Ongoing risk monitoring mandates assessment of AI risks and countermeasures, including transparency and robustness of models, alongside cybersecurity and data protection enhancements.

A clear prohibition is issued on using sensitive personal information, such as names and ID numbers, in training and optimizing generative AI models.

Institutions are urged to conduct regular risk assessments, addressing issues like black-box models, AI hallucinations, and algorithmic bias, while strengthening cybersecurity and data protection.

Resource sharing must occur with strict data privacy controls on training generative AI models to protect sensitive information.

A balance between risk control and business development is emphasized, integrating strong data safeguards with responsible AI deployment.

Institutions should build secure, independently controllable AI infrastructure, with larger firms potentially providing compute-power services to smaller peers to enable resource sharing.

China’s financial regulators issued guidelines to promote safe, risk-based, and tiered management of AI development and use across banking and insurance sectors, emphasizing governance, lifecycle oversight, and secure infrastructure.

Institutions must integrate AI risks into comprehensive risk management, employing risk-based classification, tiered controls, high-risk access restrictions, and human oversight at key stages, while strengthening outsourcing and supply-chain safeguards.

Top-level governance and lifecycle management of AI should be established, with oversight of application scenarios and potential shared or self-built secure, efficient intelligent computing infrastructure.

The guidelines encourage industry-wide co-construction and sharing of computing resources to reduce bottlenecks for smaller institutions and promote balanced sector development.

End-to-end oversight of AI applications and continuous improvement of model transparency are required to ensure compliant and traceable algorithmic decision-making.

Guidelines stress data security and personal information protection, with data classification, content filtering, and desensitization to achieve transparent, accountable AI that balances risk with growth.