RBI proposes stricter data governance norms for banks and NBFCs


The RBI has proposed a comprehensive data governance framework requiring banks, NBFCs and other regulated entities to strengthen data risk management, establish executive-level oversight and adopt lifecycle-based governance. Stakeholders have been invited to submit comments on the draft guidelines by August 17

Published Date – 15 July 2026, 08:18 PM

RBI proposes stricter data governance norms for banks and NBFCs

Mumbai: The RBI on Wednesday proposed that banks, NBFCs and other entities regulated by it should establish processes to manage data risk as part of their overall risk management framework.

The central bank has issued draft guidelines setting out broad regulatory expectations relating to data governance, roles, architecture, metadata and lineage, quality, and third-party arrangements involving data sharing.


With the increasing digitalisation of the financial sector and the growing adoption of technology-driven business models, data has emerged as a critical asset for regulated entities (REs).

As the volume, variety and velocity of data continue to increase, effective data governance has become essential to ensure that data remains accurate, consistent, secure and fit for purpose across functions and systems, the RBI said in the draft norms.

Weaknesses in data governance and its management can lead to broader financial, operational, compliance and reputational risks for REs, it added.

“An RE should establish processes to manage data risk as part of its overall risk management framework,” the draft said.

It should include identification of data attributes, data structure, data sources (external and internal), data quality, data classification, and a big data perspective for identifying, assessing, monitoring and managing risks related to data.

The draft also proposes that an RE should establish an executive-level Data Governance Committee or delegate the responsibility to an existing executive committee with representation from the Data Function, IT, IS, relevant business verticals, Risk Management, Compliance and others, as required.

The board of an RE should oversee the Data Governance Framework (DGF) and review the reports and metrics placed before it.

Also, the DGF should be reviewed annually or more frequently, if required, according to the draft, on which the Reserve Bank of India (RBI) has invited comments from stakeholders by August 17.

Another key aspect of the proposal is that an RE should establish and implement a lifecycle-based approach to data governance, ensuring that data is governed consistently across all stages, from origination to deletion, to identify the associated risks and mitigate them.

Also, the RE should ensure that data is created or acquired only for defined and legitimate purposes aligned with approved business, risk, and legal and regulatory objectives, the draft added.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *