Abstract: The implementation of the whole-process risk prevention and control of personal financial information is an important part of promoting the protection of personal information, and is of great significance in preventing the occurrence of financial risks. Based on the PDCA cycle framework, the systematic review method is used to identify risks from published articles, and the Cov-AHP-RMM method is combined to assess and analyse the risks so as to find out risk prevention and control measures. The study identifies 14 risk factors from 356 articles and proposes risk control measures involving multiple participants like the government, financial industry enterprises and individuals. The results of the study show that the risk of personal financial information spares no aspects of the information processing; the financial institutions involved throughout the process are possibly the important illegal subjects that may infringe on personal financial information so that it is of need to strengthen the regulation of their information processing behaviour; and the application of the PDCA cycle in the practice of risk prevention and control of personal financial information can contribute to the identification, analysis, prevention and control of risks.