Singapore, November 14, 2025 — In today’s digital economy, embedded finance is emerging as a transformative force, particularly for small and medium-sized businesses (SMBs) in the Asia Pacific region. This innovative approach is expected to unlock over USD 242 billion in business opportunities, with most of the value coming from SMBs.
Embedded finance simplifies transactions by integrating financial services directly into non-financial platforms. The idea is to reduce friction across applications, including payments, lending, investments, insurance, and more. It’s rewriting the rules of the banking and financial services domain by integrating financial products and services into non-financial platforms.
Embedded finance has moved from a niche innovation to a defining force in the future of financial services. The embedded finance industry in the region is currently recording a compound annual growth rate (CAGR) of 28.2%. Revenue is also expected to triple, from USD73.75 billion in 2024 to USD255.49 billion by 2029.
Understanding the Risk
From online retailers providing ‘buy now, pay later’ (BNPL) options to food delivery apps offering personal loans, embedded finance streamlines consumer access to financial processes. Recent innovations, strategic partnerships, and regulatory advancements are propelling growth and enhancing financial inclusion.
But every new integration hinges on third-party entities gaining access to sensitive APIs, systems, and data. This issue shouldn’t be taken lightly; every partner, fintech, aggregator, broker, and service provider is an extension of your customer experience. These entities have extensive access to your personal and financial data. Applying outdated identity models that can’t scale skyrockets the risk of exposing your personal and financial data to bad actors.
Breaches involving third parties doubled in 2025 to reach 30%, increasing 15% from the previous year. The majority of these breaches were linked to credentials compromised by third parties to gain unauthorised access. Furthermore, 30% of breaches were linked to third-party account risks due to security gaps involving unnecessary or excessive access, with an average cost of USD 4.91 million per incident.
Executing a viable embedded finance agenda involves integration with a wide constellation of external entities such as fintech platforms, brokers, advisors, aggregators, service providers, and more. A single point of vulnerability in any part of the ecosystem can expose vast amounts of sensitive customer financial information, leading to identity theft, fraud, and significant financial losses.
Navigating Complexities
While third-party access shares common challenges, these manifest differently across financial services:
- Banking
- Many banks struggle to enforce uniform security and compliance policies across a diverse partner landscape. This results in an inconsistent and exposed access environment.
- Meanwhile, fintechs are embedding payments and account services into third-party platforms at record speed. However, APIs can become vulnerable — and customer data exposed — when access is rushed or inconsistently governed.
- Insurance
- Brokers, managing general agents (MGAs), third-party administrators (TPAs), and benefit providers need access to underwriting portals, policy administration systems, claims platforms, and customer service interfaces. When indirect relationships — like outsourced service providers — enter the picture, the visibility gap widens.
- Wealth management
- One firm may have dozens of advisors spread across geographies, all with varying roles and levels of permission. Legacy identity tools struggle with this model, especially those built for internal workforce use or direct-to-consumer platforms.
- Wealth managers face compliance and audit challenges, particularly when demonstrating role-appropriate access for advisors in regulated jurisdictions.
Modern Solutions for Modern Problems
The reality is that most financial services providers still rely on identity and access management (IAM) solutions that were never built to enable third-party access at scale. This increases the risk of misconfigured permissions or accounts remaining active after contracts end. The simple delegated access capabilities built for workforce IAM do not support complex relationship models across organisational and geographical boundaries. The era of embedded finance requires a mindset shift and a new identity fabric that secures and enables B2B identities.
A converged IAM solution helps increase customer confidence in authorising third-party providers to access their credit or financial information. These solutions provide consistent authentication experiences across multiple apps, with consent and privacy management that align with the latest regulatory requirements.
Reinforcing Security with Identity Fabrics
Modern IAM platforms offer a purpose-built solution for third-party identity, access, and governance. This so-called “identity fabric” approach unifies capabilities traditionally split between workforce IAM and customer IAM (CIAM).
Identity fabrics enable federated identity models that link a user’s identity across multiple separate identity management systems, allowing seamlessly secure movement between systems. This allows third parties to authenticate with their own identity providers.
Further, to navigate stringent compliance requirements and evolving security threats, organisations need dynamic, context-aware access decisions — like policy-based access control (PBAC). A fine-grained authorisation method, PBAC determines a user’s access privileges by assessing attributes such as role, context, data sensitivity, and risk level.
PBAC policies are centrally managed, ensuring consistency across all systems, reducing the risk of human error or outdated controls, while also simplifying monitoring and auditing to support regulatory compliance. PBAC can also be written in plain language by administrators, requiring no coding expertise and resulting in an even more nimble security framework.
As identity stretches beyond the borders of siloed internal or external relationships, the process of user administration needs to move to a system of assigning specific administrative privileges to designated users. Also known as delegated administration, this creates a robust means to delegate and manage administrative capabilities across workloads, reducing the burden on IT teams.
Choosing the right fit
Embedded finance is changing the face of financial services. However, its success depends on solving a challenge many institutions still overlook third-party access. Without the right identity foundation, partnerships stall, risks grow, and regulatory scrutiny intensifies.
It’s a new world where your partners are your front-end and your APIs are your new storefront. Keeping identities safe isn’t just a control point. It’s a competitive advantage.
Attributed to: Jasie Fon, Regional Vice President, Asia, Ping Identity
