In-Depth Analysis of Credit Management Vulnerabilities and Structural Defects in the Risk Control System of Postal Savings Bank of China (PSBC)

Based on collected regulatory data and in-depth analysis, I will systematically sort out the structural defects in the risk control system reflected by the credit management vulnerabilities of Postal Savings Bank of China (PSBC).

---

According to administrative penalty data from the State Administration of Financial Regulation and statistics from Qichuang Yujingtong, Postal Savings Bank of China (PSBC) received a total of

in 2025, with a total fine and confiscation amount of , including 96 penalties imposed on institutions and 125 on individuals, with an average penalty amount of RMB 0.5498 million [1][2]. The largest single penalty was a total fine and confiscation of at the end of September 2025 for “imprudent management of related loan business, internet loan business, performance assessment, cooperative business, etc.” [1][2].

Time	Penalty Recipient	Fine Amount	Major Violations
September 2025	Head Office	RMB 27.9167 million	Imprudent management of loan business, internet loans, performance assessment, and cooperative business
December 2025	Credit Card Center	RMB 3.0 million	Inadequate internal control system and imprudent credit management
June-July 2025	Hebei Branch	RMB 2.21 million	Violations of account management and anti-money laundering regulations
June-July 2025	Hainan Branch	RMB 1.87 million	Illegal retention of fiscal deposits or funds
March 2025	Chongqing Branch	RMB 2.60 million	Negligent performance of the “three checks” for loans and fictitious scale inflation
August 2025	Jinhua Sub-branch, Zhejiang	RMB 1.90 million	Inadequate performance of the “three checks” for loans

---

Although PSBC has established a risk management system with the “three lines of defense”, there is a clear disconnect in its actual operation:

: Business management departments, first-tier sub-branches, second-tier sub-branches, and agency financial institutions bear the primary responsibility for risk prevention and control. However, in actual implementation, serious loopholes have emerged in links such as pre-loan investigation, in-loan examination, and post-loan management. “Negligent performance of the three checks for loans” has become a high-frequency violation reason, indicating that front-line business departments have failed to effectively fulfill their primary responsibility for risk prevention and control [2][3].

: Risk management departments and internal control and compliance departments are responsible for the coordination, supervision, and review of internal risk control. However, judging from issues such as imprudent management of cooperative business and imprudent performance assessment reflected in the penalties, the second line of defense lacks independence and authority, and has failed to effectively play a check-and-balance role [3].

: The supervision of audit departments and discipline inspection departments is time-lagged, and violations are often only discovered during regulatory inspections, indicating that the early warning function of internal audit has not been fully utilized.

PSBC’s credit business management shows a prominent feature of

:

: Institutions such as the Henan Branch have issues such as “illegally relaxing review requirements for borrowers’ repayment ability and the authenticity of down payments”, indicating that customer access standards are not strictly enforced, resulting in the phenomenon of “issuing loans to high-risk borrowers” [1]. Pre-loan investigations are a mere formality and fail to effectively identify customer risks.

: The frequent occurrence of “embezzlement of loan funds” indicates that there are loopholes in the post-disbursement fund monitoring mechanism, which fails to effectively restrict the use of credit funds. Some branches have failed to strictly implement entrusted payment regulations, leading to uncontrolled fund flows.

: “Inaccurate classification of credit assets” reflects lax post-loan management and delayed risk early warning. PSBC’s 2025 interim report shows that the migration rate of substandard loans has increased to , surging by in just one and a half years, while the migration rate of doubtful loans remains at a high level of , hiding the risk of a concentrated outbreak [4].

: The head office was penalized for “imprudent performance assessment management”, indicating that under the pressure of business expansion, the assessment system overemphasizes scale indicators and ignores the weight of risk and compliance, leading grassroots institutions to “prioritize performance over risk control” [1][2].

: Multiple penalties involve “inadequate employee behavior management”. Some employees have participated in illegal operations, such as the verdict of the bribery case of former senior manager Zhang Jun at the end of 2024 and the investigation of Zhang Xuesong, Party Secretary of the Hubei Branch. Corruption issues among senior executives highlight governance defects [4].

: Grassroots institutions lack sufficient compliance training, and employees have a poor understanding of regulatory requirements and fail to strictly implement them, resulting in repeated violations.

Although PSBC’s investment in information technology reached

in 2024, the efficiency of transforming technical investment into compliance control is insufficient:

: The issue of inaccurate EAST (Enhanced Analysis and Surveillance Technology) data submission was pointed out by regulators. Data quality directly affects the effectiveness of risk measurement models [5]. There is a clear gap between information technology investment and compliance management effectiveness.

: Internet loan business has developed rapidly, but there are shortcomings in risk models, data governance, and cooperative institution management. “Imprudent management of internet loan business” has become one of the main violation reasons [1][2].

: Some key risk control links have not achieved rigid system constraints, leaving large room for manual operations, which increases operational risks.

: PSBC has nearly 40,000 business outlets, and outsourcing models are widely used in retail business. However, the compliance boundaries of models such as marketing outsourcing have not been effectively controlled. The Credit Card Center was penalized for “illegal outsourcing of card-issuing marketing business”, indicating institutional loopholes in outsourcing management [5].

: The issue of “imprudent management of cooperative institutions” is prevalent in the consumer finance sector. Failure to effectively screen and manage cooperative institutions has led to risk transmission through cooperative channels.

: There is a lack of effective means to penetrate the substantive risks of outsourcing and cooperative businesses, making it difficult to transmit compliance standards to grassroots terminals.

: As of the end of September 2025, PSBC’s total assets reached , an increase of compared to the end of 2020. However, its compliance management capability has not improved synchronously, resulting in a situation of “large in scale but weak in strength” [5].

: With nearly 40,000 business outlets covering urban and rural areas, regional economic differences and diverse customer structures put forward higher requirements for standardized compliance management. However, from the distribution of penalties, violations have occurred in institutions at all levels, indicating that regional management standards are not fully unified [5].

: The credit card business has expanded rapidly. As of the 2025 interim report, credit card receivables reached , an increase of compared to 2020. However, the non-performing rate shows irregular fluctuations, reflecting the contradiction between rapid business development and the stability of risk control [5].

---

PSBC was transformed from postal savings. It has extensive outlet coverage and a large customer base, but its risk management foundation is relatively weak. While the huge physical network brings business growth, it also increases management difficulty, forming a pattern of “large scale but scattered control”.

From April 2022 to January 2025, the position of chairman was vacant for a long time, and President Liu Jianjun performed the relevant duties on an acting basis, which violated the regulation that acting duties should not exceed 6 months. The long-term vacancy of the top leadership has affected overall operational efficiency and the effective operation of the risk management system [4].

Against the backdrop of continuous narrowing of industry interest margins and weakening credit demand, PSBC is under pressure to grow its performance, which may lead it to favor aggressive expansion in the balance between risk and return, ignoring compliance bottom lines.

---

Strengthen the independence and effectiveness of the “three lines of defense”, clarify the responsibility boundaries and accountability mechanisms of each line of defense, and ensure mutual checks and balances in risk control.

Restructure the end-to-end control system for credit business, strengthen rigid constraints on pre-loan access, improve the in-loan fund monitoring mechanism, and establish a closed-loop post-loan risk early warning system.

Optimize the performance assessment system and increase the weight of risk and compliance indicators; strengthen employee behavior management and establish an abnormal behavior monitoring mechanism; cultivate a compliance culture and enhance the compliance awareness of all employees.

Increase investment in risk control technology, improve data governance, optimize risk measurement models, and achieve rigid system control in key links.

Establish a name list management mechanism for outsourcing and cooperative institutions, formulate strict access standards and assessment methods, and ensure that compliance standards penetrate to grassroots institutions.

---

The frequent occurrence of credit management vulnerabilities at PSBC is not an accidental event, but a concentrated manifestation of structural defects in its risk control system. Shortcomings exist in all links, from governance structure to process control, from personnel management to technical systems, and from incentive and restraint mechanisms to cooperative institution management. The formation of this systemic defect is influenced by both historical path dependence and the superposition of management changes and performance pressure.

As the institution with the widest outlet coverage among the six major state-owned banks, PSBC’s risk control system construction has industry demonstration significance. The arrival of the new chairman Zheng Guoyu (with work experience in Bank of China, Industrial and Commercial Bank of China, and China Post Group, and having served as chief compliance officer) and the transferred president Lu Wei from China CITIC Bank in 2025 has brought new governance concepts and development perspectives to PSBC [2]. Against the backdrop of stricter regulation, PSBC urgently needs to achieve a fundamental transformation from “passively coping with regulation” to “proactively building internal compliance” in order to restore market trust and achieve high-quality development.

---

[1] Xinhua Daily Network - “Postal Savings Bank of China Receives a "Sky-High" Penalty of RMB 27.91 Million for Imprudent Loan Business Management, Etc.” (https://www.xhby.net/content/s68dde8c1e4b0197fae4867ca.html)

[2] Tencent News - “Postal Savings Bank of China Penalized Again! 221 Penalties in 2025, the "Giant Elephant" Struggles to Transform” (https://news.qq.com/rain/a/20260112A06OEB00)

[3] Postal Savings Bank of China 2024 Interim Report - Risk Management Chapter (https://www.psbc.com/cn/gyyc/tzzgx/gsgg/hggg/202409/P020240913268774215564.pdf)

[4] Zhihu Column - “Behind PSBC’s RMB 27 Million Penalty: Frequent Internal Control Issues, Non-Performing Scale Exceeds RMB 87 Billion” (https://zhuanlan.zhihu.com/p/1960724821156558656)

[5] Sina Finance - “RMB 3 Million Penalty Serves as a Warning: PSBC’s Dilemma Between Expansion and Compliance” (https://finance.sina.com.cn/tech/roll/2025-12-26/doc-inhecipr0896783.shtml)