diff --git a/pkg/controller/vdc/serviceaccount_controller.go b/pkg/controller/vdc/serviceaccount_controller.go
index 40c15b7..c7edf72 100644
--- a/pkg/controller/vdc/serviceaccount_controller.go
+++ b/pkg/controller/vdc/serviceaccount_controller.go
@@ -59,30 +59,23 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 		return err
 	}
 
+	err = c.Watch(&source.Kind{
+		Type: &bankvaultsv1alpha1.Vault{}},
+		&handler.EnqueueRequestsFromMapFunc{
+			ToRequests: handler.ToRequestsFunc(func(h handler.MapObject) []reconcile.Request {
+				return getRequestsForAllAnnotatedServiceAccounts(mgr)
+			}),
+		},
+	)
+	if err != nil {
+		return err
+	}
+
 	err = c.Watch(&source.Kind{
 		Type: &corev1.ConfigMap{}},
 		&handler.EnqueueRequestsFromMapFunc{
 			ToRequests: handler.ToRequestsFunc(func(h handler.MapObject) []reconcile.Request {
-				namespaces := &corev1.NamespaceList{}
-				mgr.GetClient().List(context.TODO(), namespaces)
-				requests := []reconcile.Request{}
-				for _, ns := range namespaces.Items {
-					serviceAccounts := &corev1.ServiceAccountList{}
-					mgr.GetClient().List(context.TODO(), serviceAccounts, client.InNamespace(ns.ObjectMeta.Name))
-					for _, sa := range serviceAccounts.Items {
-						if val, ok := sa.ObjectMeta.Annotations[AutoConfigureAnnotation]; ok {
-							if val == "true" {
-								requests = append(requests, reconcile.Request{
-									NamespacedName: types.NamespacedName{
-										Name:      sa.ObjectMeta.Name,
-										Namespace: sa.ObjectMeta.Namespace,
-									},
-								})
-							}
-						}
-					}
-				}
-				return requests
+				return getRequestsForAllAnnotatedServiceAccounts(mgr)
 			}),
 		},
 	)
@@ -93,6 +86,29 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 	return nil
 }
 
+func getRequestsForAllAnnotatedServiceAccounts(mgr manager.Manager) []reconcile.Request {
+	namespaces := &corev1.NamespaceList{}
+	mgr.GetClient().List(context.TODO(), namespaces)
+	requests := []reconcile.Request{}
+	for _, ns := range namespaces.Items {
+		serviceAccounts := &corev1.ServiceAccountList{}
+		mgr.GetClient().List(context.TODO(), serviceAccounts, client.InNamespace(ns.ObjectMeta.Name))
+		for _, sa := range serviceAccounts.Items {
+			if val, ok := sa.ObjectMeta.Annotations[AnnotationPrefix+"/"+AutoConfigureAnnotation]; ok {
+				if val == "true" {
+					requests = append(requests, reconcile.Request{
+						NamespacedName: types.NamespacedName{
+							Name:      sa.ObjectMeta.Name,
+							Namespace: sa.ObjectMeta.Namespace,
+						},
+					})
+				}
+			}
+		}
+	}
+	return requests
+}
+
 var _ reconcile.Reconciler = &ReconcileServiceAccount{}
 
 type ReconcileServiceAccount struct {
@@ -292,13 +308,9 @@ func addOrUpdatePolicy(bvConfig *BankVaultsConfig, metadata metav1.ObjectMeta, c
 		Name:      metadata.Name,
 		Namespace: metadata.Namespace,
 	})
-	for _, r := range bvConfig.Policies {
+	for i, r := range bvConfig.Policies {
 		if r.Name == metadata.Name {
-			existingPolicy, err := bvConfig.GetPolicy(metadata.Name)
-			if err != nil {
-				return err
-			}
-			existingPolicy.Rules = parsedBuffer.String()
+			bvConfig.Policies[i].Rules = parsedBuffer.String()
 			return nil
 		}
 	}