The UK financial system is experiencing a fundamental shift in how credit flows through its economy, with nonbank financial institutions steadily expanding their footprint. Recent data reveals that nonbank financial institutions' share of global financial assets has risen dramatically from 43% in 2008 to 49% in 2023 [1]. This substantial growth represents more than just a change in market share—it signals a structural transformation in the financial environment with profound implications for systemic risk and financial stability.
As traditional banks face increasingly stringent macroprudential policies implemented since the Global Financial Crisis, their lending capacity has tightened considerably. This regulatory pressure has created a vacuum that nonbank lenders have eagerly filled, stepping in to meet funding shortfalls across various sectors. The growth of nonbank lending partly reflects these macroprudential policies, which often tighten banks' balance sheet constraints, reducing their lending capacity, and allowing nonbanks to step in to fill the resulting funding gaps [1]. This shift raises significant financial stability concerns as more credit flows through less regulated segments of the financial system, potentially creating new vulnerabilities that traditional regulatory frameworks may not adequately address.
The scale of this transformation is particularly concerning in the UK, where non-bank financial institutions held assets worth approximately £14.6 trillion in 2022, accounting for 46% of the UK's domestic financial assets [6]. This concentration of financial power outside the traditional banking sector raises critical questions about the adequacy of existing regulatory frameworks to monitor and mitigate emerging systemic risks.
The Bank of England has identified several specific vulnerabilities within the shadow banking sector that could amplify systemic risks. These include excessive leverage among nonbank financial institutions, liquidity mismatches, and the potential for rapid asset sell-offs during periods of market stress. For instance, in November 2024, hedge funds' net borrowing in gilt repo markets reached approximately £45 billion, surpassing pre-COVID-19 levels [7]. Such high levels of leverage can lead to disorderly asset sales, potentially destabilizing the broader financial system.
What specific vulnerabilities make nonbank lenders particularly susceptible to systemic risks? The asset-based finance market, which includes receivables financing, equipment leasing, and litigation finance, is projected to grow from $5 trillion to nearly $8 trillion in the next three years [13]. This rapid expansion, combined with fragmented risk management systems, creates dangerous blind spots across credit, operational, and cyber risks, preventing holistic threat assessment.
The convergence of expanding nonbank lending and escalating cyber threats creates a particularly dangerous systemic risk scenario for the UK financial system. The UK's National Cyber Security Centre (NCSC) reported handling 1,957 cyberattack reports in 2024, a significant increase from the previous year. Of these, 89 were nationally significant, with 12 classified as severe—a threefold increase from 2023 [23]. This escalation demonstrates the growing sophistication and frequency of cyber threats targeting financial institutions.
The financial impact of these attacks is profound. IBM's 2024 Cost of Data Breach Report estimates the average cost of a data breach in the financial sector at nearly $5 million, excluding regulatory fines [23]. For nonbank lenders, whose business models rely heavily on trust and reputation, such attacks can be particularly devastating, potentially threatening both business continuity and client trust.
Recent reports indicate that the UK banking industry is under constant cyber-attack, with potential breaches capable of disrupting the entire financial industry within hours. Such attacks could cause millions of direct debits to fail, leaving rents, mortgages, and wages unpaid [2]. The severity of this threat is underscored by the Bank of England governor's identification of cybersecurity as a constantly evolving threat.
The interconnectedness between shadow banks and traditional financial institutions further complicates the risk environment. The collapse of Archegos Capital Management in 2021 serves as a stark reminder of how failures within the shadow banking sector can have cascading effects on regulated banks and the financial system at large [8]. This incident resulted in over $10 billion in losses for major banks, demonstrating how cyber vulnerabilities in nonbank entities can quickly transform into systemic financial stability issues.
Nonbank lenders often lack the robust cybersecurity infrastructure of traditional banks, which are allocating substantial resources to cybersecurity—expected to reach 11% of IT budgets by 2025, with this budget expected to reach $290 billion globally [2]. This disparity creates potential weak points in the financial system that could be exploited to trigger broader instability.
A 2024 survey revealed that 59% of UK financial services firms experienced ransomware attacks in the past 12 months. Nearly half of these firms cited legal fines and reputational damage as primary consequences of such breaches [14]. Recent retail cyberattacks in the UK demonstrate how these threats can filter down to affect customers directly. When hackers targeted Marks & Spencer, customers were unable to order from their website for over six weeks. Similarly, a cyberattack on Co-op led to empty shelves in some stores [21].
"With the rise in financial fraud, AI is being utilized to enhance security without slowing transactions. AI-driven models have significantly increased processing speed, streamlining decision-making and boosting customer satisfaction," notes a recent industry analysis on cybersecurity trends in lending [15].
In response to rising cyber threats, the UK government introduced the Cyber Security and Resilience Bill in July 2024. This legislation aims to strengthen the UK's cyber defences and resilience, ensuring that critical infrastructure and digital services are secure [24]. The bill represents a comprehensive approach to addressing cybersecurity vulnerabilities across critical sectors, including financial services.
The Financial Conduct Authority (FCA) has also emphasized the importance of robust cybersecurity measures. In February 2025, the FCA highlighted that the UK non-bank finance sector manages approximately £14.3 trillion in assets and continues to grow. The FCA noted that while the sector's use of leverage can help boost returns, enhance efficiency, and manage risks, when it is concentrated or crowded, leverage can become a vulnerability and source of systemic risk [25].
This regulatory asymmetry creates a paradoxical situation: policies intended to strengthen the financial system may be undermining it by pushing credit creation into areas where risks can accumulate undetected. The challenge for policymakers is to develop frameworks that maintain financial innovation while ensuring appropriate risk management across all lending channels.
In July 2024, a senior Bank of England regulator explicitly called for more reforms to tackle shadow banking's "hidden leverage," highlighting that existing measures have not gone far enough to address the systemic risks posed by nonbank financial institutions [11]. This regulatory push aims to enhance transparency and stability in the nonbank sector without unduly constraining its ability to provide credit to the economy.
The European Banking Authority (EBA) has highlighted substantial data deficiencies, or "black holes," in the non-bank financial sector, suggesting that mandatory disclosures may be necessary to identify and mitigate potential risks effectively [9]. These information gaps make it difficult to accurately assess the true extent of systemic risk exposure.
As nonbank lenders face dual pressures from credit risk and cybersecurity threats, operational resilience becomes paramount. Leading financial institutions are already recognizing that these risks cannot be managed in isolation—they require integrated approaches that span both financial and technological domains.
ANZ Banking Group exemplifies this trend, having recently moved its entire non-financial risk portfolio to ServiceNow to strengthen operational resilience across its enterprise technology stack. This comprehensive approach involves consolidating risk monitoring across 16 key risk domains and mapping 43,000 supporting resources, including vendors, facilities, teams, and applications [3].
The move was driven by the Australian Prudential Regulation Authority's new prudential standard CPS 230, which takes effect on July 1, 2025. This regulatory development signals a growing recognition among financial authorities worldwide that operational resilience requires integrated risk management frameworks that can address interconnected threats.
For nonbank lenders, building similar capabilities is essential but challenging. Many operate with leaner resources and less mature risk management frameworks than traditional banks. However, the integration of advanced loan management systems can provide a foundation for comprehensive risk management that spans both credit and operational domains.
These systems serve as the central infrastructure for monitoring exposures, implementing controls, and ensuring compliance across multiple risk categories. By consolidating risk data and providing real-time visibility across portfolios, they enable nonbank lenders to identify emerging threats before they escalate into systemic issues.
Innovative companies in the lending space are demonstrating the value of this integrated approach. Hokodo, a B2B lending platform, has automated its credit decision processes to reduce complexity and improve decision accuracy across multiple geographies. "The automation of our credit decisions has been a core value proposition for us since day one," says Nicolas from Hokodo [17]. By integrating high-quality alternative data sources with internally developed risk models, the company established an automated risk-scoring process that efficiently manages risk assessments while allowing human intervention for higher-risk decisions.
Similarly, Tranch has implemented an automated approach that accelerates decision-making while allowing manual reviews when needed. "Our approach to automation allows us to bring speed to a decision but also gives us the opportunity to have human intervention in the process when needed," explains Philip from Tranch [17]. This balanced strategy enables rapid decisions without compromising assessment quality, ensuring a responsive customer experience while maintaining risk control.
Advanced AI and machine learning technologies offer powerful tools for identifying and mitigating systemic risks in nonbank lending. The financial services sector is rapidly adopting these technologies, with 85% of firms leveraging AI across multiple areas by 2025 [4]. This integration is transforming loan management systems and underwriting processes in ways that could significantly enhance the stability of nonbank lending.
The widespread adoption of AI in financial services represents a potential game-changer for risk management. By analyzing vast datasets and identifying subtle patterns that might escape human analysts, AI-powered loan management systems can provide early warning of emerging risks. This capability enables more precise calibration of lending standards to maintain credit quality even as lending volumes grow.
For nonbank lenders, AI-driven risk assessment offers particular advantages in addressing their unique challenges. These institutions often specialize in lending to segments underserved by traditional banks, which requires sophisticated risk assessment capabilities to accurately price credit risk. AI systems can enhance these capabilities by incorporating alternative data sources and identifying complex risk factors that traditional models might miss.
Recent advancements in AI applications for lending include frameworks combining quantum deep learning techniques with adaptive modeling for credit risk assessment. These hybrid quantum-classical models aim to improve the accuracy and efficiency of evaluating credit risk [18]. Financial institutions are increasingly adopting AI to enhance underwriting processes, with AI systems analyzing vast datasets to assess creditworthiness, leading to faster and more accurate loan approvals. For example, J.P. Morgan implemented AI-assisted solutions that reduced transaction rejections by 15-20% [15].
Large language models (LLMs) are being integrated into cross-asset risk management frameworks to facilitate real-time monitoring of equity, fixed income, and currency markets, enhancing decision-making processes [15]. This application of AI is particularly valuable for nonbank lenders that may have exposures across multiple asset classes, providing a more holistic view of risk that can help prevent systemic issues from developing.
How are regulators addressing the growing complexity of nonbank lending operations? The rise of Regulatory Technology (RegTech) is streamlining compliance and risk management processes. RegTech solutions automate compliance tasks, ensuring adherence to regulatory standards and enhancing operational efficiency [16]. These technologies are becoming increasingly important as regulatory requirements grow more complex and the consequences of non-compliance become more severe.
The growth of nonbank lending has significant cross-border dimensions, with syndicated loans and other forms of international credit increasingly flowing through nonbank channels. Analysis of syndicated loan data from Dealogic covering 2000–2019 tracks nearly the entire global market for syndicated corporate loans, a key component of cross-border debt finance [1]. This international dimension adds complexity to systemic risk management, as exposures cross jurisdictional boundaries and may be subject to different regulatory regimes.
The cross-border nature of nonbank lending creates potential blind spots where risks can accumulate undetected, particularly when lending involves multiple jurisdictions with varying levels of transparency and oversight. This complexity makes it challenging for regulators to maintain a comprehensive view of systemic exposures and potential contagion channels.
For nonbank lenders operating across borders, managing these complex exposures requires sophisticated systems capable of tracking international exposures and applying consistent risk management standards across jurisdictions. Loan management platforms that can integrate data from multiple sources and provide consolidated views of cross-border exposures become essential tools for mitigating these complex, boundary-spanning risks.
The international dimension also creates challenges for coordinating regulatory responses to emerging risks. Different jurisdictions may have varying approaches to regulating nonbank lending, creating opportunities for regulatory arbitrage and potential gaps in oversight. Addressing these challenges requires both enhanced international coordination among regulators and more robust internal risk management capabilities within nonbank lenders themselves.
Open banking and API integration are making financial institutions more interconnected, improving the speed and accuracy of credit decisions, and allowing for more personalized and flexible solutions to borrowers [19]. This interconnectedness, while beneficial for efficiency, also increases the potential for cross-border contagion if risks are not properly managed.
On June 12, 2025, Carlyle Group partnered with Citigroup to provide asset-backed financing to fintech lenders. This collaboration aims to capitalize on the growing demand for scalable funding solutions in the fintech sector [13]. Such cross-border partnerships highlight both the opportunities and complexities of international nonbank lending, requiring sophisticated risk management approaches to ensure stability.
Creating a stable and resilient nonbank lending sector requires a multi-faceted approach combining regulatory oversight, industry best practices, and technological infrastructure. Integrated loan management systems serve as the foundation for this ecosystem, providing the tools and capabilities necessary to manage complex risks while maintaining the agility and market responsiveness that are hallmarks of nonbank lending.
The banking sector is expected to significantly enhance productivity and profitability through accelerated digitalization, driven by AI advancements and substantial investments in digital infrastructures. This transformation is anticipated to manifest through cost reductions, improved customer experiences, and the creation of new revenue streams [5]. Nonbank lenders can leverage similar digital transformations to build institutional-grade risk management capabilities that previously were only available to large banks.
The loan origination software market is projected to surpass $11.44 billion by 2032, with large enterprises leading this transformation by investing in AI-driven solutions to enhance credit scoring models and reduce default risks [20]. This growth reflects the increasing recognition of the value of integrated loan management systems in addressing the complex challenges facing nonbank lenders.
As of 2024, U.S. banks' loans to nonbank financial institutions have surpassed $1 trillion, more than doubling since 2019 and accounting for approximately 8% of total loans. This surge reflects a significant shift in corporate lending strategies, with banks reducing direct commercial and industrial loans while increasing lending to nonbank financial institutions [22]. Such interconnectedness between traditional banks and less-regulated entities could amplify financial instability during economic downturns.
kennek's end-to-end credit platform exemplifies this approach, combining automation, real-time data, and flexible API infrastructure to streamline every stage of the lending lifecycle. By integrating origination, servicing, and monitoring functions within a single platform, such systems eliminate the fragmentation that often creates blind spots in risk management.
For nonbank lenders facing the dual challenges of credit risk and cybersecurity threats, kennek's platform provides several critical capabilities. It enables real-time monitoring of portfolio performance, allowing lenders to identify emerging risks before they escalate. The platform automates compliance processes, reducing the operational burden of regulatory requirements while ensuring consistent application of risk controls. Additionally, it provides the data infrastructure necessary to implement advanced analytics and AI-driven risk assessment, helping nonbank lenders meet the increasingly stringent requirements of UK regulators.
kennek's platform is particularly valuable for lenders managing complex deal structures with manual tools. By providing a unified workflow that supports various lending structures and asset classes, it eliminates the need for multiple disconnected systems. This integration is crucial for maintaining compliance across jurisdictions, as the platform can automatically apply the appropriate regulatory requirements based on the geographical scope of each lending relationship.
Despite concerns about systemic risk, some industry experts argue that private credit, a component of shadow banking, does not inherently threaten the banking sector. Jiří Król, Global Head of the Alternative Credit Council, emphasizes that private credit funds typically employ conservative leverage and invest in higher-quality assets, thereby enhancing financial resilience by shifting risk from banks to diversified fund portfolios managed by experienced teams [10]. Platforms like kennek can help these funds demonstrate their risk management capabilities to regulators and investors, supporting this positive contribution to financial stability.
The private credit market has seen significant growth, with firms diversifying into asset-based lending strategies including receivables financing, equipment leasing, and litigation finance [13]. This diversification creates both opportunities and challenges for nonbank lenders, requiring sophisticated systems to manage the unique risks associated with each asset class.
As kennek's platform demonstrates, the technology now exists to combine the agility and innovation of nonbank lending with the robust risk management traditionally associated with regulated banks. By adopting these technologies and embracing comprehensive approaches to risk management, nonbank lenders can build a more resilient ecosystem that contributes positively to financial stability while continuing to serve the needs of borrowers and investors.
The expansion of nonbank financial institutions is a natural and necessary evolution of the credit markets, driven by shifts in regulation and economic demand. We view this not as an inherent threat, but as a critical phase requiring sophisticated infrastructure. The systemic risks highlighted stem primarily from fragmented operational processes, data silos, and a lack of integrated risk management capabilities, rather than the nonbank model itself. These deficiencies create the 'black holes' and vulnerabilities that concern regulators and the market. Addressing this requires a fundamental shift towards institutional-grade technology that provides a single source of truth across the entire lending lifecycle.
Integrated platforms are essential for nonbank lenders to manage complex credit, operational, and cyber risks with the necessary visibility and control. By automating workflows, consolidating data, and providing real-time insights, these systems enable lenders to achieve the operational resilience and transparency required to meet evolving regulatory standards and market expectations. Implementing such technology allows nonbanks to scale responsibly, enhance stability, and confidently contribute to a more dynamic and resilient financial ecosystem. We believe this technological foundation is key to unlocking the full potential of the nonbank lending sector.
Xavier De Pauw is the co-founder & CFO of kennek, a complete lending software for alternative credit. A seasoned banker turned fintech entrepreneur, Xavier spent 10 years at Merrill Lynch specialising in structured finance before co-founding challenger banks MeDirect Group and MeDirect Bank Belgium, building a €2.5 billion balance sheet. His expertise in financial innovation and risk management, combined with his role as co-founder of Fintech Belgium, provides unique insights into the evolving challenges facing nonbank lenders in today's complex regulatory environment.
[1] From banks to nonbanks: Macroprudential and monetary policy effects on corporate lending, CEPR
[2] 'We're being attacked all the time': how UK banks stop hackers, The Guardian
[3] ANZ consolidates operational risk into ServiceNow, IT News
[4] AI-Driven Loan Management: UK Banks Tackle 2025 Challenges, Kennek
[5] Banking Key Themes 2025: Navigating Lower Rates, Real Estate Challenges And Basel Delays, Fitch Solutions
[6] Shadow Banking and Systemic Risk: Analyzing the Hidden Levers of Global Finance, Auditing Accounting
[7] Financial Stability Report - November 2024, Bank of England
[8] Shadow Banking: Unveiling the Dark Side of Financial Innovation, The Global Treasurer
[9] EU watchdog warns of data 'black holes' amid efforts to uncover shadow bank risk, Reuters
[10] Private credit does not threaten the banking sector, Financial Times
[11] More reforms needed to tackle shadow banking's 'hidden leverage', BoE regulator says, Reuters
[12] Top financial watchdog says shadow bank vulnerabilities yet to be fixed, Financial Times
[13] Private Credit Market Update And 2025 Outlook, Mondaq
[14] Ransomware hits 59% of UK financial firms in past 12 months, IT Brief UK
[15] How AI and Automation are Transforming Loan Origination in 2025, TimVero
[16] RegTech Solutions for Compliance, arXiv
[17] Automation and the Future of B2B Lending, Taktile
[18] Quantum Computing in Credit Risk Assessment, arXiv
[19] Commercial Lending Trends, Finanta
[20] Loan Origination Software Market Set to Surpass the Valuation of US $11.44 Billion By 2032, GlobeNewswire
[21] Retail cyberattacks filter down to customers, Greensboro
[22] Systemic Risk: U.S. Banks' $1 Trillion In Loans To Nonbanks Like Private Credit Creates Risks And Rewards, S&P Global
[23] Cybersecurity Risks For Financial Services Firms, MarketScreener
[24] Cyber Security and Resilience Bill, Wikipedia
[25] Helping markets thrive and managing systemic risk: the FCA's approach to non-bank leverage, Financial Conduct Authority