More Stories

Informist, Wednesday, Jun. 10, 2026

 

--RBI issues draft to consolidate norms on bks' control, assurance functions 

--RBI issues draft to consolidate norms on NBFC control, assurance functions 

--RBI seeks comments on draft on control, assurance functions by Jul 9 

 

NEW DELHI – The Reserve Bank of India has proposed stricter governance and risk management norms for banks and non-banking financial companies as part of the draft consolidated instructions on control and assurance functions. The central bank has sought feedback on the draft consolidated directions by Jul. 9.

 

"At present, the regulatory instructions with respect to control / assurance functions viz. risk management, compliance and internal audit are contained in various directions / circulars," the RBI said Wednesday. "With a view to strengthening the governance framework for these functions and to ensure greater clarity, consistency and harmonisation in the instructions pertaining to these functions, it has been decided to review and consolidate them under these Directions."

 

The RBI has proposed that banks establish risk management, compliance, and internal audit functions, commensurate with their size, complexity, and risk or business profile. The risk management, compliance, and internal audit functions must be headed by a chief risk officer, chief compliance officer, and head of internal audit, respectively.

 

In banks that are a part of a group consisting of more than one financial entity, there may be a group chief risk officer and a group chief compliance officer responsible for group level risk oversight, compliance, and coordination, the RBI has proposed. The central bank has proposed that these directions come into effect from Jan. 1.

 

"The bank shall have policies for each of the three control functions, viz., Risk Management, Compliance and Internal Audit, clearly articulating the objectives, roles and responsibilities of each function," the RBI said. "The said policies shall be approved by the Board and reviewed periodically."

 

The RBI said a bank's board would be responsible for overseeing the control functions and reviewing them on an ongoing basis. "The Board must set the 'tone at the top' and ensure that these functions are adequately resourced and maintain their independence," the RBI said in the draft norms. "The Risk Management and the Compliance Functions shall be subject to regular internal audit."

 

The RBI said that the chief risk officer, the chief compliance officer, and the head of internal audit should function with independence and free from conflict of interest. The three officers must not be assigned business targets or have their remuneration linked to the performance of any business line, the RBI said. They should also meet the board or the respective board committee at least once in a quarter, without the presence of the senior management, including the managing director and chief executive officer, the RBI has proposed.

 

A bank's board must ensure effective oversight over the bank's risk management function and clearly define the role and responsibilities of the chief risk officer, the RBI said. 

 

An urban co-operative bank with total assets of INR 50 billion or higher must establish risk management function, headed by a chief risk officer. Every urban co-operative bank must establish compliance and internal audit functions, headed by a chief compliance officer and a head of internal audit, respectively, the RBI said.

 

NON-BANKING COMPANIES

The RBI has proposed that a non-banking financial company must establish compliance and internal audit functions, as per its size, complexity, and business profile. Compliance and internal audit functions must be headed by a chief compliance officer and a head of internal audit, respectively, the RBI said.

 

"An NBFC shall have policies for each of the control functions, including Compliance and Internal Audit, clearly articulating the objectives, roles and responsibilities of each function," the RBI said. "These policies shall be approved by the Board and reviewed periodically."

 

As with banks, NBFCs' boards will be responsible for overseeing the control functions. NBFCs will have to maintain a compliance programme supported by an annual compliance risk assessment, the RBI said. 

 

Assets reconstruction companies, too, will have to establish compliance and internal audit functions, headed by a chief compliance officer and a head of internal audit, respectively, the RBI said.  End

 

Reported by Shubham Rana

Edited by Avishek Dutta

 

For users of real-time market data terminals, Informist news is available exclusively on the NSE Cogencis WorkStation.

 

Cogencis news is now Informist news. This follows the acquisition of Cogencis Information Services Ltd. by NSE Data & Analytics Ltd., a 100% subsidiary of the National Stock Exchange of India Ltd. As a part of the transaction, the news department of Cogencis has been sold to Informist Media Pvt. Ltd.

 

Informist Media Tel +91 (11) 4220-1000

Send comments to feedback@informistmedia.com

 

© Informist Media Pvt. Ltd. 2026. All rights reserved.