Brief Overview:
As algorithms find their way from back office systems to the boardroom decisions, RBI’s proposed Model Risk Management framework send a clear message: Using AI or complex methods does not make accountability disappear. The framework covers banks, NBFCs, ARCs, CICs and other regulated entities deploying AI/ML tools, vendor models, algorithms or any decision‑making systems across business, risk, compliance or customer-facing functions.
In simple terms, if a model influences decisions, risk outcomes, customer impact or compliance, it cannot operate as a black box. The regulated entity (RE) cannot point to the model, its complexity or its developer as the defense, responsibility remains with the entity using it.
Technical Details:
What changes once models, algorithms and AI tools become part of RBI’s formal risk governance framework?
1) Board-approved governance framework: Mandatory Board-approved framework covering full model lifecycle (inventory, validation, monitoring, change and exit)
2) Wide scope with inventory discipline: Applies to all models (AI/ML, vendor, algorithms, analytics), with no use permitted unless recorded in a formal inventory.
3) Independent validation and AI accountability: All models, including third-party and AI/ML models, require independent validation, with accountability remaining with the RE and supported by AI-specific safeguards.
4) Global alignment with stricter accountability: Aligns India with UK, EU and Singapore-style model risk regimes, while imposing direct RE accountability for AI/ML, vendor and decision-support models.
5) Comments: To be submitted to RBI by 24th July 2026.
JC takeaway:
1) Board-level accountability: Recasts model risk as a governance and regulatory accountability issue, not merely a technology function.
2) Immediate RE priorities: Map decision-impacting models, risk-tier them, ensure independent validation and strengthen AI/ML and vendor-model governance.
3) Vendor and AI contracting: Revisit fintech, vendor and AI arrangements for transparency, audit rights, validation support, continuity, exit and accountability allocation.
For further details, please see:
Guidance on Regulatory Principles for Model Risk Management, 2026.pdf
For any queries/clarifications, please feel free to ping us and we will be happy to chat:
- Jayesh H (jayesh.h@juriscorp.in)
- Mahak Saboo (mahak.saboo@juriscorp.in)
- Bhumika Makhija (bhumika.makhija@juriscorp.in)
