Posted: 19 Jul. 2021 4 min. read

Building Trust in Financial Services through Digital Identity Management

There has always been a need for strong identity and access management capabilities in the financial services industry, for obvious reasons. Authenticating the identity and access privileges of direct customers, employees, partners and consumers is the most powerful tool for preventing fraud.

But, with the massive digital transformation caused by the pandemic and work-from-home trend, digital identity management is  more important than ever for many organizations. A recent study of 12 billion financial transactions between January and March of this year found a 159 percent year-on-year increase in bank fraud attacks and a 728 percent increase in phone fraud attacks. 90 percent of all fraud attacks occurred online.

Even before the pandemic, rapid technology evolution was driving banking and capital markets to virtual business models. With the massive acceleration of this trend in the past 15 months, effective digital identity has become a critical competency for establishing and maintaining trust.

Extending Trust

Customer identity has always been at the center of building and enhancing trust for financial services organizations. With the digitization of so many internal processes today, equal vigor may need to be applied to managing identities for employees, contractors, vendors, business partners and even devices. However, managing identities across these groups is fundamentally different from traditional customer identity management.

For example, the steps behind authenticating customers may be significantly different from those authenticating employees, contractors or other people who are closely affiliated with the organizations. For customers, identity is not only focused on ensuring the right people have access to the right resources; it also must factor in the customer experience, which is a critical component to retaining their business. Therefore, organizations need to balance the need to authenticate customer identities with the need to deliver a positive customer experience. For stakeholders closely affiliated with an organization, the steps necessary to authenticate their identities may be quite different, since they may have already been vetted by human resources, or vendor due diligence processes, and the user experience is not as mission-critical as it is with customers.

There is also a greater number of stakeholders in identity management than in years past. What was once the province of IT and cybersecurity, now extends across other organizations in the enterprise, including legal, marketing, compliance and operations. All have a stake in effective identity management. Add to this an increasingly complex risk landscape, and it suggests that organizations may be well served by adopting a broad approach to developing and supporting strong digital identity initiatives. Taking such an approach need not feel overwhelming, however, since advances in machine learning and artificial intelligence (AI) have made it easier to scale identity initiatives by automating many of the routine tasks associated with establishing and authenticating digital identities. Following are five steps to consider when developing a modern identity management program:

  • Create the plan - Organizations can develop and socialize a plan that encompasses a unified vision, strategy and road map for how they can effectively manage the digital identity of their people, devices and “things” attached to the internet. The plan can reflect broad needs across people and devices, as well as unique requirements for each, enabling security and authentication to work seamlessly with access and customer experience.
  • Engage stakeholders - As mentioned earlier, there are many stakeholders for modern identity and access management. It’s no longer just the technology and cybersecurity teams, but also units across the business, including legal, HR, compliance, marketing and various operational groups. Involvement of a broad stakeholder group early in the process can lead to conversations and decisions that prompt nimble adaptation.
  • Identify outcomes - With a focus on business outcomes, organizations can determine where identity management can help, such as improving customer retention or streamlining HR processes. By focusing on outcomes, organizations may be better positioned to define ROI, which is critical to overcoming resource constraints and supporting larger transformation efforts.
  • Prepare for obstacles - The shift necessary to achieve an effective approach to digital identity management is far-reaching, and any identity program can run into challenges from people who may resist aspects of a transformation that could result in their loss of control. A good plan will anticipate these obstacles and provide strategies for overcoming them.
  • Embrace technology - Machine learning and AI can dramatically enhance digital identity capabilities, not only in improving and securing the environment but also by hastening responses to threat indicators. Because these technologies can learn, they can adapt and respond to potential threats often more rapidly than humans can, thereby creating a human-machine collaboration that can add speed and precision to processes.

By taking a comprehensive approach to digital identity management, financial services organizations can effectively manage the risk challenges of expanding digital footprints and rising customer expectations. In doing so, they can build and extend trust in these most challenging times.

 

Return to the Responsible Business home page to discover more insights from our leaders.

Key Contact

Alex Bolante

Alex Bolante

Managing Director | Deloitte & Touche LLP

Alex, a Managing Director at Deloitte & Touche LLP, leads the Customer Identity & Access Management (CIAM) offering for the Cyber Risk Services practice of Deloitte Risk & Financial Advisory. He specializes in helping his clients protect their most valuable assets, build trust with their customers, deliver direct cost savings, and recapture revenue by unlocking the value of digital identity. Alex, a former managing director at another Big Four consulting firm and information security architect at a global systems integrator, brings 20 years of experience advising corporate clients across multiple industries on creating a cyber risk culture and becoming stronger, faster, more innovative, and resilient in the face of persistent cyber threats.

Anish K. Srivastava

Anish K. Srivastava

Deloitte Risk & Financial Advisory

Anish is a Senior Manager in Deloitte Risk & Financial Advisory. He leads the Customer Identity & Access Management (CIAM) Strategic Growth Offering (SGO) initiative across all market segments. In this role, he is responsible for building and expanding CIAM solution offering, across sales and delivery, aligned with Deloitte Advisory 5x25 business strategy and Cyber Risk go to market. For over 20 years, Anish has helped large global clients find creative ways to manage continually shifting information and cybersecurity risks. He’s passionate about helping his clients address cyber threat exposures that arise during business-led digital transformations. His strength lies in his learnings and experience across a broad range of cybersecurity disciplines, acquired through designing, implementing, and working with global clients across industries. Anish works with organizations in every sector to help them protect their enterprises and grow their businesses through strong cybersecurity. Across the different roles and organizations, he managed and led product development and innovation, service delivery, business development, practice building, client relationships, and P&L management.