Agentic AI in financial services needs delegation, not impersonation

At a glance

What this is: This panel-based analysis argues that financial services need delegation and agent-level identity to govern agentic AI safely.

Why it matters: It matters because IAM, PAM and identity governance teams must decide how to assign authority, audit actions, and preserve accountability when non-human actors start taking decisions.

By the numbers:

• Gartner forecasts that by 2028, autonomous agents will drive 20% of digital storefront interactions and make 15% of daily work decisions in financial services.

👉 Read Raidiam's analysis of agentic AI, delegation and digital trust in finance

Context

Agentic AI in financial services raises a governance problem that human IAM models do not solve cleanly: how do you assign and prove authority when a software actor can act independently? The article frames the issue around impersonation versus delegation, and that distinction matters because impersonation hides who really acted, while delegation can preserve auditable authority chains.

For identity teams, the core question is not whether AI can automate tasks. It is whether the organisation can control non-human actors with unique identity, scoped authority, and reviewable logs in a way that survives regulatory scrutiny, customer challenge, and internal investigation.

Key questions

Q: How should security teams govern agentic AI that acts on behalf of users?

A: Security teams should govern agentic AI with explicit delegation, unique agent identities, and tightly scoped permissions. The goal is to avoid borrowed human credentials and instead create a clear record of who authorised the agent, what it may do, and how its actions are logged for audit and compliance.

Q: Why does impersonation create risk in financial services AI workflows?

A: Impersonation creates risk because it hides the true actor behind a human account, which weakens accountability, non-repudiation and incident reconstruction. When an autonomous system uses a borrowed identity, the organisation may be unable to prove whether a person or machine made the decision that triggered the action.

Q: What should organisations do before allowing AI agents into regulated processes?

A: Organisations should define the agent’s purpose, authority boundary, logging requirements and ownership before it enters any regulated process. If those elements are unclear, the workflow is too risky to delegate because compliance evidence, access review and incident response will all be compromised.

Q: Who is accountable when an autonomous agent takes a financial action?

A: Accountability should sit with the business owner who authorised the agent, the technical team that granted its permissions, and the governance function that approved the operating model. A delegated agent does not remove accountability. It makes the accountability chain visible and testable.

Technical breakdown

Why impersonation breaks auditability in agentic workflows

Impersonation lets an AI system borrow a human identity to reach tools or data, but that collapses the identity boundary the moment the agent acts. The result is an action trail that appears human even when the decision path was machine-driven, which makes non-repudiation, entitlement review and incident reconstruction materially weaker. In regulated environments, that ambiguity is not a minor control gap. It can become a compliance problem because the organisation cannot cleanly show who authorised what, when, and under which constraints.

Practical implication: stop treating agent activity as a human session with a different interface, and design for separate identity and logging.

Delegation and KYA as the control model for autonomous agents

Delegation gives an agent explicit authority for a bounded purpose instead of inheriting broad access through a human account. That approach supports KYA, or Know Your Agent, where the enterprise can identify the specific software actor, its scope, and the basis for its permissions. The governance value is not just tighter access. It is the ability to enforce traceable responsibility across the full action chain, including customer-facing interactions, internal tool use, and regulatory evidence generation.

Practical implication: issue unique identities for agents and tie each to a documented purpose, owner, and authority boundary.

Digital public infrastructure and open standards for cross-sector trust

Digital public infrastructure is the shared, standards-based trust layer that allows identity, policy and interoperability to extend across organisations. In the financial services context, that matters because agentic systems often need to move across banks, fintechs, data providers and consent rails without reintroducing impersonation. Open standards reduce bespoke integrations, but they also force a clearer separation between identity proofing, authorisation and transaction execution. That separation is what makes governance scalable rather than ad hoc.

Practical implication: align agent identity design to standards-based trust rails instead of building one-off exceptions for each workflow.

NHI Mgmt Group analysis

Impersonation is the wrong identity pattern for agentic AI. It hides machine action behind a human account, which breaks auditability and weakens accountability in regulated workflows. Financial services cannot prove delegated intent, review agent behaviour cleanly, or separate human from autonomous actions when the identity surface is collapsed into one account. Practitioners should treat impersonation as a structural governance failure, not a temporary shortcut.

Delegation is the only model that preserves governance when agents act independently. Explicit authority, scoped permissions and unique agent identity create a verifiable control chain that human-centric IAM was never designed to produce for autonomous actors. This is where the discipline shifts from access management to identity-level accountability across machine decisions. Practitioners should reset their governance model around bounded authority, not borrowed credentials.

Know Your Agent is emerging as the agentic equivalent of identity proofing. The article’s KYA framing reflects a broader market need to know which software actor is acting, why it is acting, and what authority it has been granted. That is a stronger basis for policy enforcement than assuming all automation is safe if it is technically authenticated. Practitioners should expect KYA-like controls to become a normal requirement for high-trust AI workflows.

Digital public infrastructure is becoming the trust fabric for cross-organisational agent identity. Financial services cannot scale agentic AI securely if every participant invents its own trust model and delegation language. Shared standards and interoperable rails reduce identity fragmentation, which is where accountability breaks down in multi-party ecosystems. Practitioners should evaluate whether their identity architecture can survive inter-organisation delegation, not just internal automation.

Agentic AI forces IAM, PAM and compliance teams to converge on one question: who can act on whose behalf? The article shows that this is no longer a theoretical architecture discussion. As autonomous agents become more common, the organisation needs a durable answer that works across consent, access, logging and regulatory evidence. Practitioners should align governance, architecture and audit evidence around delegated authority, not user impersonation.

From our research:

• 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• For a broader operating model, see OWASP NHI Top 10 for the control failures most likely to surface as agentic deployments scale.

What this signals

Delegation will become the default governance pattern for agentic AI: financial services teams that keep relying on impersonation will struggle to produce defensible audit trails, especially as agent activity spreads across customer service, risk and operations. As deployment grows, identity teams need a model that survives shared platforms, third-party data rails and regulatory challenge.

The practical test is whether the programme can prove which software actor acted, under what authority, and with what scope. If that cannot be answered cleanly, the environment is already operating below the governance standard that agentic AI requires. The next phase is less about automation maturity and more about accountability architecture.

If your organisation is building shared trust rails, use Ultimate Guide to NHIs , 2025 Outlook and Predictions to benchmark where agent identity, lifecycle governance and interoperability are heading.

For practitioners

• Separate agent identity from human identity Create unique identities for autonomous agents and prohibit shared human accounts for machine actions. Tie each identity to an owner, purpose, approval path and logging policy so that audit evidence remains defensible.
• Define delegated authority boundaries Scope each agent to the minimum set of actions it needs for a specific use case, then document what it cannot do. Review those boundaries as business processes change, especially where customer data or financial transactions are involved.
• Require immutable logs for agent actions Capture the request, identity, policy decision and downstream action in a form that supports forensic review and regulatory challenge. Logging should prove which agent acted, under what authority, and on which dataset or system.
• Map KYA controls into IAM and PAM governance Treat Know Your Agent as a control objective that spans onboarding, access approval, exception handling and offboarding. The same governance discipline used for privileged human access should be adapted for autonomous actors and their delegated permissions.

Key takeaways

• Agentic AI changes the identity problem from user authentication to delegated authority and accountable action.
• Impersonation weakens auditability, while unique agent identity and explicit delegation preserve the evidence chain regulators and security teams need.
• Financial services teams should align IAM, PAM and compliance around KYA-style governance before autonomous workflows scale further.

Key terms

• Agentic AI: Software that can decide and act within a defined task boundary without waiting for a person at each step. In identity terms, it creates a governance problem because the actor can change state, select tools, and trigger downstream actions while still needing a traceable authority model.
• Delegation: The act of granting a specific actor limited authority to perform a bounded task on someone else’s behalf. For AI agents, delegation is more governable than impersonation because it preserves ownership, scoping, and auditability instead of hiding actions inside a borrowed identity.
• Know Your Agent: A control concept for identifying, scoping, and governing an AI agent as a distinct identity. It extends identity assurance thinking into autonomous systems by requiring the organisation to know what the agent is, what it can do, and who is accountable for its actions.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.

This post draws on content published by Raidiam: From Impersonation to Delegation, Agentic AI Transforming Financial Services. Read the original.