Fexco Pacific is a long-established financial services company operating across New Zealand and 10+ Pacific Island nations. With over 100 retail locations, including airports, and a workforce of 450, its teams handle foreign exchange, money remittance and international business payments around the clock.
As a cross-border provider, security and compliance have always been important – Fexco Pacific must meet strict AML, KYC and governance standards. But when its international parent company conducted a cybersecurity audit, it found that Fexco Pacific needed to take those security and governance practices even further, explains Jane Quinn, Fexco Pacific’s Group Risk and Compliance Manager.
Legacy systems, dispersed workforce
Although Fexco Pacific has grown into a large, multi-country operation, its technology environment was still built around an old on-premise server in New Zealand. Back-office teams across the Pacific connected to it through VPN, and every login created a new potential security breach.
On top of that, with staff moving between stores, working shifts, and sharing devices, it was increasingly challenging to monitor logins, user permissions and access to company devices. On some islands, IT expertise was limited, so devices were often set up as best as local teams could manage, with no way to verify that the configuration was consistent.
Devices that should have been decommissioned and removed from service sometimes reappeared online, used by new, private owners. All of this created a level of risk and complexity that couldn’t be managed manually.
“We relied on the Kaseya agent being installed on every device,” Jane explains. “I used to keep a spreadsheet and put a column in for which country it was in, and which branch.”
With more than 400 devices moving around 10 nations, it was an almost impossible task.
“You could spend three or four weeks trying to hunt down where these devices are – and still not find them,” she recalls.
Leaning on a 15+ year partnership for guidance
Many years earlier, Fexco Pacific had approached its long-term IT provider, CodeBlue, about a different project. At the time, CodeBlue recognised it wasn’t the best fit and recommended another provider instead – an act of professional integrity that left a lasting impression on Jane. That transparency was the reason why she turned to CodeBlue again after the cybersecurity audit.
“Now they’ve got a lot more cybersecurity knowledge with this latest audit, I didn’t need to go anywhere else.”
CodeBlue proposed a plan focused on three major changes: migrating Fexco Pacific to SharePoint and Microsoft 365, standardising device setup with Microsoft Intune, and strengthening cybersecurity processes and oversight. Throughout the project, the working relationship was deeply collaborative.
“We managed the whole journey together,” Jane explains.
CodeBlue’s team took the time to understand the realities of running a financial services network spread across remote islands. Jane says they worked closely with both the New Zealand team and the parent company in Ireland to ensure that every recommendation aligned with Fexco Pacific’s operational needs and regulatory pressures.
A more secure, efficient and compliant Fexco Pacific.
From weeks of manual work to real-time visibility
Before the project, tracking down devices could take Jane and her team three or four weeks. With Intune, that job disappeared almost entirely.
“Now that we manage our devices centrally, we can see where they are and who is using them,” she says. “It gives us the assurance that we know where things are.”
Every device across Fexco Pacific’s network now follows the same setup processes, receives the same updates, and is governed by the same security rules. Even decommissioning now takes seconds.
“With Intune, we hit the decommission button, and it’s gone,” Jane says.
Centralised, cloud-based system
Moving files to the cloud removed the need for VPN access and eliminated many of the vulnerabilities of the old on-premise server. Staff can now access documents reliably, collaborate in real time, and work without being slowed down by fragile internet connections.
“The ability to share a file and work on it at the same time is really good,” Jane says. “Permissions are so much easier to manage now.”
Stronger, clearer cybersecurity compliance
CodeBlue also helped Fexco Pacific elevate all associated information security documentation – from policies and procedures to naming conventions and evidence trails. This means that Fexco Pacific will not only meet future audit requirements but also have the necessary paperwork to demonstrate its compliance efforts.
“A lot of the findings in the audit were about documentation – they were very particular about what documents we had and how we worded them,” Jane explains.
Prepared, protected and moving forward
Technology is constantly changing, threats continue to evolve, and compliance expectations rise each year. But Fexco Pacific is now well positioned to keep pace with it all. With modern cloud tools, the organisation has remote oversight of every device across every region. Real-time visibility and consistent policy guidelines help teams handle issues quickly – without manual checks.
Perhaps most importantly, Fexco Pacific can demonstrate its cybersecurity maturity – a critical requirement for audits and meeting the expectations of its parent company.
With CodeBlue as a long-term partner, Fexco Pacific won’t be navigating these challenges alone.
