AI governance in financial services now depends on identity security

At a glance

What this is: This is a financial-services analysis arguing that AI governance depends on identity security because access, auditability, and SoD all run through identity.

Why it matters: It matters because IAM, IGA, PAM, and NHI teams will be asked to prove control over both human and AI access paths as AI adoption moves into regulated workflows.

By the numbers:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

👉 Read SailPoint's analysis of AI governance and identity security in financial services

Context

AI governance in financial services is shifting from policy discussion to control enforcement. The practical problem is simple: if human users, service accounts, and AI agents can all reach the same data and APIs, then identity becomes the only durable way to prove who or what was allowed to act.

The article’s central claim is that AI governance in finance cannot be separated from identity governance. That framing is especially relevant for regulated environments where auditors will expect traceable access decisions, not broad assurances about model oversight or platform monitoring.

Key questions

Q: How should financial services teams govern AI agents that access regulated data?

A: Treat AI agents as identities that must be governed through entitlement scope, policy enforcement, and audit evidence. That means linking each agent to a clear owner, restricting the data and tools it can reach, and proving every high-risk action was authorised. If the access path cannot be reconstructed, the control is not audit-ready.

Q: Why do AI agents complicate least privilege in regulated environments?

A: AI agents complicate least privilege because their runtime behaviour is not fully known when access is granted. An agent can select tools, combine data sources, and trigger downstream actions that widen effective privilege beyond the original approval. Static role design is therefore necessary but not sufficient for governance.

Q: What do IAM teams get wrong about AI governance in finance?

A: They often treat AI governance as a model oversight issue instead of an identity problem. In regulated workflows, the decisive control is whether access, delegation, and evidence are tied to the actor that actually performed the action. Without that link, policy statements do not translate into enforceable controls.

Q: Who is accountable when an AI system violates Separation of Duties?

A: Accountability should sit with the business and control owners who approved the workflow, the identity team that provisioned access, and the system owner who allowed the action path. In practice, SoD failures usually expose gaps in governance design, not just a single technical misconfiguration.

Technical breakdown

Identity governance as the control plane for AI access

Financial-services AI governance becomes enforceable only when identity controls sit between the actor and the resource. That means access decisions, entitlement scope, data reach, and audit evidence all need to be bound to identity records, not to informal business approval or one-time onboarding. In practice, this affects human users, service accounts, and AI agents alike because each can request, inherit, or chain access into regulated systems. When identity is weak, AI governance becomes a statement of intent rather than an operational control.

Practical implication: map every AI-enabled workflow to an accountable identity and entitlement record before it touches customer, trading, or compliance data.

Why least privilege and SoD break down in agentic AI

Agentic AI introduces a moving target for least privilege because the runtime path is not always known in advance. An agent may select tools, combine data sources, and trigger downstream actions in ways that create separation-of-duties conflicts across steps that no single static policy anticipated. SoD is still relevant, but it must be evaluated against actual action chains, not just account provisioning. That is why static role design alone is insufficient when agents can cross functional boundaries within one session.

Practical implication: review AI workflows for tool-chaining and cross-system entitlement conflicts, not just for role membership at provisioning time.

Audit evidence must prove who acted, what data moved, and why

In regulated finance, AI governance fails if you cannot reconstruct the access path after the fact. Auditability requires a complete trail that links the identity, the data accessed, the policy decision, and the resulting action. For human identities this is already hard; for AI agents it becomes harder because actions can happen quickly, repeatedly, and across systems. The governance question is no longer whether the model produced a useful answer, but whether the organisation can prove the action was authorised and bounded.

Practical implication: require logs that connect identity, policy, data access, and action outcome across the full AI transaction path.

NHI Mgmt Group analysis

AI governance in financial services is now an identity governance problem, not a model governance side topic. The article is right to elevate identity security because the systems that access data, invoke APIs, and move information are the real enforcement point. When regulated workflows span humans, service accounts, and AI agents, the governance question becomes who or what was allowed to act, on which data, and under which policy state. Practitioners should treat identity as the control surface for AI regulation, not as a supporting input.

