Macro Trends and Core Challenges of Intelligent Risk Control in the Banking Industry

Since 2000, GDP growth in China has shown a clear downward trend, especially after the 2008 financial crisis, which also reversed the upward momentum of the economy.

Banking, as a sector with relatively complete information disclosure, mirrors this trend. According to KPMG's 2021 China Banking Survey, the year‑over‑year growth rate of banks' asset scale has been declining since 2014.

Combining earlier data shows a positive correlation between banks' total asset growth and GDP growth, while other factors also influence the trend. For example, in 2013—the "year of internet finance"—the emergence of YuEBao caused a massive outflow of deposits from traditional banks, leading to a modest 2.37% asset growth in 2014. The spike in 2009 was driven by the 4 trillion yuan stimulus of 2008.

From 2000 onward, the banking sector can be divided into three stages. Before 2008, corporate clients drove strong economic growth, and banks accelerated this trend. After 2008, with the stimulus funds flowing into the market, the government became the primary client, and competition from internet giants intensified, pushing banks to shift focus toward retail customers around 2017.

Core Pain Points of Bank Intelligent Risk Control

Retail‑oriented business models rely on risk diversification; once a complete retail‑customer operating system is built, scale can increase rapidly and marginal costs decline. However, this brings challenges such as massive loan applications that require a shift from manual review to automated approval, introducing new unknown risks.

Data analysts identify four main pain points:

1. Positioning

The risk department traditionally acts as a brake while the business department acts as an accelerator. If risk KPIs focus solely on non‑performing loan rates, the department tends to tighten controls to minimize its own metrics, ignoring the bank’s broader goal of profit maximization under controllable risk.

2. Organization and Mechanism

Changing positioning must be reflected in action. Aligning risk and business KPIs encourages unified objectives. Embedding risk teams within business lines—using a dual‑reporting mechanism—allows risk to stay independent while being closely integrated with operations.

3. Talent

The strategic shift demands more data‑analysis, statistics, quantitative modeling, and business‑knowledge skills. Risk personnel must understand new business models and assess potential risks, raising the bar for comprehensive talent capabilities.

4. Digital Capability

Digital and intelligent risk control require moving from manual + expert‑rule processes to data‑driven, automated decision‑making. External data acquisition can quickly fill digital gaps, but many banks find that after building sophisticated risk, anti‑fraud, approval, and decision engines, loan volumes still stagnate due to high rejection rates and poor customer experience—issues rooted in the first three pain points.

Intelligent Risk Control Capability Decomposition

A bank’s comprehensive risk management covers credit, market, operational, and other risks, complying with Basel requirements such as risk reports, metrics, stress testing, and capital adequacy.

Current intelligent risk control mainly addresses credit risk (personal loans) and transaction risk. The end‑to‑end personal loan workflow includes identity verification (KYC), anti‑fraud, application, pre‑approval, monitoring, and post‑loan collection.

Fraud risk is the most severe, as it can lead to total loss of a loan, whereas credit risk may be mitigated through monitoring and collection. Fraud can be categorized as:

First‑party fraud (self‑loan fraud) – typically low‑scale, identifiable via external data.

Second‑party fraud (internal collusion) – harder to prevent, requiring strict compliance, permission isolation, higher automation, and regular role rotation.

Third‑party fraud (organized crime) – large‑scale, often involving mass identity theft, synthetic identities, and coordinated loan applications.

Examples include criminal groups stealing identity “four‑piece sets” to open phone numbers and bank cards, then using “card‑nurturing” tactics to apply for large consumer loans or credit cards for cash‑out.

Other fraud vectors involve abusing special loan products, such as bulk subsidized housing fund payments to fabricate loan applications.

Detecting fraud requires multi‑layered screening, unsupervised clustering to spot common features in batch applications, and continuous model updates.

Beyond credit, non‑loan fraud also exists, such as hackers exploiting bank app facial‑recognition vulnerabilities to open secondary accounts.

Industry Main Players

Based on Analysys Nexis 2018 Intelligent Risk Control Report, the following chart lists the emerging service providers in recent years.

Future Outlook

“Commercial banks shall reasonably allocate responsibilities and authority for risk model development, testing, review, monitoring, and termination, ensuring clear division of labor and responsibility. Outsourcing of risk model management is prohibited, and confidentiality must be strengthened.” – Interim Measures for Internet‑Based Loan Management, Article 37

Regulators emphasize that banks must retain autonomous risk‑control capabilities to avoid systemic risk. Simultaneously, personal data protection laws, direct‑connect restrictions, and credit‑information regulations increase compliance pressure on pure‑data service providers.

New marketing regulations also require that financial products and associated fees be offered only by licensed institutions, limiting the “one‑company‑does‑everything” model.

Consequently, data‑service vendors are shifting toward joint‑modeling and consulting, leveraging privacy‑preserving computation to remain compliant. Some are even moving away from risk control toward marketing and customer‑management solutions.

Regulatory pushes for “sleeping‑account” activation (no more than 20% of accounts dormant) create opportunities for “loan‑intention‑recognition” products.

While many small‑to‑mid‑size banks still need risk‑control upgrades, the market size remains large. However, as regulations tighten and the market consolidates, only differentiated players with strong capabilities are likely to survive.

For readers interested in discussing digital transformation, data analysis, banking, consumer finance, risk control, anti‑fraud, or marketing, a WeChat group has been created; please reply with any text in the official account backend to receive the group invitation.