TL;DR: Digital finance is moving from experimentation to infrastructure, and Sumsub’s Consensus Miami podcast episode shows that institutions now care less about tokenization hype than about custody, payments, compliance, and fraud control across 24/7 rails. The operational lesson is that safer infrastructure does not remove fraud risk; it changes where identity, transaction, and governance controls must sit.
At a glance
What this is: This podcast episode examines how institutions are building digital-asset infrastructure and why fraud, custody, compliance, and operational controls now matter more than tokenization headlines.
Why it matters: It matters because IAM, NHI, and governance teams increasingly have to secure service access, regulated workflows, and transaction integrity across always-on financial rails.
👉 Read SumSub's podcast on building digital-asset infrastructure and fraud risk
Context
Digital finance is becoming infrastructure rather than experiment, which means the identity and access problem is no longer confined to a trading desk or a wallet team. As custody, payments, tokenization, and compliance workflows move into production, the main question becomes how institutions prove that the right systems and actors can move assets safely at all.
For identity practitioners, this is a governance problem as much as a fraud problem. Digital-asset programmes now depend on service accounts, licensed third parties, workflow approvals, and continuous transaction monitoring, so the control plane has to cover both machine access and operational decision-making. That makes this topic relevant to NHI governance, IAM, and lifecycle management at the same time.
Key questions
Q: How should security teams govern digital-asset custody when third parties are involved?
A: Treat the third party as part of the identity model, not as an external exception. Scope its access to the minimum operational task, review what it can initiate or approve, and require explicit offboarding when the service relationship changes. If the provider can touch value, the lifecycle controls must be as strict as for any other high-risk identity.
Q: Why do custody controls not fully solve fraud risk in digital finance?
A: Custody controls protect how assets are stored, but fraud often happens through valid-looking transfer paths, delegated access, or manipulated approvals. That means a secure vault can still sit beside weak transaction screening, poor KYT, or over-broad workflow permissions. Teams need both storage assurance and movement assurance.
Q: What do institutions get wrong about tokenization and operational risk?
A: They often focus on whether assets can be tokenized and forget that distribution, compliance, and access governance are what make the model usable in production. The operational risk is not just technical feasibility. It is whether the right actors can access the asset in the right way under real regulatory and fraud constraints.
Q: Who is accountable when a licensed provider moves assets on behalf of a bank?
A: Accountability stays with the institution that chose the operating model, even when execution is delegated. The provider may hold or move the asset, but the bank still needs clear scope, monitoring, approval boundaries, and offboarding evidence. Delegation does not remove governance obligations.
Technical breakdown
Why digital-asset infrastructure changes the identity boundary
Digital-asset infrastructure does not behave like a normal business application because it merges custody, payments, compliance, and market-facing operations into one always-on control surface. That means identity is not just about user login. It also covers service access, transaction authorisation, external provider entitlements, and the systems that move value on behalf of institutions. In practice, the attack surface expands from a single application to a chain of identities and workflows that must stay aligned across regulated and operational contexts.
Practical implication: map every identity that can initiate, approve, or move assets, including third-party and service identities.
Why custody is not the same as fraud control
Custody controls answer whether assets are held securely, but fraud control asks whether those assets are being moved, accessed, or redirected under legitimate-looking conditions. The two problems overlap but are not interchangeable. A strong custody model can still leave an institution exposed if transaction risk scoring, KYT, approval workflows, or anomaly detection are weak. That distinction matters because many digital-asset failures happen inside valid operational flows, not through obvious perimeter compromise.
Practical implication: treat custody assurance and fraud monitoring as separate control domains with different owners and review cycles.
How licensed third parties change lifecycle governance
When institutions outsource part of digital-asset handling to a licensed third party, the governance problem shifts from direct control to delegated trust. That creates a lifecycle issue: access must be granted, scoped, monitored, and revoked in step with the business relationship. The risk is not just unauthorized use. It is access that remains valid after the relationship, purpose, or operating model has changed. That is a classic lifecycle failure applied to financial infrastructure.
Practical implication: align third-party onboarding, scope reviews, and offboarding to the exact operational role the provider performs.
Threat narrative
Attacker objective: The objective is to exploit legitimate-looking financial workflows so value can be moved, masked, or misused without triggering timely intervention.
- Entry begins when institutions or their partners integrate digital-asset rails, licensed service providers, and custody workflows into production environments that handle value movement continuously.
- Escalation occurs when valid operational access is used inside compliant-looking workflows, allowing fraud or misuse to hide within normal transaction processes rather than obvious compromise.
- Impact follows when weak transaction monitoring, incomplete KYT, or poor governance around delegated access allows assets to be moved, misused, or laundered at scale.
Breaches seen in the wild
- Salesloft OAuth token breach — hackers stole OAuth tokens to access Salesforce data via Salesloft.
- Internet Archive breach — unsecured GitLab authentication tokens exposed 31M Internet Archive accounts.
Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.
NHI Mgmt Group analysis
Digital-asset infrastructure turns identity into a transaction-control problem: once institutions move from experimentation to production, the question is no longer whether the platform can custody assets, but whether every identity in the workflow can be trusted to initiate movement safely. That expands governance beyond user access into service accounts, partner entitlements, approval paths, and monitoring boundaries. Practitioners should treat the transaction itself as an identity-dependent control surface.
Custody assurance and fraud assurance are different control planes: a secure wallet or vault does not prevent fraudulent movement through valid channels. That is the governance gap this episode exposes: institutions can harden storage while leaving value-transfer workflows under-instrumented. The implication is that fraud controls must be designed around transaction behaviour, not just storage security.
Delegated trust creates lifecycle debt: when a licensed third party touches stablecoins or other digital assets on behalf of an institution, the access model outlives the initial onboarding conversation. The real failure mode is not delegation itself, but delegation without disciplined scope review and offboarding. Practitioners should recognise that outsourced asset handling creates lifecycle obligations, not just vendor dependencies.
Digital finance is normalising continuous risk decisions: payments, custody, tokenization, and compliance now operate in a 24/7 environment, which means static control assumptions age quickly. Traditional batch-oriented governance was designed for slower settlement and narrower identity paths. Practitioners should re-evaluate whether their current operating model can continuously authenticate, authorise, and monitor asset movement without relying on end-of-day reconciliation.
From our research:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
- That pattern points toward the need to revisit OWASP NHI Top 10 alongside transaction-heavy identity models as digital finance becomes more autonomous.
What this signals
With 19% of organisations giving AI systems dramatically more access than human employees and financial infrastructure increasingly relying on always-on workflows, the practical boundary between automated operations and governed access is narrowing fast. Teams that still separate application risk from identity risk will miss the point.
Delegated transaction trust: this is the emerging control problem in digital finance, where the real question is not whether a platform can hold assets, but whether the actors that touch those assets can be constrained, monitored, and removed cleanly when the relationship changes. That is where identity programmes will be judged.
For practitioners, the forward signal is clear: digital-asset programmes will need the same discipline that mature NHI programmes already apply to service accounts, lifecycle offboarding, and approval boundaries. The infrastructure may be new, but the governance failure modes are familiar.
For practitioners
- Map transaction-bearing identities Identify every service account, licensed provider, workflow role, and operator that can initiate or approve asset movement, then document the exact action each one can take.
- Separate custody controls from fraud controls Assign different owners to storage assurance, transaction monitoring, KYT, and approval logic so gaps do not hide behind a single control narrative.
- Rebuild third-party offboarding for digital assets Require explicit revocation steps when a provider’s role changes, including access removal, key retirement, and confirmation that no residual transaction paths remain active.
- Instrument 24/7 approval paths Review whether high-value transfers rely on batch-era reconciliation, then replace that assumption with continuous monitoring and exception handling that works outside business hours.
Key takeaways
- Digital-asset infrastructure expands identity governance from login control to transaction control, because value movement now depends on a chain of human, service, and delegated identities.
- The scale of the problem is structural: custody security alone cannot stop fraud when legitimate workflows, third-party access, and continuous rails are the real attack surface.
- Institutions should separate custody, fraud monitoring, and lifecycle governance so that access scope, approval logic, and offboarding are enforced as distinct controls.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Lifecycle and delegated access risks map to NHI credential governance. |
| NIST CSF 2.0 | PR.AC-4 | Asset-moving identities need least-privilege access management and review. |
| NIST Zero Trust (SP 800-207) | PR.AC-1 | Continuous verification fits always-on payment and custody workflows. |
Review third-party and service-account access with NHI-03 and revoke anything no longer tied to active purpose.
Key terms
- Digital-asset custody: The controlled holding and safeguarding of digital assets on behalf of an organisation or customer. In practice, custody includes key management, access separation, approval paths, and recovery processes that determine whether value can be moved safely and under accountable control.
- Transaction monitoring: The continuous review of asset movements, approvals, and behavioural patterns to detect suspicious or non-compliant activity. For digital finance, it is not just a fraud tool. It is an identity-aware control that helps verify whether a transfer matches the authorised operating model.
- Lifecycle offboarding: The process of removing access, retiring credentials, and closing residual paths when a person, service, or provider no longer needs access. In delegated digital-asset models, offboarding must include every entitlement that could still move or influence value.
- Delegated trust: A governance model in which one organisation or actor is allowed to perform actions on behalf of another within defined limits. It is only safe when scope, monitoring, and revocation are explicit, because the delegated party can otherwise outlive the original business purpose.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by SumSub: Building Crypto Infrastructure, Insights from Consensus Miami. Read the original.
Published by the NHIMG editorial team on 2026-05-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
