KPMG’s Huang Aizhou: From “Comprehensive Restructuring” to “Differentiated Crack the Deadlock” — Financial AI Enters a New Stage of Layered Evolution

Ask AI · How Does the Layered Evolution of Financial AI Affect the Transformation of Small and Medium-Sized Institutions?

Chinanews reporter Zhang Manyou, Beijing

From March 24 to 27, the Boao Forum for Asia was held in Boao, Hainan. In this year’s agenda, “Stepping into the AI Era” has become one of the important topics. Finance, as the core of the modern economy, is in the “deep waters” of this transformation. Right on the eve of the forum, the People’s Bank of China convened its 2026 technology work meeting, clearly stating “deepen integration of industry and technology, and actively and prudently—while ensuring safety and order—promote the application of artificial intelligence in the financial sector,” setting the tone for industry development.

Between innovation and security, how should financial institutions find the right strategic focus? When facing both the efficiency revolution and risk challenges brought by AI, how should the technology foundation and risk management system evolve? In response to these questions, during the Boao Forum, a reporter from The China Business News interviewed Huang Aizhou, Managing Partner in charge of financial technology at KPMG China.

Advancing in Layers to Build a “Stable-Responsive Dual-Mode” Technology Foundation

The China Business News: At the background of the People’s Bank of China’s technology work meeting setting the tone for AI applications in the financial industry as “actively and prudently, safely and in an orderly manner,” where do financial institutions mainly plan to focus their AI strategy this year?

Huang Aizhou: For financial institutions, this tone from the central bank means that the core strategic position of AI applications in the financial sector continues to be upgraded. In this process, given differences in their previous digital transformation foundations and business layouts, AI strategic focus differs across financial institutions of different sizes.

For leading financial institutions, they are expected to continue to leverage advantages in technology, capital, talent, and data, driving the continued deepening of AI applications. Guided by an enterprise-wide AI strategy, they can build full-stack AI technical capabilities and embed AI technology into business process and organizational management logic to achieve comprehensive reconfiguration.

For small and medium-sized financial institutions, in terms of promoting large-scale AI application and strategy-level transformation, the challenges are currently greater. They are reflected not only in insufficient reserves of resources such as funding, technology, and talent, but also in weaknesses in areas such as IT system construction, data governance, and compliance internal controls. They may reduce transformation costs by collaborating with technology companies, integrating third-party APIs, and so on, focusing on upgrading AI applications in specific segments to achieve differentiated development.

Overall, under the overarching tone of “strict regulation,” the security bottom line of the financial industry must be firmly upheld. The full lifecycle management of AI models, data usage rules, and risk disposal procedures are inevitably among the AI strategic priorities of financial institutions. The central bank also proposed coordinating “far, mid, and near” goals and planning and implementing in depth the technology work for the “15th Five-Year Plan” period. It is expected that, as the benchmarking effect of AI transformation by leading financial institutions keeps emerging, the AI transformation strategies of small and medium-sized financial institutions will inevitably follow suit in due course.

The China Business News: The centralized IT architecture of traditional financial institutions seems ill-suited when facing AI’s agile iteration. What kind of technology foundation should financial institutions build so they can both ensure the stability of core systems and flexibly integrate various large models, realizing the “stable-responsive dual-mode”?

Huang Aizhou: AI technology is still developing rapidly. The introduction of new technical capabilities such as heterogeneous computing power, inference gateways, RAG (retrieval-augmented generation) data links, LLMOps (large language model operations and maintenance), and an agent collaboration framework has resulted in the impact on traditional centralized IT architectures showing dynamic updates and increasing complexity. As a result, more and more financial institutions realize that they need to integrate distributed technical capabilities, unify the technology stack, and ensure consistent compliance so they can fully leverage existing technology resources, quickly adapt to the evolution roadmap of large model technology, and avoid risks related to technology becoming outdated or excessive heterogeneity.

In terms of the construction approach, a full-stack, end-to-end enterprise-level digital foundation may be the required option for financial institutions. It emphasizes cloud-native and distributed architectures as the backbone, integrating capabilities of big data and artificial intelligence platforms. Through “multi-platform fusion, multi-technology-stack fusion, and multi-tool fusion,” it connects the full-stack chain from infrastructure, to development platforms, and then to scenario applications, forming an end-to-end workflow covering planning and design, development and testing, integration and release, operations monitoring, operations and maintenance assurance, and disaster recovery drills.

This direction is also highly aligned with regulatory guidance. According to the “Implementation Plan for High-Quality Development of Digital Finance in the Banking and Insurance Industries” released at the end of 2025, relevant entities should comprehensively improve their management capabilities for multi-technology stacks and complex architectures, prudently implement distributed and microservices transformation, optimize service mesh infrastructure, and enhance the productized service capability of basic platform products. They should explore the construction of low-code and no-code development platforms to promote visualization of architecture and development. They should also optimize end-to-end collaborative mechanisms for requirements, R&D, testing, commissioning, and operations to enhance agile delivery capabilities.

