Key facts
- The Reserve Bank of India has issued a draft consolidated framework for banks' risk, compliance, and internal audit functions.
- The initiative aims to simplify and harmonize regulatory instructions for these control functions.
- The framework emphasizes the board's oversight and the independence of these functions.
- Banks will be required to have board-approved policies for risk management, compliance, and internal audit.
- The new directions are set to take effect on January 1, 2027.
The Reserve Bank of India (RBI) has released a draft framework consolidating its supervisory instructions for the risk management, compliance, and internal audit functions within banks and other regulated entities. This move is part of a rationalization drive to simplify regulations, eliminate redundant circulars, and make the framework more accessible.
The central bank stressed the importance of the board's role in setting the 'tone at the top' and ensuring these control functions are adequately resourced and maintain their independence from business operations. The draft outlines that these functions must be headed by dedicated chief officers (CRO, CCO, Head of Internal Audit) and, for group entities, by group-level officers for enhanced oversight.
Banks will be required to establish board-approved policies for each of the three control functions, with periodic reviews mandated. The new directions are scheduled to come into effect from January 1, 2027. Previously, the RBI had mandated that bank loans to SEBI-registered REITs and InvITs must be fully secured and repaid via cash flows.