In a clear directive to India's financial sector, a top Reserve Bank of India (RBI) official has stated that the era of treating regulatory compliance as a periodic, back-office formality is over. Deputy Governor Swaminathan J., speaking on Monday, warned that the digital age requires a fundamental shift in how banks and other regulated entities manage risk, accountability, and technology.
Three Pillars for the Digital Banking Future
Addressing the third annual global conference of the RBI's College of Supervisors in Mumbai, Swaminathan outlined three critical expectations for supervised entities. His message comes as banking becomes increasingly digital, interconnected, and fast-paced, where risks can materialize in hours, not quarters.
1. From Episodic to Continuous Compliance
The deputy governor cautioned financial institutions against viewing compliance as a quarter-end exercise. He emphasized that faster business and risk cycles demand unwavering operational discipline and robust data governance throughout the year. In this new environment, supervisors will pay close attention to how quickly a bank can explain anomalies and rectify them. This ability to respond decisively will be seen as a true marker of an institution's control maturity, rather than a procedural checkbox.
2. The Peril of Outsourced Accountability
Swaminathan's second focus was on the growing vulnerability of third-party arrangements. As banks lean heavily on cloud providers, fintech partners, and tech vendors, he stressed that accountability cannot be outsourced. "The regulated entity cannot outsource responsibility," he asserted.
He called for better partner oversight, clearer incident accountability, and contracts that explicitly support audit, access, and resilience. Third-party management must be treated as core risk management. The global nature of many providers adds complexity, as incidents cross jurisdictional lines effortlessly. He cited the global IT outage in July 2024—triggered by a faulty update from cybersecurity firm CrowdStrike that affected around 8.5 million systems—as a stark reminder of how third-party failures can cause widespread disruption, even for well-run institutions. This reality demands near real-time cooperation among supervisors globally.
3. Governing the Black Box: AI and Analytics
The third message tackled the expanding use of artificial intelligence (AI) and advanced analytics in functions from credit underwriting to fraud detection. Swaminathan warned that as these tools become more embedded, banks should prepare for more intensive supervisory scrutiny on model risk, explainability, and fairness.
He highlighted two specific concerns. First is the over-reliance on vendor models and embedded tools, where an institution might use outputs without fully understanding the underlying engine. Second is the risk of "fairness and unintended exclusion," where data proxies can lead to efficient but socially unacceptable outcomes. "Governance is what allows innovation to scale safely," Swaminathan concluded, underscoring that technological advancement must be matched by robust oversight frameworks.
The deputy governor's speech signals a decisive move by India's central bank towards a more dynamic, real-time, and technology-aware supervisory approach, where transparency and continuous vigilance are non-negotiable.
