From Credit Models to Frontier AI: Inside the RBI's 2026 Draft Guidance on Model Risk Management

What the RBI has proposed

For the first time, India's banking regulator is asking every bank, NBFC and financial institution it supervises to govern all of their models — statistical, algorithmic and AI alike — under a single, Board-owned risk framework.

On 24 June 2026, the Reserve Bank of India's Department of Regulation released a draft "Guidance on Regulatory Principles for Model Risk Management, 2026" and invited stakeholder feedback until 24 July 2026. Running to six chapters and sixty-four numbered principles, the document sets out how regulated entities (REs) should govern the models they increasingly rely on to price loans, score borrowers, detect fraud, flag suspicious transactions, defend against cyber-attacks and — more and more — converse with customers.

The premise is stated plainly in the opening paragraph: models deliver real efficiency and risk-management gains, but those benefits "usually come with additional model risks". Left unmanaged, the RBI warns, model risk can produce "inaccurate outcomes, flawed decisions, financial losses, operational disruptions, compliance failures and other adverse consequences" — not only for the entity itself but for consumers and the wider financial system. The Guidance is the RBI's attempt to put a common governance floor under that risk.

Crucially, the draft is principle-based rather than prescriptive. It does not mandate specific validation techniques or model architectures; instead it requires each entity to build controls "commensurate with the nature, scale and complexity of their operations, and materiality and risk of the models used by them". A small urban co-operative bank and a large private-sector lender will be held to the same principles but are expected to implement them very differently.

Why now: from credit models to a model-saturated system

The draft does not arrive in a vacuum. It is the latest — and broadest — step in a multi-year arc of RBI thinking about how machines make decisions inside regulated finance.

In August 2024, the RBI floated a narrower draft on the "Management of Model Risks in Credit", aimed squarely at credit-scoring, loan-pricing and provisioning models. The 2026 Guidance keeps that lineage but dramatically widens the aperture: it now reaches every model an entity uses, in any business line, not just credit. The shift mirrors reality. Models no longer sit only in the credit department; they price products, surveil markets, run treasury operations, triage customer service and increasingly take the shape of large language models bought off the shelf from a handful of global providers.

The second engine behind the draft is the RBI's FREE-AI Committee Report — the "Framework for Responsible and Ethical Enablement of Artificial Intelligence" — released on 13 August 2025. Chaired by Dr. Pushpak Bhattacharyya of IIT Bombay, the eight-member committee built its framework on seven guiding "Sutras" and six strategic pillars (Infrastructure, Policy, Capacity, Governance, Protection and Assurance) and made 26 recommendations for the responsible adoption of AI in finance. The 2026 Guidance operationalises a slice of that vision: it translates high-level principles of fairness, accountability and assurance into concrete model-governance obligations. The draft itself signals that more is coming, noting — with a nod to the RBI's Utkarsh 2029 strategy framework — that "further requirements, if any, applicable to AI models may be issued later".

Finally, the Guidance has housekeeping to do. Chapter VI states that, once finalised after public consultation, it will supersede Chapter 3 (Credit Risk Models) of the RBI's Guidance Note on Credit Risk Management dated 12 October 2002 — retiring a more than two-decade-old standard that long predates the era of machine learning.

The sleeper issue: how broadly "model" is defined

The most consequential clause in the entire draft may be the definition of a "model" itself. The RBI casts it deliberately wide. A model is any system — built in-house, sourced externally, or a combination — that takes inputs (data plus theoretical, empirical or judgement-based assumptions), applies a processing technique (statistical, mathematical, economic, financial or other cognitive methods, expressly including AI and ML), and produces outputs "used for business or any other operations and decision making".

Then comes the sting in the tail: the definition catches "algorithms, analytics, interfaces, applications, decision-based rules, and other computational tools" that have "a material impact on decision-making", "irrespective of whether such tools are recognised as models by the RE". In other words, an entity cannot escape the framework simply by declining to call something a model.

The draft drives the point home with an illustration that will resonate with every compliance team: a humble spreadsheet-based loan-pricing calculator. On its own, the RBI says, it may be "only a basic mathematical tool". But the moment an entity uses it to take inputs (borrower type, tenor, credit score, collateral value), apply processing logic (interest-rate grids, risk-weighted spreads, margin formulas) and produce an output (a final lending rate) that drives business decisions, "then it should be considered as a model". The lesson: materiality of use, not technical sophistication, determines what falls in scope.

