Centralised Hybrid Governance for Accion MFB: Unified Compliance Across Cloud and On-Premises Workloads

About the Company

Accion Microfinance Bank is a CBN-licensed national microfinance bank in Nigeria, established in 2006, serving micro-entrepreneurs and low-income earners through a network of branches, agents, and the AccionMonie mobile banking platform. As a regulated deposit-taking institution, the bank operates under the supervisory frameworks of the Central Bank of Nigeria and the Nigeria Data Protection Commission, with obligations spanning information security, customer data protection, and operational resilience.

Customer Challenge

Accion MFB's technology estate is genuinely hybrid — core banking and several legacy applications run in the bank's primary data centre, while newer customer-facing services including parts of the AccionMonie platform have been built on AWS. Each environment had developed its own monitoring, logging, and compliance reporting practices, and the security team was maintaining two parallel control sets that did not speak to each other.

Preparing evidence for a CBN IT examination involved pulling logs from the on-premises SIEM, exporting configuration reports from AWS, and reconciling the two by hand. NDPR data subject requests were similarly fragmented. The bank had no single view of its overall control posture at any given moment, meaning gaps could persist quietly between audit cycles. The objective was a unified governance layer that treated cloud and on-premises workloads as one regulated estate.

Partner's Solution

Digitspot designed a Centralised Hybrid Governance model with AWS as the control plane, unifying visibility and compliance enforcement across cloud and on-premises environments. Key components included:

• AWS Control Tower deployed to establish a landing zone with dedicated accounts for security, logging, network, and workload tenancy — aligned with CBN's expectations around segregation of duties
• AWS Config enabled across all accounts with conformance packs mapped to the bank's internal control catalogue derived from CBN's Risk-Based Cybersecurity Framework and relevant NDPR provisions
• AWS Systems Manager extended into the data centre through hybrid activations — registering core banking servers, database hosts, and application servers as managed instances for patch compliance, inventory, and configuration visibility
• CloudWatch agent installed on on-premises hosts to forward OS and application logs into a central CloudWatch Logs destination, with sensitive log streams encrypted using KMS keys held in the dedicated security account
• AWS Security Hub activated as the aggregation point for findings from AWS Config, GuardDuty, IAM Access Analyzer, and Inspector, alongside custom findings pushed from the on-premises environment via the Security Hub API
• Findings scored against the bank's internal severity matrix, routed to the appropriate response team through Amazon EventBridge, and tracked to closure in the bank's existing ticketing system
• Compliance dashboard built in Amazon QuickSight giving the CISO a daily view of control coverage, open findings by severity, and exam-readiness status across the estate

Results and Benefits

• Cloud and on-premises workloads now managed under one continuous compliance regime rather than two parallel ones
• Evidence packs for CBN examinations that previously took two to three weeks to assemble can now be produced in under three days, drawn directly from Security Hub, Config, and the central log archive
• CISO has, for the first time, a single live view of control posture across the entire regulated estate
• Operational issues such as missing patches or non-compliant configurations are picked up and routed for remediation within hours rather than surfacing during quarterly reviews

About the Partner

Digitspot, established in 2011, continues to pursue its vision of helping both small and large-scale companies leverage cloud solutions to drive growth and innovation. As an AWS Advanced Partner, Digitspot remains committed to delivering world-class cloud strategies and implementations.