Banking News

Read the full story

Source: The Hindu BusinessLine

The Hindu BusinessLine
Source
RBI & Policy
Category
3 min
Read time
15 Jul
Published
RBI & Policy
3 min read· The Hindu BusinessLine

Regulated entities will have to implement data governance framework: RBI

The Reserve Bank of India has issued new draft guidelines for data management at all banks and NBFCs. This framework aims to fix weaknesses and ensure data stays accurate and secure.

The Reserve Bank of India (RBI) has introduced a draft 'Guidance on Regulatory Expectations for Data Governance'. This new framework requires Regulated Entities (REs)—which include all commercial banks, co-operative banks, and Non-Banking Financial Companies (NBFCs)—to set up a strict system to manage their data. The RBI says data is now a critical asset that drives business, customer service, and risk management. The rules will vary depending on how big and complex the bank is.

Recent growth in digital services and automated decisions has increased the speed and volume of data being handled by banks. RBI noticed that while banks have improved their IT systems, some weaknesses still exist. These gaps can lead to operational risks (losses from failed internal processes) or compliance risks (breaking laws). Therefore, the new Data Governance Framework (DGF) must cover everything from who owns the data to how it is stored and audited.

Banks are now required to maintain 'Data Quality' and a 'Single Source of Truth' (SSOT). An SSOT is one designated official source for a specific piece of data within the bank. This ensures that different departments do not use conflicting information. The framework also demands clear 'Metadata' (data about data) and 'Lineage' (tracking where data comes from and where it goes). These rules must align with the Digital Personal Data Protection (DPDP) Act of 2023.

Every bank must form a Board-level Data Governance Committee (DGC). If a bank does not want to create a new committee, it must give these duties to an existing Board committee. This group will oversee the implementation of data policies and review them at least once a year. This shows that data management is no longer just a task for the junior IT staff; it is now a top-level priority for the bank's directors.

Banks must also create a dedicated 'Data Function'. This department must be led by a senior officer, specifically someone at the rank of Chief General Manager (CGM) or higher. This leader needs the authority and skills to enforce the new rules across the entire bank. Additionally, the bank must designate 'Data Owners' for different areas like loans or savings, making them accountable for the data in their specific domain.

To help the Data Owners, banks will appoint 'Data Stewards' within business units and 'Data Custodians' in IT roles. The Data Custodian will be responsible for enforcing access controls (rules on who can see which info) and protecting the data from unauthorized use. There must also be a clear 'Data Retention and Archival Policy' to decide how long data should be kept based on legal and business needs.

For bank officers, this means a major shift in daily work. Every piece of data entered into the system must now follow strict classification and quality checks. Aspirants should note that roles in data management and IT audit will likely see high demand. The RBI is accepting comments on this draft, and once finalized, it will change how Indian banks handle every byte of customer information.

In the future, the RBI will look for these structures during their regular inspections. If a bank cannot track the 'lineage' of its data or has poor 'traceability', it may face regulatory action. Bankers must now prepare for more frequent audits of their digital records and information security setups to stay compliant with these rising expectations.

#RBI
Source: The Hindu BusinessLine