Blog homeKYC for AI AgentsIntegration guideEU AI Act checklistCompare
← Back to blog
· By

AI Identity Management Challenges in Financial Services: A Case Study

A realistic case study of how financial institutions can move from shared credentials and weak auditability toward agent-grade identity controls.

Preferred source on Google
AI Identity Management Challenges in Financial Services: A Case Study
Table of Contents

AI Identity Management Challenges in Financial Services: A Case Study

Financial services institutions are under pressure from two directions at once. On one side, they are expected to modernize: automate onboarding, accelerate compliance operations, improve fraud detection, support relationship managers with better research, streamline internal operations, and reduce the cost of repetitive control work. On the other side, they remain accountable for some of the most heavily scrutinized controls in the economy: customer data protection, operational resilience, segregation of duties, model governance, evidentiary recordkeeping, third-party oversight, and the ability to explain how material decisions were made.

That tension is exactly why AI identity management matters so much in this sector. Financial firms rarely deploy AI into a clean, greenfield environment. They deploy it into ecosystems full of regulated data, privileged systems, legacy service accounts, layered outsourcing relationships, and strict expectations about governance. The result is that the biggest AI security problems in financial services are often not purely “model” problems. They are identity problems. Who is the acting principal? What systems is it allowed to touch? Which actions are delegated, approved, or monitored? How quickly can the firm revoke authority if the system behaves unexpectedly?

The IOSCO report on the use of AI and machine learning by market intermediaries and asset managers is revealing here. It identifies governance and oversight, algorithm development and ongoing monitoring, data quality and bias, transparency and explainability, outsourcing, and ethical concerns as key risk areas. The European Banking Authority’s guidance on ICT and security risk management reinforces the need for robust internal governance, information security, ICT operations, project and change management, and business continuity. None of that is easy to satisfy if AI systems are using shared credentials, broad integration tokens, or loosely supervised automations.

This article uses a realistic case study to show why AI identity management is becoming a distinct problem in financial services and how firms can address it without shutting down innovation.

The case study: NorthBridge Capital Markets

Imagine a mid-sized multinational financial services firm we will call NorthBridge Capital Markets. NorthBridge offers wealth management, market intermediation, and institutional research. Like many firms, it has been adopting AI through several channels at once.

The client onboarding team uses AI-assisted document extraction to accelerate KYC reviews. The fraud operations group uses model-assisted triage for suspicious activity alerts. Relationship managers use internal research copilots to summarize client exposure and recent market developments. Technology teams use coding assistants. Compliance teams are experimenting with AI to classify communications and flag supervisory concerns. An innovation group has also built a set of lightweight internal agents that can gather information from policy repositories, ticket systems, and client service logs.

None of these uses is reckless on its own. In fact, each is individually reasonable. The problem appears when the risk office asks a deceptively simple question: what are the identities of these systems, and what exactly are they allowed to do?

That question reveals five structural problems at once.

Challenge 1: shared service accounts hide the real actor

NorthBridge’s AI tools were deployed by different teams at different times. Several of them authenticate into downstream systems using the same service principals already used by the surrounding applications. For example, the internal research copilot and the client service summarization workflow both rely on the same backend integration account to retrieve CRM data and notes. The fraud triage workflow uses a broader data integration account than it actually needs because that was the fastest path to production.

From an engineering perspective, this was convenient. From a control perspective, it is weak. If the institution needs to reconstruct which system accessed which data under which context, the logs only show the shared principal. The distinction between a human user, a retrieval assistant, and a case triage workflow begins to blur.

This is exactly the kind of accountability gap that becomes painful in audit and incident response. Identity is the first layer of explanation. When it is shared, the institution starts every investigation with ambiguity.

The zero trust perspective in NIST SP 800-207 helps explain why this matters. Trust should not be inherited simply because something runs “inside” the enterprise. Authentication and authorization should be evaluated before access is granted. In NorthBridge’s case, the problem is that the institution cannot evaluate AI principals cleanly because multiple systems are piggybacking on the same identities.

Challenge 2: the scope of AI authority expands faster than governance

When NorthBridge first piloted AI workflows, most were advisory. A system summarized, suggested, or classified. Over time, some acquired more active roles. The fraud operations workflow now pushes recommended dispositions into a case-management queue. An internal support agent can open tickets and route them. A client communications assistant drafts responses and in some business units can pre-fill templates that go to a human for final release.

