ScotiaConnect Business Account Access

Multi-User Access Model

One bank account, one login — that model breaks the moment your finance team grows beyond a single person. ScotiaConnect business account access replaces the shared-credential approach with individual user profiles, each carrying precisely scoped permissions.

When you onboard a new ScotiaConnect user, the administrator selects which accounts that user can see and what they can do within each. A staff accountant might view balances on all accounts but initiate payments on only the operating account. A controller might initiate and approve payments on subsidiary accounts while retaining view-only access to the parent entity. A CFO holds full administrative privileges across the entire ScotiaConnect account structure. These permission profiles are not theoretical categories — they map directly to the ScotiaConnect interface, removing menu options and action buttons that a user lacks permission to execute.

Role-Based Permissions

ScotiaConnect permissions operate at the intersection of user role, account, and function. The permission matrix is not a simple hierarchy — it is a three-dimensional grid that accommodates the real-world complexity of how mid-size and large enterprises actually delegate financial authority.

Four base roles anchor the ScotiaConnect permission framework. View-only users can monitor balances, search transaction history, and generate reports. Initiators can create wire transfers, ACH batches, and stop payment requests — but cannot approve anything they create. Approvers can review and authorize payments initiated by others but lack the ability to create payments themselves. Administrators configure user accounts, assign permissions, set dual-approval thresholds, and manage platform settings. These base roles can be combined: the most common configuration is a user who initiates payments on certain accounts while serving as an approver on others, with neither role applying to accounts outside their scope.

Dual Approval Workflows

Segregation of duties is not optional for companies subject to audit or regulatory oversight. ScotiaConnect dual approval enforces it programmatically — the system will not release a payment until two distinct authorized users have acted on it.

Dual approval within ScotiaConnect operates on configurable rules rather than a blanket setting. A company might require dual approval for all international wires over $10,000, all ACH batches exceeding $50,000, and all new recipient templates regardless of amount. Domestic wires under $5,000 might clear with single approval. Each ScotiaConnect account carries its own rule set, and changes to approval thresholds are themselves subject to dual approval — a ScotiaConnect administrator cannot single-handedly lower the wire approval floor.

Audit Trails

Every action taken within ScotiaConnect generates an immutable audit record. Login timestamps, session IP addresses, pages accessed, reports viewed, payments created, approvals granted, permissions modified — the ScotiaConnect audit trail captures them all in a chronological log that cannot be edited or deleted.

Audit trail data serves multiple purposes across the organization. Internal audit teams use ScotiaConnect logs to verify that payment approvals follow the documented workflow. External auditors rely on ScotiaConnect audit exports to confirm segregation of duties during the review period. Compliance officers reference ScotiaConnect access logs when preparing regulatory submissions. The ScotiaConnect platform retains audit records for seven years and supports bulk export in CSV and PDF formats with customizable date ranges and field filters.

Delegated Authority

Approval workflows grind to a halt when the designated approver is on leave or traveling. ScotiaConnect delegated authority solves this by allowing temporary and permanent transfers of approval rights.

A ScotiaConnect administrator can grant temporary approval authority to a backup user with a defined start and end date. When the delegation period expires, ScotiaConnect automatically revokes the temporary permissions — no manual cleanup required. Permanent delegation works the same way but without a sunset date, suitable for organizational restructuring where approval authority moves permanently to a different role. The ScotiaConnect audit trail records both the grant and revocation of delegated authority, preserving a clear chain of accountability. For additional guidance on internal controls for financial systems, the OCC publishes resources on governance standards applicable to business banking platforms.

Access Permission Levels Matrix

The table below maps ScotiaConnect access roles to specific account functions, showing exactly which capabilities each permission level grants across the ScotiaConnect platform.

Managing ScotiaConnect Access During Organizational Change

Finance teams change — people join, people leave, roles shift. ScotiaConnect business account access includes tools that make permission management during transitions predictable rather than reactive. When a team member departs, a ScotiaConnect administrator can revoke all access with a single action, and the platform immediately terminates any active sessions for that user. When a new hire joins, the ScotiaConnect administrator can clone an existing user's permission profile as a starting template, then adjust per-account access before issuing credentials.

Quarterly access reviews — where administrators verify that every ScotiaConnect user's permissions still match their current responsibilities — are streamlined by the ScotiaConnect user report, which exports a matrix of every user, every account, and every permission in a single spreadsheet-ready file. This report serves as both an internal control artifact and a starting point for the review conversation with your controller or audit committee.