Research and Innovations in Identity and Access Management: Emerging Paradigms for Financial Services

Abstract

Identity and Access Management has undergone a foundational architecture shift, based on the convergence of artificial intelligence, Zero Trust, and decentralized identity. Perimeter-based identity governance approaches, with static role provisioning and periodic access review, are structurally inadequate for the identity surfaces that modern financial enterprises operate today. Human users, service accounts, APIs, containerized workloads, and autonomous agents require context-sensitive, always-on access controls that run at a speed and granularity that existing access control and identity management technologies cannot accommodate. Seven innovation domains are changing the landscape of access control and identity management. Agentic artificial intelligence shifts access governance from reaction to prediction. Continuous behavioral authentication reduces implicit session trust. Just-in-time privilege reduces time of access to only what is needed to perform a task, while blockchain-anchored decentralized identity enables privacy-preserving credential verification. Machine identity governance extends least-privilege access to non-human identities. Platform convergence unifies fragmented access governance. Compliance frameworks require machine-speed policy enforcement. The financial services sector, with its heavily regulated environment, high-value targets, and desire for frictionless access experiences, serves as an unmatched proving ground for the approaches presented here. Some of the key open research questions are explainability for regulated decision trails, quantum-resistant crypto, privacy-preserving federated learning, and the measurement of return on investment.