Banking in digital era: Three things RBI wants lenders to keep in mind

Supervision in the digital era will be less forgiving of episodic compliance, outsourced accountability and opaque algorithms, Reserve Bank of India (RBI) deputy governor Swaminathan J. said on Monday, in a pointed message to banks and other regulated entities.

Speaking at the third annual global conference of the RBI’s College of Supervisors in Mumbai, Swaminathan outlined three expectations that he said supervised entities must internalize, as banking becomes more digital, interconnected, and fast-moving.

The first message was on compliance. Swaminathan cautioned banks against treating compliance as a quarter-end exercise, arguing that faster business and risk cycles demand continuous operational discipline and strong data governance through the year.

In a digital system where risks can crystallize within hours, supervisors will increasingly focus on how quickly institutions can explain anomalies and fix them. The ability to respond decisively, he said, will be seen as a marker of control maturity rather than a back-office formality.

The second message focused on third-party arrangements, a growing vulnerability as banks rely heavily on cloud providers, fintech partners and technology vendors.

“Institutions will need better oversight of partners, clearer accountability for incidents, and contracts that support audit, access, and resilience. The regulated entity cannot outsource responsibility,” Swaminathan said.

He said that third-party management must be treated squarely as risk management. Also, the cross-border element adds another layer as many providers operate globally, and incidents do not respect jurisdictional lines. The global information technology (IT) outage in July 2024 is a useful reminder, Swaminathan said, referring to a faulty software update by cybersecurity firm CrowdStrike that brought down approximately 8.5 million Microsoft Windows systems worldwide.

“The lesson is not about any one firm, but about how quickly third-party incidents can transmit disruption at scale, including to well-run institutions. This calls for near real-time cooperation among supervisors,” he said.

The third message addressed the expanding use of artificial intelligence and analytics across banking functions, from credit underwriting to fraud detection. As these tools become more embedded, Swaminathan warned that banks should be prepared for more intensive supervisory questions on model risk, explainability, and fairness.

He said two issues deserve particular attention, one is reliance on vendor models and embedded tools, in which the institution may use the output without fully understanding the underlying engine and the second is fairness and unintended exclusion, where data proxies can produce outcomes that appear efficient but are unacceptable. “Governance is what allows innovation to scale safely.”