From “Use AI Well” to “Manage AI Well”

The China Business News: While AI improves efficiency, it also expands risk exposure. When using AI for anti-fraud, how can we effectively prevent new technical risks caused by AI itself? Are the current response mechanisms keeping up with the pace of risk evolution?

Huang Aizhou: Traditional model risk management frameworks are no longer sufficient to address the new challenges brought by AI. AI risk, especially generative AI, introduces entirely new risk points such as model hallucinations, data poisoning, and algorithm black boxes. Therefore, risk management must be upgraded into a comprehensive system that covers multi-modal data governance, full lifecycle management of multi-source models, comprehensive defense of risks from scenario-side applications, and trusted AI governance.

Specifically, we assist multiple commercial banks in building a risk management system based on “trusted artificial intelligence.” The defenses are mainly constructed from four levels:

First is multi-modal data governance. Build a secure closed-loop system that covers the entire data lifecycle. Based on data classification and tiering, strictly execute safety policies throughout the process to enable proactive defense against data risks.

Second is full lifecycle management of multi-source models. Clearly divide the stages of a model from research and exploration to retirement, and set objective entry and exit standards for each stage. On this basis, conduct comprehensive evaluation of models across four dimensions: technical performance, business effectiveness, cost effectiveness, and safety and compliance, ensuring that the models introduced and used are “safe and controllable.”

Third is comprehensive defense against risks in scenario-side applications. In real business scenarios, AI risks have characteristics such as high concurrency and strong penetration. This requires building a multi-layer defense system. At the environment layer, implement sandbox-based governance and the “least-privilege” networking principle. At the model layer, inject domain knowledge graphs to enable visual tracing of the inference process. At the operations layer, strengthen process standardization and automation to reduce risks from manual intervention. At the defense layer, establish a dynamic security immunity system and continuously optimize model robustness through adversarial drills (i.e., when the system faces changes in input data, noise, interference, or even attacks, it can still maintain stable functionality and reliable performance).

Fourth is forward-looking trusted AI governance. As AI applications move from localized pilots to large-scale deployment, financial institutions urgently need to proactively respond at the organizational level. This includes unifying definitions for AI applications, designing clear AI risk management mechanisms, classifying risks of AI applications and implementing differentiated controls, and establishing dedicated AI model verification plans. The entire system is intended to transform risk management from passive response into proactive immunity.

The China Business News: Data is the foundation of AI. When using AI to unlock the value of data, what shortcomings in data governance do financial institutions commonly face? And what common solution approaches does the industry have for building a high-quality data foundation?

Huang Aizhou: At present, financial institutions generally have four “roadblocks” in data governance. First, multi-source heterogeneous data collaboration is difficult: formats and standards of data sources such as core systems and external APIs differ, making integration difficult. Second, it is difficult to integrate value across institutions: the high-frequency and real-time characteristics of financial data make cross-industry and cross-institution circulation under compliance prerequisites face multiple challenges. Third, internal data circulation and sharing are difficult: data becomes fragmented due to system and departmental silos, making it hard to form a unified and usable knowledge asset. Fourth, it is difficult to convert knowledge across multi-modal data: large amounts of unstructured data such as contracts and reports contain rich business knowledge, but existing governance systems lack a mature framework to transform it into high-value knowledge assets.

Faced with these challenges, leading practices in the industry show characteristics of balancing “systematic” and “engineering” approaches. “Systematic” is reflected in embedding the concept of managing the entire data lifecycle into every link of information systems. “Engineering” is reflected in actively building data intelligent analysis engines and supporting tools to ensure that data processing is traceable and compliant.

A notable trend is that the focus of governance is shifting from “structured data” to “knowledge-type data assets.” Because the output quality of large models highly depends on the input of internal proprietary data, some banks have made the governance of knowledge-type data assets a prerequisite for deploying large models. For example, by finely slicing massive unstructured research and investment reports, they build specialized domain knowledge bases to ensure controllability and traceability of model outputs.

At the level of industry infrastructure, the three categories of pilot trusted data spaces—enterprise, industry, and city—being promoted by the National Data Bureau provide new possibilities for the circulation of financial data. The financial industry, as an intermediary for capital allocation, can play a key bridging role in data circulation. The construction of trusted data spaces aims to address core pain points such as dispersed data sources, high risks of circulation across different subjects, and a large digital divide, and to build a full-process system covering “data aggregation—secure circulation—scenario application,” using technologies such as “blockchain + privacy computing + dynamic usage control.” For example, a technical solution like “federated learning + trusted execution environment” can enable secure collaborative modeling of data from multiple parties while protecting data privacy, injecting higher-quality “live water” into financial AI applications.

（责任编辑：Yang Jingxin 审核：He Shasha 校对：Zhai Jun）