- The Reserve Bank of India (RBI) has released a draft framework aimed at strengthening governance and oversight mechanisms in banks by bringing risk management, compliance, and internal audit functions under a unified regulatory structure.
- The proposed framework seeks to simplify existing supervisory instructions, eliminate overlapping guidelines, and create a more harmonised approach to managing control and assurance functions across banks and other regulated entities.
- The new directions are proposed to come into effect from January 1, 2027, and the RBI has invited public comments on the draft.
Objective of the Framework
- The initiative is part of the RBI’s broader effort to rationalise regulations, improve supervisory effectiveness, and enhance corporate governance standards in the banking sector.
- According to the central bank, the framework is designed to provide greater clarity, consistency, and uniformity in the functioning of key control mechanisms that help safeguard financial institutions from operational, compliance, and risk-related challenges.
Focus on Risk, Compliance and Internal Audit
The draft framework covers three critical control functions within banks:
Risk Management Function
This function is responsible for identifying, measuring, monitoring, and managing risks arising from various banking activities.
Compliance Function
The compliance department ensures adherence to regulatory requirements, internal policies, and legal obligations.
Internal Audit Function
Internal audit independently evaluates the effectiveness of governance processes, risk management systems, and internal controls within the organisation.
The RBI has emphasised that these functions should operate independently from business units to provide objective assessment and oversight.
Stronger Role for Boards
- The draft places significant responsibility on the Board of Directors to oversee and support these control functions.
- The RBI stated that the board must set the “tone at the top” by fostering a strong culture of governance, accountability, and compliance. Banks will also be required to ensure that risk management, compliance, and internal audit functions are adequately staffed, properly resourced, and able to function independently.
Mandatory Leadership Positions
To strengthen accountability, the RBI has reiterated that banks must appoint dedicated heads for each control function:
- Chief Risk Officer (CRO) for risk management
- Chief Compliance Officer (CCO) for compliance oversight
- Head of Internal Audit (HIA) for internal audit activities
For banking groups with multiple financial entities, the framework recommends appointing group-level officers to oversee these functions across the entire organisation, ensuring better coordination and consistency.
Board-Approved Policies Required
- Under the proposed norms, banks will be required to maintain separate board-approved policies for risk management, compliance, and internal audit functions.
- These policies must be reviewed periodically to ensure they remain aligned with evolving business risks, regulatory requirements, and industry best practices.
Understanding Control and Assurance Functions
- The RBI has clarified the distinction between control and assurance functions.
- Control functions are independent functions responsible for risk assessment, compliance monitoring, and audit reviews. Their role is to provide objective oversight of business operations.
- Assurance functions, on the other hand, provide independent confirmation to the board and senior management that business activities comply with internal controls, regulations, and governance standards.
- Together, these functions form the foundation of a strong risk governance framework and help maintain the safety and soundness of financial institutions.
Significance of the Move
- The proposed framework is expected to strengthen governance standards across the banking sector by ensuring greater independence, accountability, and effectiveness of critical oversight functions.
- By consolidating multiple regulatory instructions into a single framework, the RBI aims to reduce compliance complexity while promoting stronger risk management practices and better regulatory adherence.
- The move also aligns with global best practices in banking supervision and corporate governance, helping Indian banks build more resilient and transparent operating structures.
- As the financial sector becomes increasingly complex, the proposed framework is expected to play a crucial role in enhancing trust, stability, and long-term sustainability in the banking system.