RBI proposes stricter data governance norms for banks, NBFCs to strengthen risk management framework

/ 2 min read
AI Hub

Draft framework mandates stronger data governance and board oversight

RBI
Reserve Bank of India | Credits: File Phooto

The Reserve Bank of India (RBI) on Wednesday proposed that banks, NBFCs and other entities regulated by it should establish processes to manage data risk as part of their overall risk management framework.

ADVERTISEMENT

The central bank has issued draft guidelines setting out broad regulatory expectations relating to data governance, roles, architecture, metadata and lineage, quality, and third-party arrangements involving data sharing.

Executive-level data governance committee proposed

With the increasing digitalisation of the financial sector and growing adoption of technology-driven business models, data has emerged as a critical asset for regulated entities (REs).

ADVERTISEMENT

As the volume, variety and velocity of data continue to increase, effective data governance has become essential to ensure that data remains accurate, consistent, secure and fit for purpose across functions and systems, RBI said in the draft norms.

"An RE should establish processes to manage data risk as a part of its overall risk management framework," the draft said.

It should include identification of data attributes, data structure, data sources (external and internal), data quality, data classification, and big data perspective, for identification, assessment, monitoring, and managing risks pertaining to data.

Recommended Stories

The draft also proposes that an RE should establish an executive-level Data Governance Committee or delegate the responsibility to an existing executive committee with representation from Data Function, IT, IS, relevant Business Verticals, Risk Management, Compliance, and others, as required.

Lifecycle-based data governance approach recommended

The Board of an RE should oversee the Data Governance Framework (DGF), and review the reports and metrics placed before it.

ADVERTISEMENT

Also, the DGF should be reviewed annually or more frequently as required, said the draft, on which the Reserve Bank of India (RBI) has invited comments from stakeholders by August 17.

Another key aspect of the proposal is that an RE should establish and implement a lifecycle-based approach to data governance, ensuring that the data is governed across all stages—from origination to deletion—in a consistent manner to identify the associated risks and mitigate them.

Most Powerful Women In Business 2026
View Full List >

Also, the RE should ensure that data is created or acquired only for defined and legitimate purposes aligned with approved business, risk, and legal and regulatory objectives, the draft added.

NEXT STORY