RBI Regulatory Developments on governing banks in India: Implications for Bank Boards, Audit Committees & Risk Committees - 2025

Regulator: Reserve Bank of India (RBI)

Audience: Bank Boards, Audit Committees, Risk Management Committees, Independent Directors

Purpose: To summarise recent RBI regulatory and supervisory developments and outline their implications for board-level oversight, fiduciary responsibility, and institutional resilience.

1. Why This Matters for Bank Boards

Recent RBI regulatory actions reflect a decisive shift from rules-based supervision to outcomes-based oversight, with a strong focus on board effectiveness, risk governance, and control integrity. The regulator increasingly evaluates not just compliance with prudential norms, but also the quality of board oversight, challenge, and decision-making processes.

For directors—particularly independent directors—this translates into heightened expectations of active engagement, documented deliberation, and demonstrable understanding of key risks.

2. Governance & Board Oversight Expectations

Enhanced Governance Scrutiny

RBI has repeatedly reinforced that boards are the first line of defence in ensuring prudential discipline, ethical conduct, and sustainable growth. Supervisory assessments increasingly review:

• Board composition and independence

• Effectiveness of Audit and Risk Committees

• Quality of board and committee minutes

• Alignment between risk appetite, strategy, and execution

These expectations are anchored in the Master Direction on Corporate Governance in Banks, which places explicit responsibility on boards for oversight of risk management, internal controls, and compliance culture.¹

Implications for Audit & Risk Committees

• Oversight is expected to be substantive, not procedural

• Reliance on management assurances without independent validation increases regulatory risk

• Committee minutes are treated as primary evidence of oversight during supervisory reviews

3. Risk Management & Internal Controls

Risk Appetite & ICAAP

RBI continues to emphasise the integrity of the Internal Capital Adequacy Assessment Process (ICAAP) and the linkage between:

• Risk appetite statements

• Stress testing outcomes

• Capital planning decisions

This emphasis is embedded in the Master Directions on Basel III Capital Regulations and supervisory guidance on risk governance.²

Risk Committee Focus Areas

• Appropriateness of stress scenarios

• Concentration risks (sectoral, borrower, geographic)

• Capital buffers vis-à-vis emerging risks

4. Audit Committee Responsibilities

Financial Reporting & Asset Quality

RBI’s supervisory posture underscores zero tolerance for delayed recognition of stress, especially in:

• Non-Performing Assets (NPAs)

• Evergreening or restructuring practices

• Divergences between bank and supervisory asset classification

These expectations are grounded in the Master Circular on Prudential Norms on Income Recognition, Asset Classification and Provisioning (IRACP).³

Audit Committee Expectations

• Independent evaluation of asset quality trends

• Active engagement with statutory and internal auditors

• Clear documentation of disagreements, qualifications, or concerns

5. NBFC & Group Risk Oversight (for Bank-Led Groups)

For banks with NBFC subsidiaries or financial group exposure, RBI’s Scale-Based Regulation (SBR) framework for NBFCs significantly elevates board responsibility for:

• Group-wide risk aggregation

• Intra-group exposures and guarantees

• Regulatory arbitrage risks

Larger NBFCs are now subject to bank-like governance and prudential norms, increasing contagion and reputational risk for parent bank boards.⁴

6. Liquidity & ALM Oversight

RBI has refined expectations around liquidity risk management, especially under volatile global funding conditions. Boards are expected to ensure:

• Robust Asset-Liability Management (ALM) frameworks

• Adequate high-quality liquid assets (HQLA)

• Preparedness for market stress and deposit volatility

These requirements stem from the Master Direction on Liquidity Risk Management Framework.⁵

7. Technology, Cybersecurity & Operational Resilience

With rapid digitisation, RBI has elevated IT, cyber, and operational risk to board-level priorities.

Key expectations arise from:

• Master Direction on IT Governance, Risk, Controls and Assurance Practices

• Digital Payment Security Controls circulars

Boards are expected to:

• Oversee cyber incident response readiness

• Ensure independent IT audits and assurance

• Treat operational resilience as a systemic risk, not a support function issue⁶

8. Supervisory Approach & Enforcement Signals

RBI’s recent supervisory actions indicate:

• Greater use of qualitative supervisory assessments

• Escalation from supervisory letters to business restrictions where governance failures persist

• Individual accountability of senior management and, in extreme cases, directors

Key Message:Good intent is insufficient—evidence of informed oversight and challenge is critical.

9. Key Risks for Bank Directors

10. Recommended Actions for Boards & Committees

1. Revisit Board and Committee charters in light of RBI expectations.

2. Strengthen Audit Committee engagement with auditors beyond formal presentations.

3. Ensure risk appetite statements are actionable and monitored, not static.

4. Demand clearer MI and stress testing outputs for committee review.

5. Document dissent, challenge, and rationale in minutes.

6. Seek periodic independent regulatory briefings without management presence.

11. Concluding Perspective

RBI’s regulatory trajectory reflects a decisive elevation of board accountability in safeguarding financial stability. For Governing banks in India - Bank Boards, Audit Committees, and Risk Committees - are now expected to function as active custodians of prudential discipline, capable of identifying early warning signals and challenging management decisively.

Institutions that demonstrate robust governance processes, independent judgment, and strong documentation will be best positioned to withstand supervisory scrutiny and systemic shocks.

Footnoted References

1. RBI, Master Direction – Corporate Governance in Banks

2. RBI, Master Directions on Basel III Capital Regulations

3. RBI, Master Circular – Prudential Norms on Income Recognition, Asset Classification and Provisioning (IRACP)

4. RBI, Scale Based Regulation (SBR): A Revised Regulatory Framework for NBFCs

5. RBI, Master Direction – Liquidity Risk Management Framework

6. RBI, Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices; RBI Circulars on Digital Payment Security Controls