Summary
- RBI released a draft Model Risk Management Framework on 24 June 2026, covering both traditional statistical models and AI/ML systems used by banks and NBFCs.
- It applies broadly — Commercial Banks, NBFCs, Co-operative Banks, AIFIs (NABARD, SIDBI, etc.), ARCs, and Credit Information Companies are all covered.
- Institutions need Board-approved governance, independent model validation, and human oversight on AI-driven decisions.
- Explainability is mandatory for decisions like loan approvals and fraud detection, and outsourcing a model to a vendor doesn’t remove regulatory accountability.
- Public comments are open until 24 July 2026, after which RBI is expected to finalize the guidance.
The Reserve Bank of India (RBI) has released a draft Guidance on Regulatory Principles for Model Risk Management, 2026, introducing a governance framework for models for regulated financial institutions. The framework covers traditional statistical models as well as Artificial Intelligence (AI) and Machine Learning (ML) systems used across banking and financial services.
The draft was published on 24 June 2026 under Press Release No. 2026–2027/528 and is open for public comments until 24 July 2026 through the RBI’s Connect 2 Regulate portal.

What is RBI Model Risk Management?
Financial institutions depend on AI and advanced analytics for customer onboarding, fraud detection, credit underwriting, risk assessment, anti-money laundering, customer support, and operational automation.
The increasing use of AI also increases the risks. AI models may produce inaccurate, biased, or inconsistent outcomes. This can affect customers, compliance issues, and many other problems.
The RBI’s draft framework aims to ensure that regulated entities implement proper controls throughout the lifecycle of every material model, regardless of whether it is developed internally or sourced from a third-party vendor.

What Organizations will be covered?
The proposed framework applies to a broad range of RBI-regulated entities, including:
- Commercial Banks
- Small Finance Banks
- Payments Banks
- Regional Rural Banks
- Local Area Banks
- Urban Co-operative Banks
- State and Central Co-operative Banks
- NBFCs across all regulatory layers
- All India Financial Institutions such as NABARD, SIDBI, NHB, NaBFID, and EXIM Bank.
- Asset Reconstruction Companies
- Credit Information Companies
The guidance applies to models developed internally, procured from external vendors, or jointly developed through third-party arrangements.
Automate your KYC Process & Reduce Fraud!
We have helped 3000+ companies in reducing Fraud by 95%
Key Requirements Under the Draft Framework
Board-Level Governance
Every regulated entity must establish a Board-approved Model Risk Management Framework covering model development, validation, deployment, monitoring, modification, and retirement.
The Board will be responsible for approving the institution’s model risk appetite, while governance committees are expected to check implementation and review material model risks.
Independent Model Validation
Models should undergo independent validation before deployment and continue to be monitored throughout their operational life.
Validation should assess factors such as:
- model design
- assumptions
- input data quality
- performance
- limitations
- ongoing monitoring
The level of validation should be proportionate to the model’s risk and materiality.
Human Oversight
The RBI expects regulated entities to maintain meaningful human oversight over AI-driven decision-making. Institutions should ensure that employees understand model outputs and do not rely on automated recommendations without appropriate judgment. Where AI interacts directly with customers, institutions should also provide customers with an option to get human assistance.
Explainability Requirements
The framework places significant emphasis on explainability. Institutions should be able to explain how models reach material decisions, particularly where those decisions affect customers, such as loan approvals, fraud detection, or onboarding outcomes.
Where complete explainability is not feasible, institutions are expected to implement additional controls, monitoring, and validation.
Third-Party Model Accountability
The draft makes it clear that outsourcing a model does not transfer regulatory responsibility. Banks and NBFCs remain accountable for models supplied by external vendors and must independently assess and validate them before deployment.
Model Inventory and Lifecycle Management
The guidance requires institutions to maintain a comprehensive inventory of models throughout their lifecycle. Models should be classified according to their complexity, materiality, and risk profile.
The framework also outlines expectations around periodic reviews, monitoring, version control, documentation, and retirement of obsolete models.
Risk Management for AI Models
For AI and Machine Learning systems, the RBI highlights several risks that regulated entities should actively manage, including:
- Explainability challenges
- Hallucinations
- Bias and unfair outcomes
- Overfitting
- Spurious correlations
- Output variability
- Data quality and integrity risks
These risks should be incorporated into an institution’s overall governance framework.
Why AI Model Risk Management Framework important?
Many financial institutions now rely on AI-powered systems across customer onboarding, identity verification, fraud detection, document verification, AML screening, and lending.
The proposed framework reinforces that these systems must operate within a well-defined governance structure supported by documentation, monitoring, validation, and human oversight.
The guidance also places greater emphasis on accountability for AI models supplied by external technology providers, making vendor governance an important component of regulatory compliance.
Public Consultation
The draft framework is currently open for stakeholder feedback until 24 July 2026. After reviewing public comments, the RBI is expected to publish the final version of the guidance, which will establish regulatory expectations for model governance across the financial sector.