AI Generated by Fortune India
RBI proposes stricter data governance norms for banks, NBFCs to strengthen risk management frameworkJuly 15, 2026, 19:55 IST
Loading AI Hub...
Disclaimer : Certain content on this page, including summaries, timelines, FAQs, glossaries, highlights, insights, and other supplementary informational features, maybe generated or assisted by artificial intelligence tools. While reasonable efforts are made to review and verify such content, AI generated output may occasionally contain errors, omissions or inconsistencies. Readers are advised to independently verify any information before relying upon them for professional, legal, financial, medical or other decisions. The publisher along with its affiliates and contributors do not warrant accuracy of AI-generated content and disclaim any liability, loss or damage arising from its use.

RBI proposes stricter data governance norms for banks, NBFCs to strengthen risk management framework

/2 min read

ADVERTISEMENT

Draft framework mandates stronger data governance and board oversight
RBI
Reserve Bank of India  Credits: File Phooto

The Reserve Bank of India (RBI) on Wednesday proposed that banks, NBFCs and other entities regulated by it should establish processes to manage data risk as part of their overall risk management framework.

The central bank has issued draft guidelines setting out broad regulatory expectations relating to data governance, roles, architecture, metadata and lineage, quality, and third-party arrangements involving data sharing.

Sign up for Fortune India's ad-free experience
Enjoy uninterrupted access to premium content and insights.

Executive-level data governance committee proposed

With the increasing digitalisation of the financial sector and growing adoption of technology-driven business models, data has emerged as a critical asset for regulated entities (REs).

As the volume, variety and velocity of data continue to increase, effective data governance has become essential to ensure that data remains accurate, consistent, secure and fit for purpose across functions and systems, RBI said in the draft norms.

Weaknesses in data governance and its management can lead to broader financial, operational, compliance and reputational risk for REs, it added.

"An RE should establish processes to manage data risk as a part of its overall risk management framework," the draft said.

It should include identification of data attributes, data structure, data sources (external and internal), data quality, data classification, and big data perspective, for identification, assessment, monitoring, and managing risks pertaining to data.

The draft also proposes that an RE should establish an executive-level Data Governance Committee or delegate the responsibility to an existing executive committee with representation from Data Function, IT, IS, relevant Business Verticals, Risk Management, Compliance, and others, as required.

Lifecycle-based data governance approach recommended

The Board of an RE should oversee the Data Governance Framework (DGF), and review the reports and metrics placed before it.

Also, the DGF should be reviewed annually or more frequently as required, said the draft, on which the Reserve Bank of India (RBI) has invited comments from stakeholders by August 17.

Another key aspect of the proposal is that an RE should establish and implement a lifecycle-based approach to data governance, ensuring that the data is governed across all stages—from origination to deletion—in a consistent manner to identify the associated risks and mitigate them.

Also, the RE should ensure that data is created or acquired only for defined and legitimate purposes aligned with approved business, risk, and legal and regulatory objectives, the draft added.