The Reserve Bank of India (RBI) has proposed a comprehensive data governance framework for banks, non-banking financial companies (NBFCs) and other regulated entities, requiring them to strengthen data risk management as an integral part of their overall risk management systems.
The central bank has said data has increasingly become a critical organisational asset, supporting business operations, customer services, financial reporting, regulatory compliance, risk management and strategic decision-making. The proposed framework seeks to establish uniform regulatory expectations for the way regulated entities collect, manage, secure and use data.
The RBI has invited public comments on the draft guidelines until August 17. According to the draft framework, the proposed rules will cover key areas of data governance, including governance structures, roles and responsibilities, data architecture, metadata and data lineage, data quality, and arrangements for sharing data with third parties.
The framework will apply to commercial banks, small finance banks, payments banks, cooperative banks, regional rural banks, NBFCs, all-India financial institutions, asset reconstruction companies (ARCs) and credit information companies.
The RBI said the growing volume, variety and velocity of data had made robust data governance increasingly important. It said regulated entities must ensure that data remains accurate, consistent, secure and fit for purpose across different business functions and systems.
The central bank also cautioned that weaknesses in data governance and data management could expose regulated entities to a range of risks, including financial, operational, compliance and reputational risks.
Under the proposed framework, every regulated entity will be required to establish a Data Governance Framework (DGF) covering the entire data lifecycle. The framework will also have to be aligned with the entity's broader risk management framework.
Also read: UDAN viability support extended to 5 years: Naidu
"An RE should put in place a Data Governance Framework (DGF) applicable to all data and align it with its risk management framework," the RBI said in its draft proposal. The central bank has further proposed a greater role for the board in overseeing data governance. Each regulated entity will either be required to establish a dedicated Board-level Data Governance Committee (DGC) or assign the responsibility to an existing committee of the board.
"An RE should establish a Board-level Data Governance Committee (DGC) or assign the responsibility to an existing Committee of the Board," the draft said.
The designated committee would be responsible for approving data governance policies and overseeing their implementation across the organisation. It would also review material data-related breaches and ensure that key data governance issues are reported to the board.
In another significant proposal, the RBI has recommended that regulated entities maintain a "single source of truth" for each data element. The objective is to ensure that downstream systems, business processes and risk models rely on one authoritative and consistent source of data.
The proposed framework is aimed at improving data quality and accountability while ensuring that data-related risks are identified and managed in a structured manner. The RBI said a strong governance framework would be essential as financial institutions increasingly depend on data-driven operations, technology and automated decision-making.