China's National Financial Regulatory Administration (NFRA) released its first dedicated regulatory framework for the safe development and use of artificial intelligence in the banking and insurance sectors on Thursday. The rules require financial institutions to apply risk-based, tiered management to AI systems and tighten oversight of high-risk applications such as fund trading, credit approval, and underwriting. They aim to curb risks like algorithmic bias, AI hallucinations, and data misuse while guiding the orderly integration of AI into financial services.
The framework directs institutions to establish a framework to manage the full AI lifecycle and build independently controllable, secure computing infrastructure. Large financial firms are encouraged to share computing power with smaller institutions, supporting co-construction and resource sharing across the industry. An NFRA official said the goal is to "effectively prevent and control risks arising from AI applications, promote the high-quality development of digital finance, and guide the healthy and orderly development of AI applications in the financial sector in a manner that is beneficial, safe, and fair."
For finance teams, these requirements place a premium on understanding governance and risk management frameworks for AI for Finance, as regulators set explicit standards for how AI should be adopted and controlled.
High-risk scenarios and human oversight
The guidelines identify high-risk applications for the first time, including fund trading, credit approval, and underwriting and claims settlement. Any AI system used in these areas must be approved by a financial institution's risk management committee and reported to the NFRA. Institutions are required to maintain human oversight and intervention mechanisms at key stages, ensuring critical decisions do not become opaque "black boxes."
"The guidelines mark the NFRA's first dedicated regulatory framework for the safe development and use of artificial intelligence in the banking and insurance sectors," said Dong Ximiao, chief economist at Merchants Union Consumer Finance and executive director of the Shanghai Institution for Finance and Development. "They address the challenge of some financial institutions adopting AI blindly without adequate regulatory guidance, while establishing rules, defining red lines, and setting the direction for AI applications in banking and insurance sectors."
Privacy red lines and computing infrastructure
The rules explicitly prohibit the use of personal information and private data-such as names and identification numbers-for training and optimizing generative AI models. Dong said this prohibition aims "to curb privacy breaches and algorithmic bias at the source." Institutions must strengthen data security, implement content filtering and data desensitization measures, and strictly enforce data classification and protection requirements.
On the infrastructure front, large financial institutions are encouraged to build their own controllable intelligent computing platforms and offer computing-power services to smaller players. This support for co-construction and sharing of computing resources helps ease bottlenecks faced by smaller institutions and promotes more balanced technology adoption across the industry.
Continuous oversight and model transparency
The NFRA requires financial institutions to maintain end-to-end oversight of AI applications and continuously improve model transparency and robustness. Regular assessments of AI-related risks and risk-control measures are mandatory. The regulatory official said institutions should guard against "black-box models, AI hallucinations, and algorithmic discrimination, while strengthening cybersecurity, data security, and customer information protection."
Why this matters for finance professionals
Finance professionals in banking and insurance must now ensure their organizations audit AI systems for bias, embed human sign-offs in high-risk decisions, and enforce strict data privacy protocols. The guidelines make it clear that AI governance is a regulatory requirement, not an optional extra. Leaders who fail to align with these standards risk penalties and reputational harm.
CFOs and senior finance executives need to integrate these AI governance requirements into strategic planning. A structured AI Learning Path for CFOs can help build the capabilities required to oversee safe AI deployment and meet the NFRA's accountability standards.
Your membership also unlocks:
