Delegated access to financial accounts

Overview

Banks, credit unions, and wealth providers can let customers delegate controlled account access to an adviser or support person using Verifiable Credentials.

Why it matters

Delegated access is common but often difficult to audit and revoke. Verifiable Credentials provide clear, portable proof of authority, scope, and expiry.

Ecosystem roles

• Issuer: The account provider and relevant regulator.
• Holder: The delegated agent or adviser.
• Verifier: Service channels and account systems that enforce access decisions.

Assurance and lifecycle

Delegation credentials should include explicit scope, duration, and status checks so access can be updated or revoked quickly when circumstances change.

flowchart LR
    CUST@{icon: "fa:user", label: "Customer", pos: "b"} -->|Approves delegation| BANK@{icon: "fa:building-columns", label: "Account provider", pos: "b"}
    BANK -->|Issues delegation VC| WAL@{icon: "fa:wallet", label: "Agent wallet", pos: "b"}
    REG@{icon: "fa:scale-balanced", label: "Regulator", pos: "b"} -->|Issues licence VC| WAL
    WAL -->|Present delegation + licence| VER@{icon: "fa:id-badge", label: "Service channel", pos: "b"}
    VER -->|Check issuer, scope, status| TR@{icon: "fa:book", label: "Trust registry", pos: "b"}
    VER -->|Grant constrained access| ACC@{icon: "fa:file-contract", label: "Account platform", pos: "b"}

sequenceDiagram
    participant Customer
    participant Provider as Account provider
    participant Regulator
    participant Wallet as Agent wallet
    participant Verifier as Service channel
    participant Registry as Trust registry

    Customer->>Provider: Approve delegated account access
    Provider-->>Wallet: Issue delegation VC (scope + expiry)
    Regulator-->>Wallet: Issue licence VC
    Wallet->>Verifier: Present credentials for account action
    Verifier->>Registry: Validate issuer, scope, and status
    Registry-->>Verifier: Valid
    Verifier-->>Wallet: Access granted within policy