Log In Get Started
Stock Markets June 24, 2026 09:03 AM

RBI Issues Draft Rules Tightening Bank Oversight of AI and Machine-Learning Models

Proposed guidelines force board-approved risk frameworks, independent validation and human oversight for automated decisions; feedback invited by July 24

By Derek Hwang
Share
Twitter Reddit Facebook LinkedIn

India's Reserve Bank has published draft guidance requiring banks to adopt a board-approved model risk framework that explicitly covers artificial intelligence and machine-learning systems. The rules call for continuous model-level and enterprise-wide risk assessments, independent validation of all models including third-party tools, inventories of models, mandated human oversight for automated decisions, and extra cybersecurity measures for generative AI that interacts with customers. The central bank is seeking comments on the draft by July 24.

RBI Issues Draft Rules Tightening Bank Oversight of AI and Machine-Learning Models
Summarize with
ChatGPT Perplexity Claude Grok Gemini

Key Points

  • Banks must adopt a board-approved risk management framework that covers all models, including AI and machine-learning systems - impacting the banking and fintech sectors.
  • Institutions are required to run continuous, model-level and enterprise-wide risk assessments and to report corrective actions to the board's risk management committee - affecting risk management and compliance functions across financial firms.
  • All models, including those sourced from third parties, must undergo independent validation and be recorded in model inventories; generative AI tools interacting with customers will need additional cybersecurity safeguards - relevant to technology, cybersecurity and vendor management teams.

The Reserve Bank of India has circulated draft guidelines that would force banks to strengthen governance and controls around artificial intelligence (AI) and machine-learning models.

Under the proposal, every regulated entity would need a risk management framework approved by its board that applies to the full set of models in use - explicitly including AI and machine-learning applications. That framework must encompass both individual model risks and risks seen across the institution as a whole.

Ongoing assessments are central to the draft. Banks would be required to run continuous risk evaluations at the level of each model and to aggregate those findings to understand enterprise-wide exposure. Where assessments reveal excessive risk, the guidelines specify that banks must take corrective steps. Acceptable responses listed in the draft include the introduction of enhanced controls, placing restrictions on model usage, remediating the model or decommissioning it entirely. Following any significant corrective action, a report is to be furnished to the board's risk management committee.

The draft also mandates independent validation for all models, covering systems developed in-house as well as those supplied by third parties. In addition, institutions must maintain inventories cataloguing the models they use.

Human oversight is required for AI systems deployed in automated decision-making roles, according to the document. For generative AI models that engage with customers or external users, the Reserve Bank says banks must implement additional cybersecurity controls to guard against risks introduced by those interactions.

The central bank has opened the draft guidelines for consultation and has invited feedback by July 24.

What this means in practice

The draft sets out clear expectations for board-level governance, continuous monitoring, independent validation and specific operational safeguards for AI-driven systems. It also highlights an explicit focus on third-party models and on human oversight where automated decisions affect customers.

Risks

  • Implementation and compliance burden on banks as they develop board-approved frameworks and conduct ongoing model-level and enterprise-wide assessments - primarily impacting banking operations and compliance departments.
  • Reliance on independent validation for third-party models may expose banks to vendor risk and challenges in assessing externally developed systems - affecting vendor management and procurement functions.
  • Generative AI systems that interact with customers require extra cybersecurity controls, indicating potential exposure to cyber threats if safeguards are insufficient - impacting cybersecurity teams and customer-facing operations.

More from Stock Markets

Energy stocks slide as oil prices fall on tanker movements near Hormuz Jun 24, 2026 Apple-Intel Chip Collaboration Makes Strategic Sense but Commercial Production Is Years Off Jun 24, 2026 Avis Budget Shares Slide After Hertz Cuts Outlook, Announces Debt and Share Moves Jun 24, 2026 Barclays Names Nuclear Energy Companies Poised to Support Rapid AI Infrastructure Growth Jun 24, 2026 Postal Service Warns Congress It Is Running Out of Cash, Seeks Lawmaker Fixes Jun 24, 2026