 340 shared service accounts with static credentials used across production trading systems, no automated provisioning or de-provisioning (joiners/movers/leavers processed manually with a 23-day average lag), and MFA coverage at only 61% of the employee population. The regulator has classified this as a material risk to the bank's operational resilience. The project replaces HSBC's fragmented identity estate — a patchwork of on-premise Active Directory forests, legacy LDAP directories, a partially deployed Oracle Identity Manager that was abandoned 3 years ago, and manual spreadsheet-based access certification — with a modern IAM platform: SailPoint IdentityNow for identity governance and lifecycle, CyberArk for privileged access management, Okta for SSO/MFA, and Microsoft Entra ID as the consolidated cloud directory. The scope covers all 200,000 employees, 38,000 contractors, 1,200 applications, and 62 countries. The FCA has set a hard remediation deadline. The PRA's Operational Resilience framework requires the bank to demonstrate it can continue to operate critical business services even during severe disruption — and the regulator has determined that HSBC's current IAM state makes this impossible. Separately, the DOJ consent order from HSBC's 2012 money laundering settlement (extended twice, still active) includes conditions on access controls for anti-money laundering systems. The IAM overhaul must satisfy both regulators simultaneously. The Group CEO has told the board this is the bank's most important technology programme.

What you'll do as the project manager

→Remediate all 14,000 orphaned privileged accounts — assign ownership, validate necessity, and disable or vault within CyberArk all accounts that remain active
→Eliminate all 340 shared service accounts on production trading systems — replace with individual vaulted credentials managed through CyberArk session recording
→Deploy SailPoint IdentityNow for automated identity lifecycle management across all 200,000 employees and 38,000 contractors — reducing joiners/movers/leavers processing from 23 days to under 24 hours
→Achieve 100% MFA coverage across the global employee population — up from 61% — using Okta Workforce Identity with phishing-resistant FIDO2 tokens for high-risk roles
→Consolidate 17 Active Directory forests and 4 legacy LDAP directories into Microsoft Entra ID as the single cloud identity provider — while maintaining uninterrupted access to all 1,200 applications
→Deliver regulatory evidence packs to the FCA, PRA, and DOJ demonstrating compliance with all conditions specified in the Section 166 remediation order

Project management skills you'll build

✓Stakeholder management & communication

✓Budget and schedule control

✓Risk identification & mitigation

✓Scope management & change control

✓PMO governance & phase-gate reviews

✓IAM Infrastructure Overhaul delivery in Financial Services — Global Banking

The challenges you'll navigate

•14,000 orphaned privileged accounts — each one is a potential audit finding and a live security vulnerability. Some may be actively used by undocumented batch processes
•340 shared service accounts on production trading systems — eliminating these without disrupting £4.5T daily FX volume requires surgical precision and extensive testing
•17 Active Directory forests with inconsistent schema, naming conventions, and group policy — consolidation complexity is likely higher than Accenture estimated
•Legacy Oracle Identity Manager deployment is partially configured, partially abandoned — unclear whether its data is an asset (usable mappings) or a liability (stale, incorrect entitlements)
•Global Banking division has historically deprioritised compliance-driven technology projects — their cooperation is essential but not guaranteed
•FCA is actively monitoring — any material delay or incident during the project will trigger enhanced supervisory measures and potential public disclosure

Technology & stakeholders

SailPoint IdentityNow, CyberArk Privileged Access Security, Okta Workforce Identity, Microsoft Entra IDIdentity Governance & Administration (IGA) — SailPoint IdentityNowPrivileged Access Management (PAM) — CyberArk Privilege CloudSingle Sign-On & Multi-Factor Authentication — Okta Workforce IdentityCloud Directory Services — Microsoft Entra ID (Azure AD)Active Directory forest consolidation and migrationLDAP directory decommissioningLegacy Oracle Identity Manager data extractionApplication integration (SAML, OIDC, SCIM, legacy RADIUS/Kerberos)Regulatory compliance — FCA Operational Resilience, PRA SS1/21, DOJ consent order conditions

You'll manage 7 stakeholders, including Greg Maybury (Group Chief Information Security Officer), Colin Bell (Group Chief Compliance Officer), John Hinshaw (Group Chief Operating Officer), and more.

What you'll walk away with

A verified, shareable record of a completed enterprise project — plus the PMO deliverables you produced along the way (charter, project plan, SteerCo deck, closure document). It's real, demonstrable project management experience you can put on your resume and speak to in interviews.

Frequently asked questions

Do I need project management experience to start?

No. This simulation is built for aspiring and practicing project managers alike — you learn by doing. You make real decisions and get feedback, with no PMP or prior PM job required.

How long does this simulation take?

It runs over 27 days, roughly 31 minutes per day, covering the full project lifecycle from initiation to closure.

What will I learn?

You practice the core of project management — stakeholder management, budget and schedule control, risk, scope, and PMO governance — in the context of iam infrastructure overhaul in financial services — global banking.

Is this based on the real HSBC?

It's a realistic scenario inspired by HSBC and the Financial Services — Global Banking sector. Details and names are fictionalized for training — it's a simulation, not a record of any actual project.

What do I get at the end?

A verified project completion plus the PMO deliverables you produced (charter, plan, SteerCo deck, closure) — proof of hands-on experience you can show employers.

Related simulations

Microsoft

Incident Response Automation — SOC Playbook Deployment

Security Automation / SOAR Deployment

Goldman Sachs

SIEM Platform Migration to Splunk Cloud

SIEM Platform Migration

Ready to gain real PM experience?

Run HSBC's iam infrastructure overhaul and 48+ more enterprise simulations.

See plans & start