Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Know Your Agent in payments: what the IMF still leaves open


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: The IMF’s first formal note on agentic AI in payments argues for Know Your Agent, but the verification stack it endorses still leaves a human-authentication gap at high-stakes execution, according to Incode. The real control problem is no longer bot identity alone; it is proving the human behind delegated authority when agent actions exceed the original mandate.

NHIMG editorial — based on content published by Incode: What the IMF Got Right About Know Your Agent (And What It Missed)

Questions worth separating out

Q: How should security teams handle delegated authority when AI agents initiate payments?

A: Security teams should treat delegated authority as time-bound and context-bound, not as a permanent license to execute.

Q: Why do AI agents create a different identity problem than ordinary automation?

A: AI agents can decide how to pursue an objective at runtime, which means the identity issue is not just whether they are authenticated.

Q: What breaks when a mandate is reused for higher-risk actions?

A: What breaks is the assumption that the original authorization still describes the current transaction.

Practitioner guidance

  • Separate agent verification from human verification Map which payment and claim flows only prove the bot and mandate, then identify where the human behind delegated authority must be re-checked before completion.
  • Set escalation thresholds for mandate overreach Define the transaction conditions that require fresh approval, such as value jumps, new payees, or action types outside the original authorization scope.
  • Audit for structural versus transactional authorization gaps Review whether your current controls only prove standing authority or also verify the specific action at runtime.

What's in the full article

Incode's full article covers the operational detail this post intentionally leaves for the source:

  • The IMF table and Layer 2 model discussion that frames where mandate verification fits in agentic payments.
  • The specific public-sector recommendation text on verifying both the AI agent's identity and the user's delegated authority.
  • The author’s detailed comparison of KYC's maturity curve and what that implies for Know Your Agent adoption.
  • The original examples that distinguish low-risk delegated actions from high-stakes execution requiring renewed human assurance.

👉 Read Incode's analysis of the IMF's Know Your Agent framework and its human verification gap →

Know Your Agent in payments: what the IMF still leaves open?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Know Your Agent is an incomplete identity model unless it also resolves the human behind delegated action. The IMF gets the architectural separation right, but the standards it cites prove the agent and the mandate, not the living identity behind the authority. For regulated payments, that leaves a control gap at the exact moment a transaction exceeds its original delegation context. Practitioners should treat human re-verification as a distinct governance requirement, not a side effect of agent authentication.

A few things that frame the scale:

  • 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, according to SailPoint research on AI agent behaviour.

A question worth separating out:

Q: Who is accountable when an agent acts outside its intended scope?

A: Accountability should sit with the party that approved the mandate, the party that built the execution rules, and the organisation that allowed the higher-risk action to proceed without re-verification. In regulated environments, that shared responsibility must be explicit before deployment, because dispute handling depends on it.

👉 Read our full editorial: Know Your Agent exposes the human verification gap in payments



   
ReplyQuote
Share: