The CIAM Elephant: Transforming Your Customer Identity Strategy and Program into a Profit Center in Financial Services

The six blind men each touch a different part of an elephant and arrive at vastly different conclusions about what it is. This serves as a metaphor for how CIAM has been treated in the past and is getting better with time.

The pace of digital transformation continues to grow exponentially across the financial services landscape. It’s therefore no surprise that industry decision-makers continue to search for enablers of seamless, secure, and scalable customer experiences. In this dynamic environment, Customer Identity and Access Management (CIAM) has emerged as a non-negotiable investment—not only one that helps mitigate fraud and account takeover attacks (ATO) but also one that can materially transform end-to-end customer experiences. 

The CIAM market, projected to be worth $17 billion by 2028¹, reflects an evident trend: customers today prioritize experience as much as any product or service. This explains the rapid ascendancy of challenger and neo-banks and is key to helping them differentiate in the market. Most of all, this explains why progressive financial service providers have quickly embraced the mantra of modern CIAM thinking. Despite this, many financial providers still perceive CIAM as merely a cost—a necessary shield against threats, not an enabler for growth.

This fragmented way of thinking obscures the immense potential of converged CIAM. When approached holistically, CIAM can drive revenue gains, competitive differentiation, and the holy grail of customer loyalty and lifetime value.

To reimagine CIAM as a profit center, we turn to an age-old parable—the story of ‘the six blind men and an elephant.’ Each informed by their perspective, grasps a different part of the elephant, mistaking it for the whole. One feels the leg and declares: "an elephant is like a tree trunk!" Another touches the tail and insists: "No, it's like a rope." They are all partly right, but also all entirely wrong. 

In the financial services world, senior decision-makers can mirror this subjective approach to CIAM deployments:

• The CISO: Focuses on threat detection, prevention, and zero trust security.

• The CTO: Emphasizes scalability, reliability, and IT convergence.

• The CIO: Aims for a unified 360-degree view of the customer's data.

• The CDO: Prioritizes efficiency, automation, and faster time-to-value.

• The CPO: Champions exceptional customer experiences and personalization.

• The CFO: Seeks tangible ROI, cost savings, and long-term value creation.

   

Each perspective is valid, yet incomplete. The true 'elephant' of CIAM emerges only when we combine these perspectives, seeing how a well-rounded strategy benefits security, revenue, innovation, compliance, and the organizations’ bottom line. Only then does CIAM reach its full potential as a powerful profit-making engine.

Let's imagine that an ‘all-seeing' man enters our parable—a leader capable of grasping the elephant in its entirety. This individual—let's say, the CEO or a C-suite champion—understands the multifaceted impact of a holistic CIAM approach. Let's explore essential lessons that unveil the path from CIAM as a cost to a profit center.

1. Understanding the Strategic Value of CIAM

Lesson: Use CIAM as the foundation of your customer experience, not just a security agenda.

Seamless experiences are more important than ever in a quest to differentiate in a tightly contested industry. Strong CIAM fosters trust and builds loyalty. Enhanced onboarding, frictionless authentication across channels, risk-based adaptive access, delegated authorization, self-service, and privacy-driven consent management lead to higher customer satisfaction and retention. CIAM can cater to customer access use cases, including identity proofing/Know Your Customer (KYC) verification, multi-factor authentication, passwordless, and policy-based access management. 

Ping Identity Fact: Ping Identity has helped a large Asia Pacific virtual Banking Institution reduce customer onboarding to just 180 seconds. 

Deloitte Fact: Deloitte has a total of 3000+ dedicated practitioners providing identity services and solutions to clients including 350+ B2B and B2C CIAM professionals.  

2. Leveraging CIAM for Competitive Differentiation 

Lesson: Use CIAM to craft distinct, compelling customer experiences.

Personalized experiences, tailored services, and insights drawn from customer interactions become your standout advantage. Connecting multiple, at times, fragmented first- and third-party identity infrastructures help to build a complete picture of customer needs across each of the channels of engagement. Bringing these into no-code/low-code orchestration helps financial service providers build, test, deploy, and refine access journeys that drive the wider customer experience agenda and investments. These capabilities help financial service providers deliver adaptive authentication experiences across various engagement channels (web, mobile, call center, hybrid brick-and-mortar), personalized authorization at the point of sale and consent, as well as identity verification journeys tailored to customers’ preferences.

Ping Identity Fact: Ping Identity has helped some of their customers increase engagement rates by over 300%.

3. Mitigating Emerging Cybersecurity Risks  

Lesson: Use CIAM to help protect customer data and mission-critical infrastructure. 

The threat landscape continues to grow exponentially. Financial services remain one of the most targeted industries, with fraud, account takeover, and sophisticated authorized push payment (APP) becoming more challenging (and costly) to detect and mitigate. CIAM provides a wide range of capabilities to identify and prevent these attack vectors through dynamic multi-factor authentication, risk-based authentication that leverages both first- and third-party risk signals, passwordless, and policy-based access management. Beyond customer use cases, IAM helps providers identify identity blind spots, and anomalous workforce and third-party provider (TPP) access behaviors to mitigate unauthorized access and thus protect mission-critical infrastructure. 

Ping Identity Fact: Ping Identity has helped a major Asia Pacific bank reduce fraud by 70%.

4. Accelerating Digital Innovation

Lesson: Use CIAM to enable new business models across the open banking, open finance, embedded finance, and Banking-as-a-Service (BaaS) landscape.

Converged CIAM supports application programming interface (API) security and streamlined TPP onboarding, which are vital for safely embedding financial products into non-financial experiences. Imagine your customers seamlessly applying for a loan within a car dealership's app or managing their investments directly on their wealth management platform. CIAM solutions also sit at the core of open banking and open finance deployments in many parts of the world and are proving increasingly critical in driving embedded finance and BaaS projects in more mature markets. Digital innovation lies at the heart of profitability and competitiveness in the financial services industry, as well as sustained return on digital investments over both the medium- and long-term horizon.  

Ping Identity Fact: Ping Identity continues to work with retail banks to help them build and test regulated Open Banking APIs.

Deloitte Fact: Deloitte has over 20+ years of experience providing Identity and Access Management (IAM) solutions and services globally.

5. Enabling Privacy-Driven Trust

Lesson: Use CIAM to turn privacy compliance into a competitive advantage.

The cost of acquiring new customers continues to rise across industries. Financial service providers are now, more than ever, having to invest more time and effort in doing what they can to improve customer loyalty, stickiness, and therefore the ability to increase average product holding and lifetime value. Privacy should no longer be thought of in pure compliance terms, and instead, offers providers the opportunity to develop new privacy experiences that differentiate them from the competition. By giving customers the ability to control who their data is shared (and revoked) with while giving them visibility into how that data is being used, providers can significantly strengthen trust and sustain long-lasting relationships. They can also use CIAM to enable delegated access control within customers' trusted professional and personal circles and use these to build new business models to extend their reach to new markets. 

Ping Identity Fact:  Ping Identity gives their customers the ability to view their privacy settings and consents, putting them in control of their data sharing and delegated authorization.

6. Optimizing Operational Efficiency 

Lesson: Use CIAM to streamline operations and reduce costs.

Operational efficiency and savings are increasingly driving investment decisions across financial services, not least the fintech and techfin segments, as the industry pivots to sustainable profitability. Converged CIAM provides a means to achieve this through self-service, streamlined identity proofing, and verification. This also gives providers full flexibility to deploy across self-managed, hybrid, cloud, and Software as a Service (SaaS) settings. By leveraging no-code/low-code orchestration enabled by out-of-the-box extensibility with thousands of third-party providers (TPPs), providers are also able to significantly reduce their time-to-value. Reducing the need for customers to contact call centers, streamlining their experiences when they do, and accelerating digital agility, the efficiencies that CIAM drives are becoming an increasingly important purchasing consideration.

Ping Identity Fact: Ping Identity helped a large European financial institution reduce its customers’ security-related call center volumes by 45%.

7. Building Ecosystems and Partnerships

Lesson: Use CIAM to securely expand the third-party ecosystem.

To deliver innovative customer experiences across the channels of engagement, financial service providers are becoming increasingly interdependent with a wide array of financial infrastructure providers, fintechs, and embedded finance TPPs across multiple verticals. The ability to securely expand and scale the ecosystem through an API-first mindset is a key driver for becoming more competitive. CIAM plays a key role in enabling rapid ecosystem expansion, secure TPP access, transactional authorization, and open banking consent flows. Ecosystems and alliances are critical to driving new business models across the industry.

Ping Identity Fact: Ping has helped a UK wealth management provider reduce the time taken to implement their Open Banking deployment by 60%.

Deloitte Fact:  Deloitte has invested in strategic alliances and marketplace business relationships with leading CIAM technology vendors to bring the best to their clients.

8. Investing in Scalable CIAM Solutions 

Lesson: Use CIAM to support your expansion at scale.

Securely growing the third-party ecosystem and delivering multi-channel hyper-personalization are critical for financial service providers, but only if these can scale effectively. This is precisely why leading providers in the industry set the bar high for their digital performance expectations. CIAM is purpose-built to scale across deployment settings, millions of identities, and thousands of concurrent identity transactions. Performance and resiliency are critical functions of seamless experiences increasingly delivered across multiple geographical, regulatory, and organizational boundaries. 

Ping Identity Fact: Ping helps the world’s largest international bank manage 40 million authentications every day.

Deloitte Fact: Deloitte has delivered over 90 CIAM projects in the past two years for clients across the industry.  

9. Cultivating a Culture of Continuous Improvement

Lesson: Use CIAM to drive agile digital transformation

Being able to deliver sustainable, continuous integration and continuous deployment (CI-CD) across the end-to-end customer journey in the financial services industry is largely a function of digital agility. While agility has become an all-encompassing term, converged CIAM defines this as the ability to build, test, deploy, and iterate customer journeys through no-code/low-code orchestration tooling. Not only does this reduce reliance on highly specialized (and frequently, scarce) engineering resources, but also gives financial service providers the ability to get instant access to thousands of biometric, risk management, identity proofing, and strong customer authentication (SCA) third-party capabilities. By having access to journey analytics, those very providers can monitor customer traffic and engagement while identifying areas of good practice and opportunities for continuous iteration.

Ping Identity Fact: Ping Identity helped a major Asia Pacific bank reduce their customer onboarding from three days to just three minutes.

The financial services industry is increasing its investments in converged CIAM to help strengthen security, mitigate risks, and achieve compliance, while at the same time, delivering seamless and scalable customer experiences that drive revenue and harness opportunities to differentiate. By bringing together multiple decision-making perspectives into a holistic CIAM strategy, your converged digital identity investments can maximize returns today and help prepare for the future.

¹Report “Consumer IAM Market by Offering, Solution, Services, Deployment Mode, Vertical and Region – Global Forecast to 2028” by Markets and Markets. Published August 2023. Report Code – TC 5165

This document contains general information only and Deloitte is not, by means of this document, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this document.

All product names mentioned in this document are the trademarks or registered trademarks of their respective owners and are mentioned for identification purposes only. Deloitte is not responsible for the functionality or technology related to the Vendor or other systems or technologies as defined in this document.

As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.