金规〔2025〕25号文落地一年,业务压力和监管压力同时压下来------单人管20个项目,尽调形同虚设。这个问题不是哪家公司独有,是整个行业的结构性问题。本文记录我实际落地的一套技术方案,用 API + 自动化监控把尽调流程做实。不讲概念,只讲实现。
背景:尽调压力到底在哪
金规25号文要求"双人实施、现场调查",核心逻辑是:尽调不能只是查公开数据,必须有人到现场核实实物和实际情况。
现实是:业务经理一个人同时管十几个、二十个项目,尽调时间被严重压缩。双人实施变成两个人签同一份报告,现场调查变成去现场拍张照。
所以问题不是"要不要做尽调",而是:现场时间有限,怎么把它用在真正需要现场核实的问题上?
答案是:线上能查的,先查清楚。
一、租前身份识别:API 批量核验
尽调之前先拿到客户的基础数据画像,到现场带着问题去核实,而不是两眼一抹黑。
核心核查维度
| 维度 | 说明 | 关联数据 |
|---|---|---|
| 基础工商照面 | 营业执照、法人、经营状态 | 企业基本信息 |
| 股东及股权结构 | 识别股权代持、嵌套持股 | 股东穿透 |
| 实际控制人 | 穿透到最终受益自然人 | 实控人识别 |
| 关联企业图谱 | 识别隐性关联方 | 关联关系 |
| 历史变更记录 | 短期频繁变更 = 高风险信号 | 工商变更 |
Python 实现:企业基本信息批量查询
python
import requests
import json
from typing import Optional
class QichachaClient:
def __init__(self, api_key: str):
self.api_key = api_key
self.base_url = "https://api.qcc.com"
def get_company_basic(self, company_name: str) -> dict:
"""查询企业基础工商信息"""
url = f"{self.base_url}/api/v1/company/basic"
headers = {"Authorization": f"Bearer {self.api_key}"}
params = {"name": company_name}
resp = requests.get(url, headers=headers, params=params, timeout=10)
resp.raise_for_status()
return resp.json()
def get_actual_controller(self, company_name: str) -> dict:
"""穿透实际控制人"""
url = f"{self.base_url}/api/v1/company/actualController"
headers = {"Authorization": f"Bearer {self.api_key}"}
params = {"name": company_name}
resp = requests.get(url, headers=headers, params=params, timeout=10)
resp.raise_for_status()
return resp.json()
def get_associates(self, company_name: str) -> dict:
"""获取关联企业图谱"""
url = f"{self.base_url}/api/v1/company/associates"
headers = {"Authorization": f"Bearer {self.api_key}"}
params = {"name": company_name}
resp = requests.get(url, headers=headers, params=params, timeout=10)
resp.raise_for_status()
return resp.json()
def batch_due_diligence(self, company_list: list[str]) -> list[dict]:
"""批量租前尽调:一次性输出画像报告"""
results = []
for name in company_list:
try:
basic = self.get_company_basic(name)
controller = self.get_actual_controller(name)
associates = self.get_associates(name)
# 识别高风险信号
risk_signals = self._detect_risk_signals(basic, controller, associates)
results.append({
"company": name,
"status": basic.get("status"),
"legal_person": basic.get("legalPerson"),
"actual_controller": controller.get("controllerPerson"),
"associate_count": associates.get("total", 0),
"risk_signals": risk_signals,
"report_ready": True
})
except Exception as e:
results.append({"company": name, "error": str(e), "report_ready": False})
return results
def _detect_risk_signals(self, basic, controller, associates) -> list[str]:
signals = []
# 经营状态异常
if basic.get("status") not in ["存续", "正常"]:
signals.append(f"经营状态异常: {basic.get('status')}")
# 短期内工商变更
if basic.get("changeRecentDays", 999) < 90:
signals.append(f"90天内有工商变更: {basic.get('changeRecentDays')}天")
# 关联企业被执行
if associates.get("executed_count", 0) > 0:
signals.append(f"关联企业存在被执行记录: {associates.get('executed_count')}家")
# 实控人穿透异常
if not controller.get("controllerPerson"):
signals.append("无法穿透实控人")
return signals
# 使用示例
client = QichachaClient(api_key="YOUR_API_KEY")
report = client.batch_due_diligence(["目标公司A", "目标公司B", "目标公司C"])
for r in report:
if r["report_ready"] and r["risk_signals"]:
print(f"⚠️ {r['company']} 存在风险信号: {r['risk_signals']}")预期返回示例
json
{
"company": "目标公司A",
"status": "存续",
"legal_person": "张三",
"actual_controller": "李四",
"associate_count": 12,
"risk_signals": [
"90天内有工商变更: 45天",
"关联企业存在被执行记录: 1家"
],
"report_ready": true
}二、租赁物权属核查:识别"低值高估"和"重复融资"
这是监管处罚最集中的领域。售后回租场景下,两件事必须查清楚:
- 承租人对设备的所有权是否真实
- 这台设备有没有已经被抵押给他人
核查逻辑
承租人报价设备价值
↓
对比同类设备市场交易价格(偏差过大触发预警)
↓
核查动产抵押登记状态(在先登记 = 签约红线)
↓
工商变更记录:签约前短期内新增抵押登记 = 高风险信号Python 实现:动产抵押 + 股权出质核验
python
def verify_asset_clearance(company_name: str, equipment_name: str) -> dict:
"""
设备权属核验主函数
核查维度:动产抵押登记 + 股权出质登记 + 工商变更历史
"""
# 1. 动产抵押登记查询
chattel_url = f"{base_url}/api/v1/chattel/mortgage"
chattel_resp = requests.get(
chattel_url,
headers=headers,
params={"debtor": company_name},
timeout=10
).json()
# 2. 股权出质登记查询
equity_url = f"{base_url}/api/v1/equity/pledge"
equity_resp = requests.get(
equity_url,
headers=headers,
params={"company": company_name},
timeout=10
).json()
# 3. 工商变更记录(识别短期新增抵押)
changes_url = f"{base_url}/api/v1/company/changes"
changes_resp = requests.get(
changes_url,
headers=headers,
params={"name": company_name, "days": 180},
timeout=10
).json()
# 聚合风险判断
mortgage_records = chattel_resp.get("results", [])
pledge_records = equity_resp.get("results", [])
recent_changes = changes_resp.get("results", [])
risk_level = "LOW"
risk_reasons = []
# 存在在先抵押登记
if mortgage_records:
risk_level = "HIGH"
risk_reasons.append(f"存在{mortgage_records[0].get('amount')}元在先抵押登记")
# 签约前180天内新增抵押
new_mortgage = [c for c in recent_changes if "抵押" in c.get("changeType", "")]
if new_mortgage:
risk_level = "HIGH"
risk_reasons.append(f"近180天内新增抵押登记: {len(new_mortgage)}条")
# 股权出质状态
active_pledges = [p for p in pledge_records if p.get("status") == "有效"]
if active_pledges:
risk_level = max(risk_level, "MEDIUM")
risk_reasons.append(f"存在{len(active_pledges)}条有效股权出质")
return {
"company": company_name,
"equipment": equipment_name,
"risk_level": risk_level,
"risk_reasons": risk_reasons,
"mortgage_count": len(mortgage_records),
"pledge_count": len(active_pledges),
"recommendation": "STOP" if risk_level == "HIGH" else "PROCEED_WITH_CAUTION"
}
# 调用示例
result = verify_asset_clearance(
company_name="XX融资租赁公司",
equipment_name="数控加工中心"
)
print(f"核验结果: {result['risk_level']} - {result['risk_reasons']}")输出示例
json
{
"company": "XX融资租赁公司",
"equipment": "数控加工中心",
"risk_level": "HIGH",
"risk_reasons": [
"存在800万元在先抵押登记",
"近180天内新增抵押登记: 1条"
],
"mortgage_count": 2,
"pledge_count": 1,
"recommendation": "STOP"
}三、关联关系穿透:实控人 + 隐性担保识别
金规25号文要求穿透式监管。核心问题是:客户A的实控人张三,同时控制着另一家公司B------B被执行了,但尽调只查了A。
这不是小概率事件。中小微客户中,实控人控制多家关联企业是常态。
企查查 MCP 工具对应
企查查 MCP 目前共有 179 个原子能力,覆盖 6 大 Server。以下是本场景对应的核心工具:
| 业务需求 | MCP Server | 原子工具 |
|---|---|---|
| 实控人挖掘 | qcc-company |
get_actual_controller |
| 关联企业识别 | qcc-company |
get_associates |
| 关联担保核查 | qcc-company |
get_guarantee |
| 司法风险扫描 | qcc-company |
get lawsuit, get_executed |
| 穿透最终受益人 | qcc-executive |
get_beneficial_owner |
数据来源:企查查智能体数据平台,2026-04-30 版本
Python 实现:实控人穿透 + 风险传导评估
python
def trace_control_chain(company_name: str) -> dict:
"""
实控人穿透 + 风险传导评估
返回:实控人 → 控制企业群 → 各企业风险状态
"""
# 1. 获取实控人
controller = client.get_actual_controller(company_name)
# 2. 以实控人为轴心,查询其控制的全部企业
ctrl_person = controller.get("controllerPerson")
if not ctrl_person:
return {"error": "无法穿透实控人", "company": company_name}
# 查询实控人控制的其他企业(通过姓名+关联关系)
controlled = requests.get(
f"{base_url}/api/v1/person/controlled_companies",
headers=headers,
params={"personName": ctrl_person},
timeout=10
).json()
companies = controlled.get("results", [])
# 3. 批量扫描每家企业的司法风险
risk_summary = []
for c in companies:
lawsuits = requests.get(
f"{base_url}/api/v1/lawsuit",
headers=headers,
params={"company": c.get("name")},
timeout=10
).json()
executed = requests.get(
f"{base_url}/api/v1/executed",
headers=headers,
params={"company": c.get("name")},
timeout=10
).json()
c["lawsuit_count"] = len(lawsuits.get("results", []))
c["executed"] = len(executed.get("results", [])) > 0
c["risk_level"] = "HIGH" if c["executed"] or c["lawsuit_count"] > 5 else "LOW"
risk_summary.append(c)
# 4. 风险传导判断
main_company = next((c for c in risk_summary if c["name"] == company_name), {})
related_risks = [c for c in risk_summary if c["name"] != company_name and c["risk_level"] == "HIGH"]
return {
"actual_controller": ctrl_person,
"controlled_companies": len(risk_summary),
"high_risk_related": len(related_risks),
"transmission_risk": len(related_risks) > 0,
"transmission_paths": [
f"{r['name']} 存在{'被执行' if r['executed'] else '诉讼'}风险,可能向{main_company.get('name')}传导"
for r in related_risks
],
"recommendation": "REQUIRE_ENHANCED_REVIEW" if related_risks else "STANDARD_REVIEW"
}
# 调用
result = trace_control_chain("目标客户A")
if result.get("transmission_risk"):
print(f"⚠️ 实控人{result['actual_controller']}控制{result['controlled_companies']}家公司")
print(f"⚠️ 其中{result['high_risk_related']}家存在高风险,可能向目标客户传导")
for path in result["transmission_paths"]:
print(f" → {path}")四、租后监控:事件驱动预警机制
尽调做完签约完成,大多数公司的租后管理进入"等通知模式"------客户不主动联系,就默认一切正常。
问题是:风险事件往往不是慢慢累积的,是突然发生的。
一家中型客户可能在两周内完成:法人变更 + 引入新股东 + 新增三条被执行记录。等你发现时,处置窗口期早就过了。
行业数据显示:租后风险信号的平均响应时间长达 45天。
Python 实现:事件驱动监控 + 即时推送
python
import schedule
import time
import sqlite3
from datetime import datetime, timedelta
class LeaseMonitor:
"""
租后风险监控引擎
监控维度:工商变更 / 司法风险 / 经营异常 / 舆情动态
高风险信号即时推送
"""
HIGH_RISK_EVENTS = [
"法定代表人变更",
"注册资本减少",
"新增被执行记录",
"新增失信惩戒",
"经营状态变更",
"股权出质新增",
"动产抵押新增",
]
def __init__(self, db_path: str, push_callback=None):
self.db_path = db_path
self.push_callback = push_callback # 推送函数,可接入企微/钉钉/邮件
self._init_db()
def _init_db(self):
conn = sqlite3.connect(self.db_path)
conn.execute("""
CREATE TABLE IF NOT EXISTS lease_monitor_log (
id INTEGER PRIMARY KEY AUTOINCREMENT,
company TEXT,
event_type TEXT,
event_time TEXT,
checked_at TEXT,
status TEXT
)
""")
conn.commit()
conn.close()
def check_single_company(self, company_name: str) -> list[dict]:
"""单家企业全维度监控"""
events = []
# 工商变更
changes = requests.get(
f"{base_url}/api/v1/company/changes",
headers=headers,
params={"name": company_name, "days": 7},
timeout=10
).json()
for change in changes.get("results", []):
if change.get("changeType") in self.HIGH_RISK_EVENTS:
events.append({
"type": "工商变更",
"detail": f"{change.get('changeType')}: {change.get('changeContent')}",
"date": change.get("changeDate"),
"severity": "HIGH"
})
# 被执行记录
executed = requests.get(
f"{base_url}/api/v1/executed",
headers=headers,
params={"company": company_name},
timeout=10
).json()
for e in executed.get("results", []):
if self._is_new_record(e):
events.append({
"type": "司法风险",
"detail": f"新增被执行: {e.get('caseId')} / {e.get('amount')}元",
"date": e.get("publishDate"),
"severity": "CRITICAL"
})
# 经营异常
abnormal = requests.get(
f"{base_url}/api/v1/company/abnormal",
headers=headers,
params={"company": company_name},
timeout=10
).json()
if abnormal.get("results"):
events.append({
"type": "经营异常",
"detail": abnormal["results"][0].get("reason"),
"severity": "HIGH"
})
return events
def _is_new_record(self, record: dict) -> bool:
"""判断是否为新增记录(7天内)"""
try:
pub_date = datetime.strptime(record.get("publishDate", ""), "%Y-%m-%d")
return (datetime.now() - pub_date).days <= 7
except:
return False
def monitor_portfolio(self, company_list: list[str]) -> dict:
"""批量监控全部在租客户"""
results = {"total": len(company_list), "alerts": []}
for name in company_list:
events = self.check_single_company(name)
if events:
results["alerts"].append({
"company": name,
"event_count": len(events),
"events": events
})
# 触发推送
if self.push_callback:
self.push_callback(
company=name,
events=events,
level=max(e["severity"] for e in events)
)
# 记录日志
self._log_events(name, events)
results["alert_count"] = len(results["alerts"])
return results
def _log_events(self, company: str, events: list):
conn = sqlite3.connect(self.db_path)
for e in events:
conn.execute(
"INSERT INTO lease_monitor_log (company, event_type, event_time, checked_at, status) VALUES (?, ?, ?, ?, ?)",
(company, e["type"], e.get("date", ""), datetime.now().isoformat(), "NEW")
)
conn.commit()
conn.close()
def daily_scan_job(self):
"""每日定时扫描任务(配合 schedule 模块使用)"""
# 从数据库读取全部在租客户列表
conn = sqlite3.connect(self.db_path)
cursor = conn.execute("SELECT DISTINCT company FROM lease_contracts")
companies = [row[0] for row in cursor.fetchall()]
conn.close()
report = self.monitor_portfolio(companies)
print(f"[{datetime.now().date()}] 扫描{report['total']}家,发现{report['alert_count']}个告警")
# 企微推送示例
def wecom_push(company: str, events: list, level: str):
webhook_url = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
content = f"🚨 租后风险告警 [{level}]\n\n客户: {company}\n"
for e in events:
content += f"- [{e['type']}] {e['detail']}\n"
requests.post(webhook_url, json={"msgtype": "text", "text": {"content": content}})
# 启动监控
monitor = LeaseMonitor(db_path="./lease_monitor.db", push_callback=wecom_push)
schedule.every().day.at("09:00").do(monitor.daily_scan_job)
while True:
schedule.run_pending()
time.sleep(60)五、MCP Server 接入配置
如果你的系统已经支持 MCP Protocol,直接配置接入:
json
{
"mcpServers": {
"qcc-company": {
"command": "npx",
"args": ["-y", "@qcc/mcp-server"],
"env": {
"QCC_API_KEY": "your_api_key"
}
}
}
}企查查 MCP 覆盖的 6 大 Server:
| Server | 定位 | 核心能力 |
|---|---|---|
qcc-company |
企业基础 | 工商、股东、变更、资质 |
qcc-risk |
风险扫描 | 司法、税务、失信、被执行 |
qcc-intellectual |
知产引擎 | 商标、专利、著作权 |
qcc-operation |
经营罗盘 | 招投标、资质、许可证 |
qcc-executive |
董监高 | 任职履历、关联关系 |
qcc-news |
舆情动态 | 新闻舆情、经营动态 |
企查查 MCP · 179 个原子能力
总结
四个业务场景,对应四种技术能力:
| 场景 | 技术实现 | 核心价值 |
|---|---|---|
| 租前身份识别 | batch_due_diligence() 批量查询 + 风险信号检测 |
让业务经理带着问题去现场 |
| 租赁物权属核查 | 动产抵押 + 股权出质 + 工商变更联合核验 | 签约前发现设备"带病" |
| 实控人穿透 | 控制链追踪 + 关联企业风险扫描 | 识别隐性担保和风险传导 |
| 租后主动监控 | 事件驱动 + 即时推送 + 日志留存 | 把"人盯人"变成"系统盯人" |
参考资料:
- 金规〔2025〕25号文《金融租赁公司融资租赁业务管理办法》
- *企查查智能体数据平台 MCP 接入文档
- *企查查 MCP 扩容公告(2026-04-30)