Each expansion looked modest. But the institution never redesigned its identity model as the authority profile changed. The same credentials that supported read-only retrieval now support action-adjacent workflows. The same integration policies that were acceptable in a pilot now govern systems that influence client communications and operational prioritization.

This is a classic financial-services governance problem. The risk profile changed faster than the control environment. IOSCO’s guidance emphasizes that firms should have designated senior oversight, continuous testing and monitoring, and documented frameworks around deployment and substantial updates. If a workflow moves from advisory to action-taking, that is not a cosmetic change. It is a control boundary change.

Challenge 3: third-party AI dependency creates layered accountability

NorthBridge’s AI estate includes internal applications, SaaS tools with built-in AI features, external model APIs, and workflow platforms. This means that some actions flow through several organizations before they complete. Client data may be retrieved from NorthBridge’s own systems, transformed by a third-party model provider, passed through a workflow service, and returned to a bank-owned application.

When something goes wrong, responsibility becomes harder to untangle. Was the risk created by the bank’s identity design, the SaaS vendor’s retention policy, the model host’s control surface, or the workflow tool’s connector logic? Usually the answer is some combination of all four.

IOSCO explicitly highlights outsourcing and due diligence as a risk area, and the EBA guidance similarly emphasizes internal and external ICT and security risk management. In practice, that means AI identity management cannot stop at internal IAM. Firms need a clear view of where third-party dependencies begin, which identities are brokered through external services, and which data flows leave the immediate enterprise boundary.

Challenge 4: segregation of duties becomes harder when the actor is not human

Financial institutions are used to separation-of-duties thinking in human workflows. One person enters data, another approves, another reconciles. AI complicates that model because the agent may sit in the middle of several control steps at once. It may retrieve data, classify it, generate a recommendation, and route the next action. If all of those steps run under one broad identity, the institution can end up with a functionally merged control path that no one designed explicitly.

At NorthBridge, this shows up in alert operations. An AI-assisted fraud workflow can retrieve case data, summarize prior decisions, propose next steps, and populate fields that strongly shape human follow-on decisions. The final approval may still be human, but the informational and workflow influence of the AI identity is substantial. If that identity is too broad, or its evidence trail is too weak, segregation of duties becomes more theoretical than real.

This is one reason AI identity management should never be reduced to “Can it log in?” The better question is whether the system’s identity, authority, and evidence model preserve the control intent of the workflow.

Challenge 5: revocation is slow when identities are not purpose-built

NorthBridge’s red team runs a tabletop exercise involving a model-assisted internal agent that begins surfacing abnormal behavior. Nothing catastrophic has happened yet, but the institution wants to narrow or suspend the workflow while it investigates. The team quickly discovers that containment is clumsy. Because the agent relies on shared service principals and broad integrations, revoking access without collateral damage affects unrelated workflows. Prompt edits are faster than true authority reduction, but prompt edits are not reliable containment.

This is the hidden operational cost of weak AI identity design. Fast revocation is easy only when identities are distinct, scopes are separable, and the control plane can turn down access without pulling down unrelated services.

The remediation program NorthBridge actually needs

The answer is not to stop using AI. The answer is to redesign how AI principals are represented and governed.

1. Create a dedicated AI principal inventory

NorthBridge needs a registry of every AI system that can access regulated data, influence decisions, or take operational actions. This inventory should include owner, purpose, environment, data classes, downstream systems, model provider, credential type, approval status, and whether the system is advisory or action-taking.

This gives the first real picture of where AI identity risk exists.

2. Replace shared credentials with distinct AI identities

Every meaningful AI workflow should receive a dedicated identity or non-human principal representation. The exact mechanism may vary by architecture, but the institution needs to stop hiding multiple AI behaviors inside generic backend accounts.

This change improves attribution immediately. It also makes least privilege, audit review, and revocation much more practical.

3. Bind financial and regulatory scope explicitly

It is not enough to say that a fraud assistant can “access case data” or a client research assistant can “use CRM.” The institution should specify object-level, action-level, and environment-level scope. Which records? Which business lines? Which operations are read-only? Which actions require human approval? Which regions or legal entities are in scope?

The more regulated the action, the more explicit the scope should be.

4. Add runtime evidence for each material action

If an AI system influences a regulated workflow, the bank should preserve evidence about who invoked it, which identity acted, what data domain was touched, what recommendation or action was generated, what approval path applied, and what happened next.

