• Adam Preis, Global Strategist at Ping Identity


• 21.05.2026 10:45 am
#IdentitySecurity #AgenticAI

Financial institutions have been using artificial intelligence (AI) for its predictive and analytical abilities for years. What was once a passive, manually prompted tool is now entering a new phase: agentic AI. AI agents are being deployed across financial functions, autonomously executing transactions, extending credit, and binding policies without human supervision.

The shift from back-end analytics to front-end action is revolutionising the banking industry. But this evolution doesn’t come without risks. If a bank’s agent initiates an unauthorised £50,000 transfer, who is accountable? To thrive, banks must treat their identity fabric as an essential runtime enforcement layer for autonomous banking.

Compliance by design

Financial institutions cannot treat compliance as a tick-box exercise. Regulations like DORA and the FCA’s operational-resilience rules are setting the stage for acceptable AI use. Identity must serve as the operational embodiment of this compliance.

Banks must turn regulatory requirements into automated, enforceable code. By embedding principles like least privilege permissions, just-in-time access, and human-in-the-loop controls, systems can automatically trigger a "four-eyes review" the moment an agent initiates a high-impact action. Oversight must occur at the speed of automation.

Autonomous fraud prevention

A key focus for the FCA and Payment Systems Regulator (PSR) is the growth of Authorised Push Payment (APP) fraud. Static, rules-based fraud triage is too reactive for the agentic era.

Instead, institutions must move toward a continuous, identity-anchored control loop. When a "business-side" agent detects an anomaly, it shouldn't just block the transaction; it should initiate a bilateral check with a customer-owned agent. Through explicit delegation, the bank confirms intent before funds move. This architecture prevents crime through verified, identity-based orchestration rather than detecting it after the fact.

A clearer process for credit underwriting

The credit underwriting process is historically prone to bias and delays, resulting in a fragmented, opaque process. Agentic AI can overcome these hurdles with digital-speed underwriting, but regulators rightly demand explainability and transparency, particularly under the EU AI Act.

With a robust identity framework, a chain of trust can be established so banks can ensure underwriting agents operate within set parameters. For instance, a bank’s underwriting agent can connect with credit bureaus via the Model Context Protocol (MCP), a common language that allows agents to discover and validate one another securely. Through delegated rights, the agent gathers only the data authorised for that specific application, and policy-based access control (PBAC) ensures the decision adheres to internal risk limits and jurisdictional lending rules. Every piece of data shared and each step in the reasoning chain is permanently logged, creating a clear trail of evidence that auditors can rely on.

A unified trust framework for agentic AI

Institutions must move away from point-to-point integrations and embrace a unified identity fabric. This framework must operate as a continuous trust broker, treating every AI agent as an accountable, identifiable entity. Autonomous banking is not merely a technological upgrade; it represents a fundamental change in how banks manage institutional risk.

By ensuring every autonomous decision is continuously evaluated and enforced at runtime, banking leaders can transform compliance from a constraint into an enabler of innovation.