RBI has proposed stricter governance rules for AI and machine learning models used by banks.
The draft framework puts AI oversight directly under board supervision and requires human intervention in high-risk decisions.
The move could shape how banks, NBFCs and fintech companies adopt AI in India going forward.
Why RBI Wants Banks to Put Tighter Checks on AI Use
As AI becomes central to banking operations, RBI wants lenders to put stricter controls in place before machines begin making high-stakes financial decisions on their own
Advertisement
Artificial intelligence (AI) has quietly become a key part of banking operations, powering everything from loan underwriting and fraud detection to customer service and internal risk monitoring. But as financial institutions increasingly depend on automated systems, the Reserve Bank of India (RBI) now wants stronger safeguards around how these models are deployed and monitored.
In draft guidelines released this week, the RBI proposed a new Model Risk Management Framework that requires banks and regulated entities to establish governance, risk management and control systems for all models, including AI and machine learning (ML) systems. Stakeholders can submit feedback on the draft framework until July 24.
The regulator said weaknesses in governance, oversight and controls around such models could expose financial institutions to financial, operational, compliance and reputational risks, potentially affecting consumers as well as the broader financial system.
Boards Will Now Oversee AI Systems
One of the biggest changes proposed by RBI is bringing AI governance directly under board-level oversight. Under the draft framework, regulated entities will be required to establish a Board-approved Model Risk Management Framework covering all models, whether developed internally or sourced from third-party providers.
Advertisement
Banks will also have to regularly assess model risks both at the individual model level and across the enterprise. If risks exceed acceptable limits, institutions will be required to take corrective action and report the issue to the board’s risk management committee.
Commenting on the move, Ramit Arora, President and Co-Founder of Biz2X and Biz2Credit, said, “As AI becomes integral to underwriting, fraud detection, portfolio management and customer engagement, governing these models with the same rigour as financial risk is essential.”
He added that by introducing board oversight, independent validation and continuous monitoring, RBI is creating “a common standard of accountability across the lending ecosystem, whether AI models are developed in-house or sourced from third parties.”
Why RBI Wants Humans To Stay In Control
A major focus of RBI’s draft guidelines is ensuring banks do not rely entirely on automated systems for critical decision-making. The regulator has proposed mandatory human oversight for AI models used in automated decision-making processes.
Advertisement
The framework also requires institutions to continuously monitor model performance and identify model drift, a situation where a model’s accuracy gradually declines as real-world conditions change over time.
Banks may also be required to establish override, suspension and deactivation mechanisms, including a “kill switch” arrangement, allowing AI systems to be shut down immediately if they begin producing harmful or erroneous outputs.
The central bank has additionally flagged automation bias, where employees may begin relying excessively on AI-generated recommendations without independently applying judgment.
RBI Tightens Rules For Third-Party AI
The RBI framework also places significant emphasis on third-party AI systems, an increasingly important area as banks and financial institutions rely more on external technology vendors and fintech partners for AI-driven services.
The draft guidelines make it clear that institutions will remain fully responsible for outcomes generated by third-party models, even when those systems are built or supplied externally. Banks will be required to conduct due diligence before deployment and ensure all models undergo independent validation.
Advertisement
Ajay Sirikonda, Partner and Leader for Financial Services Risk Management at EY India, said the draft framework provides Indian banks with clearer direction on AI-related risk management.
“The guidance does add governance and explainability friction, but mostly where the stakes are highest, around credit, pricing and autonomous decisions. Elsewhere, it removes the bigger blocker: uncertainty. Banks have sat on AI not just because it was costly, but also because no one had said what was allowed,” he said.
What Changes For Banks And Fintechs
The proposed framework is expected to affect not only banks but also NBFCs and fintech firms that increasingly use AI systems to assess borrowers, process lending decisions and build customer-facing financial products.
Arora said the timing is important as India’s next phase of credit growth is likely to come from underserved borrowers and small businesses. “India’s next phase of credit growth will be driven by MSMEs and underserved borrowers, where AI can unlock access to finance through richer data and more intelligent risk assessment,” he said.
Advertisement
He also said the framework gives financial institutions clearer regulatory direction as AI adoption expands across the sector. “It provides banks, NBFCs and fintechs with the regulatory clarity to innovate confidently while strengthening trust among customers and regulators.”
According to Arora, the long-term impact of the framework extends beyond compliance requirements. “Its implications extend beyond compliance — it will accelerate the adoption of responsible AI across the banking sector, strengthen confidence in AI-driven decision making and encourage the development of more transparent and accountable financial technologies,” he said.
The proposed framework lays out a broader compliance roadmap for financial institutions as the use of AI expands across lending, customer service and risk management functions.