This matters for internal review, supervisory dialogue, and customer-impact investigations alike.

5. Build a revocation and fallback playbook

NorthBridge should assume that some AI systems will need to be constrained quickly at some point. That means every important AI identity should have a documented suspension path and an associated fallback mode, such as human-only review, narrower access, or read-only operation.

This is an operational resilience requirement as much as a security feature.

Why evidentiary quality matters as much as access control

Financial institutions often discover that “good enough” logging is not good enough once a control, customer, or supervisor asks for a full reconstruction of an AI-influenced workflow. It is one thing to know that a service principal queried a case system. It is another to show which AI workflow initiated that query, what business purpose it served, whether it was operating in an advisory or action-taking mode, what recommendation it produced, and whether a human reviewer overrode or accepted it.

That level of evidence matters because many financial processes are already governed by layered expectations around recordkeeping, operational risk, model oversight, and challenge. AI introduces additional ambiguity unless the institution can preserve the context of action. In practical terms, that means AI identity management should be designed with evidentiary quality in mind from the start.

At NorthBridge, once the program team begins thinking in those terms, the roadmap improves. The question is no longer merely how to let an AI assistant reach the right system. The question becomes how to make every meaningful AI action attributable, reviewable, and contestable later. That shift sounds procedural, but it is actually liberating. It gives risk, compliance, and engineering teams a shared objective that is more concrete than “be responsible with AI.”

This is also why generic logs are often insufficient. Institutions need action-linked evidence, not only infrastructure telemetry. The more customer-impacting or regulated the workflow, the more important that distinction becomes.

For financial firms, this is where AI identity management stops being a niche engineering concern and becomes part of mainstream control design. It is the bridge between useful automation and defensible governance everywhere.

What this case study teaches more broadly

The NorthBridge example is realistic because it does not depend on a dramatic breach. Most financial firms do not wake up to one giant AI catastrophe. They wake up to a slow accumulation of unmanaged complexity: shared credentials, unclear ownership, outsourced dependencies, insufficient evidence, and a governance model built for people and applications rather than model-driven actors.

That is why AI identity management is a better framing than “AI access control” alone. The institution needs a principal model. It needs to know what the AI system is in security terms, not just what business task it helps with.

NIST’s AI RMF and Generative AI Profile provide a broad risk-management structure. NIST SP 800-207 provides the access philosophy. IOSCO and the EBA provide a sector-specific reminder that governance, monitoring, third-party oversight, and operational resilience are supervisory expectations, not optional extras.

For financial institutions, the bottom line is straightforward. If AI systems can influence onboarding, fraud, client communication, research, or operational decisions, they need identities that are distinct, scoped, monitored, and revocable with the same seriousness applied to other high-trust actors.

For a more implementation-oriented financial-services view, see our article on NCCoE non-human identity work in fintech. Teams operating under European regulatory pressure should also review our EU AI Act compliance roadmap for high-risk AI systems, which translates these control expectations into a phased program.

FAQ

Why is AI identity management a distinct problem in financial services?

Because financial institutions combine sensitive data, high-value transactions, strict governance expectations, and layered third-party dependence. AI systems operating in that environment need stronger identity, evidence, and control boundaries than generic enterprise productivity tools.

Is this only relevant for autonomous trading or decision systems?

No. It also applies to onboarding assistants, fraud triage, internal research copilots, communications workflows, service agents, and any system that touches regulated data or materially influences operational decisions.

What is the biggest identity mistake firms make?

Using shared service accounts or broad integration tokens for multiple AI workflows. That undermines attribution, makes least privilege harder, and complicates revocation during incidents.

How does this relate to regulatory expectations?

Sector guidance from IOSCO and the EBA emphasizes governance, oversight, monitoring, third-party due diligence, and resilient ICT risk management. AI identity management is one of the most practical ways to implement those expectations for model-driven systems.

Do financial firms need separate identities for every AI workflow?

For meaningful workflows, yes. Especially where the workflow touches sensitive data, can act in downstream systems, or influences regulated decisions. Distinct identities improve attribution, policy precision, and incident containment.

What should a bank do first?

Create an inventory of AI principals and distinguish between advisory systems and action-taking systems. That gives the institution a baseline for replacing shared credentials, narrowing scope, and improving evidence collection.

References

Kakunin Team
Published June 25, 2026
All articles →
Read more from the blog
Documentation →
API reference and guides