By Danny de Vreeze, VP of Identity & Access Management at Thales
In a sector built on trust and precision, the banking, financial services, and insurance (BFSI) industry has always understood the gravity of safeguarding identity. From locked vaults and guarded branches to today’s cyber-secure cloud platforms, the industry’s concept of protection has evolved in tandem with customer expectations and digital maturity. Yet, a tipping point is fast approaching – one where the volume, complexity, and strategic value of identity data is forcing institutions to rethink their approach from the ground up.
At the heart of this transformation lies a silent, accelerating surge: identity sprawl. Driven by increasing digital engagement, external partnerships, and evolving workforce needs, the BFSI identity ecosystem is not only growing – it’s fragmenting. Customer identities alone are set to rise by over 70% in the coming year. Simultaneously, third-party identities – from consultants and cloud partners to outsourced vendors – are growing faster than internal workforces. This confluence of pressures is reshaping identity management into both a business enabler and a strategic imperative.
To delve into this issue further, we interviewed 475 IT and security decision makers at BFSI organisations who all reported responsibility for CIAM and third-party IAM processes, and in this article we’ll shed light on the insights uncovered.
The CIAM Shift: From Homegrown to Holistic
Historically, many financial institutions built their customer identity and access management (CIAM) capabilities in-house. These bespoke platforms supported early digital banking experiences and gave institutions control over architecture and process. But the cracks are showing. As customers demand seamless, secure, and sophisticated digital interactions, such as passwordless authentication or real-time identity verification, legacy systems have become a liability.
Maintaining DIY CIAM platforms drains internal resources, struggles to keep pace with compliance regimes, and rarely matches the agility or innovation of specialist providers. It’s no surprise that nearly all organisations shifting to commercial CIAM solutions report a positive return on investment. For BFSI firms, this change is as much about delivering superior customer experiences as it is about futureproofing digital growth.
Third-party Identities: The Next Identity Frontier
While customer identity often dominates headlines, an equally pressing challenge is emerging in the management of third-party access. Partners, contractors, and service providers now play pivotal roles across BFSI operations – but managing their access securely and efficiently remains an Achilles’ heel.
The finance industry is experiencing a divergence between executive vision and operational readiness. C-level leaders overwhelmingly expect third-party identities and the data sources they access to multiply in the coming years. Yet identity teams often lag in recognising this shift, suggesting a need for clearer internal alignment and communication.
The modernisation of third-party identity access is already underway – nearly 90% of firms have prioritised strategies in this area. Notably, the motivations extend beyond security and compliance. BFSI leaders increasingly view identity infrastructure as an enabler of collaboration, agility, and commercial scale. In an industry often perceived as risk-averse, this mindset shift represents a progressive turn.
Complexity, Consolidation, and the Workforce Equation
As identity environments expand, so too does their complexity. BFSI organisations today are juggling multiple identity solutions across customers, employees, and partners – often from different vendors, with varied protocols and overlapping functionality. Unsurprisingly, 89% of respondents to a recent survey expressed a desire to rationalise their identity technology stacks.
The workforce component adds another layer of urgency. Employees are accessing a growing number of apps and data sources – whether via SaaS platforms or AI-driven interfaces – creating new operational and security considerations. Financial firms are leaning into modernisation strategies that emphasise resilience and business continuity. Yet even here, legacy systems and technical debt continue to siphon resources that could otherwise fuel innovation.
Identity as Strategic Infrastructure
It is telling that 90% of BFSI organisations now consider identity security a critical security priority. But beyond risk mitigation, identity is increasingly being recognised as a foundation for transformation. In the digital economy, secure, adaptive identity frameworks are not just enablers of trust – they are catalysts for growth.
Still, the path forward is not without obstacles. Managing identity across disparate user groups and systems presents ongoing challenges, from compliance reporting to efficient licence utilisation. These issues are particularly acute in the insurance sector, where operational friction tends to be more pronounced.
Encouragingly, investment sentiment remains strong. A majority of BFSI organisations plan to increase funding for identity-related initiatives by more than 10% over the next year. The intent is clear: modern, unified identity strategies are no longer a luxury—they’re a necessity for institutions aiming to scale securely and compete effectively.
The Final Word: Building on Trust, Powered by Identity
As BFSI institutions continue to digitise, diversify, and expand, identity will remain a critical thread weaving through every transformation effort. Whether enhancing customer engagement, securing partner ecosystems, or enabling agile workforces, a modern approach to identity is central to unlocking the industry’s next chapter.
Those organisations that treat identity not just as a security requirement but as a strategic asset will be best placed to thrive – operationally, reputationally, and commercially – in the years ahead.