Identity security foundation: financial AI governance depends on a control plane that can unify human, NHI, and agentic access decisions. That is the right conceptual frame because AI governance without access governance cannot produce auditable outcomes. The discipline now has to connect entitlement management, policy enforcement, and evidence generation across actor types, or else the audit trail will fragment at the first delegated action. Practitioners should expect AI programmes to fail governance review wherever identity records do not carry the full decision context.

Least privilege is no longer just a provisioning model when AI agents can choose actions at runtime. The traditional assumption is that access can be scoped once and then reviewed later, but agentic systems can expand the effective blast radius by combining tools, data, and timing in ways that were not predeclared. That is an assumption problem, not just a tooling gap. Practitioners need to re-evaluate how they define privilege boundaries when runtime behaviour is part of the authorisation problem.

Financial services will increasingly be judged on whether AI access is provable, not merely permitted. The Treasury framework and NIST AI RMF direction both point to evidence, mapping, measurement, and governance as operational expectations. In practice, that means identity teams will be pulled into AI oversight whether or not they own the models. Practitioners should prepare for identity evidence to become a required control artifact in AI assurance.

Cross-actor governance is where current programmes will be tested first. The hardest failures will occur where a human approves a workflow, a service account executes it, and an AI agent selects the next action without a clear boundary between them. That is where lifecycle, PAM, and NHI controls must converge. Practitioners should assume the first governance gaps will appear at the handoff points between actor types, not in the model itself.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• For a broader framework view, see Ultimate Guide to NHIs for lifecycle, visibility, and Zero Trust control patterns.

What this signals

Identity governance teams should expect AI oversight to move into existing access review, certification, and privileged access processes. The programme change is not a new silo, but a stricter evidentiary standard for the same governance motions. When identity records cannot show who or what accessed regulated data, the AI control story will not survive audit scrutiny.

With 92% of organisations saying AI agent governance is critical but only 44% implementing policies, the gap is no longer awareness but execution, according to AI Agents: The New Attack Surface report. That gap will push practitioners toward better lifecycle tracking, entitlement review, and policy evidence across human and non-human actors.

Agentic AI identity should be treated as part of the same lifecycle discipline as NHI governance. The practical signal is simple: if access can be granted, delegated, and acted on faster than your review cadence, the programme needs tighter control boundaries and better evidence capture.

For practitioners

• Map AI-enabled workflows to accountable identities Inventory which human users, service accounts, and AI agents can access regulated data and APIs, then tie each workflow to a named owner and policy record.
• Rebuild SoD checks around runtime action chains Evaluate whether an AI workflow can combine steps that should remain separated, especially when the agent can call multiple tools in one session.
• Require auditable policy evidence for every AI action Capture the identity, entitlement, data touched, and action result so auditors can reconstruct why a workflow was allowed to run.
• Treat AI access reviews as lifecycle events Review who approves, certifies, and offboards AI access with the same discipline used for high-risk NHI and privileged human access.

Key takeaways

• AI governance in financial services is becoming an identity security problem because access control is the only durable way to enforce policy across human and AI actors.
• The article’s core warning is supported by broad industry concern: AI agents are already acting outside intended scope in most organisations.
• Practitioners should respond by tying AI workflows to accountable identities, runtime SoD checks, and audit evidence that proves why each action was allowed.

Key terms

• Agentic AI Identity: An agentic AI identity is the access identity assigned to an AI system that can choose actions and tools at runtime. It must be governed like a high-risk non-human actor, with clear ownership, bounded entitlements, and evidence of every action it takes in regulated environments.
• Identity Governance: Identity governance is the set of controls used to decide who or what can access resources, under what conditions, and with what evidence. In AI programmes, it extends from human users to service accounts and AI agents, making access policy the practical enforcement layer for AI oversight.
• Separation Of Duties: Separation of duties is the control that prevents one identity from completing all steps of a sensitive process without oversight. For AI systems, the test is whether the actor can chain actions across tools or systems in a way that defeats the intended control boundary.
• Runtime Privilege Boundary: A runtime privilege boundary is the effective limit on what an identity can do during a live session, not just what it was granted at provisioning. It matters for AI agents because their actual action path can expand or combine privileges faster than static policy reviews can detect.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance in your organisation, it is worth exploring.

This post draws on content published by SailPoint: The unbreakable link between AI in financial services and identity security. Read the original.