Eight terms are defined in all, and together they sketch a clear separation of duties across the model lifecycle:

The remaining defined terms — "Decommissioning" (retiring a model from active use) — round out a vocabulary that the rest of the Guidance leans on heavily.

Who must comply

The applicability clause is sweeping. The Guidance reaches almost the entire regulated perimeter of the RBI — eleven categories of entity in total:

Two design choices stand out. First, the framework is technology- and source-neutral: an RE "should apply these regulatory principles to all models used by it, whether developed internally, sourced from third-parties, or a combination thereof". Second, it is built on a proportionality principle — the obligations scale with each entity's size, complexity and the materiality of its models, so the same rulebook can sit over a Top-Layer NBFC and a small co-operative bank without imposing identical operational burdens. Where the Guidance overlaps with existing RBI Directions, those Directions prevail in case of any inconsistency.

Governance: the MRMF and a new boardroom mandate

Accountability is pushed firmly upward. An RE "is accountable for the outcomes of all models used by it" — full stop — and the Board carries the framework.

At the centre sits the Model Risk Management Framework (MRMF): a Board-approved framework applicable to all models, including AI/ML and third-party models. The draft prescribes what the MRMF must, at minimum, cover — a model taxonomy; the governance structure; the scope of model usage; the risk-tiering methodology; inventory and documentation standards; and a full suite of lifecycle policies spanning selection, development, validation, an approval structure (with exceptions and mitigants), deployment, monitoring, change management, business continuity and decommissioning.

Responsibility is then layered across three governance tiers:

The practical upshot is significant: high-risk model deployments can no longer be signed off purely within a business unit. They must travel to a Board-level committee, with a documented validation report in hand. For many entities, that is a meaningful escalation of where model decisions are made.

Tiering, inventory and the three lines of defence

Chapter III sets the machinery of ongoing risk management. Entities must assess model risk at both the individual and enterprise-wide level, continuously; where a model's assessed risk exceeds the entity's appetite, the RE must act — through enhanced controls, restrictions on use, remediation or decommissioning — and report to the RMCB.

Three lines of defence

The draft hard-codes the governance architecture that has become the global norm for model risk. The model owners form the first line; an independent model risk management and validation function forms the second; and a robust, independent internal audit function forms the third. Performance must be tested on an ongoing basis using both backward-looking and forward-looking approaches — "including AI specific evaluations where applicable" — and benchmarking as appropriate.

Risk-based tiering

Every model in the inventory must be classified into a risk tier, reviewed at least annually or earlier on specific triggers. The tier then drives almost everything downstream — the intensity, frequency and methods of validation; the approval route (high-risk models require RMCB approval, others may be delegated); the controls and mitigants; the scope of monitoring and review; the depth of documentation; and business-continuity planning. Tiering must weigh materiality (significance to business, financial and operational impact, consumer implications) and complexity (difficulty of oversight, use of unstructured data, explainability challenges), among other factors. The RBI adds an important anti-gaming rule: a low score on one factor must not dilute a high score on another, so that a highly material model cannot be quietly down-tiered just because it is simple.

Inventory and documentation

The RE must maintain an "accurate, comprehensive, and up-to-date" inventory of all models — active, inactive, under development and decommissioned. The rule is categorical: "no model is used, relied upon, or deployed unless it is part of inventory." Each entry must capture owners, developers, validators and approvers; the risk tier; the intended use; upstream and downstream dependencies; and key observations from validation, monitoring and audit. Decommissioned models must remain in the inventory for at least ten years, with documentation retained for the same period.

The model lifecycle, end to end

Chapter IV walks a model from cradle to grave, attaching obligations at each stage. The sequence is familiar to anyone versed in global model-risk practice, but the draft makes each step explicit.

Two features deserve emphasis. First, validation is independent and continuous, not a one-time gate — it recurs after modifications, on internal or external triggers, and on a periodic schedule set in the MRMF. Second, the "material change" threshold is a genuine control point: cross it, and the model must be re-validated and re-approved as if new. Entities will need to define that threshold carefully, because setting it too high would let significant model drift slip through unchecked.

Third-party models: outsource the model, not the accountability

The RBI's message to entities buying models off the shelf is blunt: vendor certification is not a substitute for your own validation, and you remain on the hook for the outcomes.

An RE "acquiring, using or relying upon third-party models at any stage of the model lifecycle is accountable for its outcomes." All MRMF provisions apply to third-party models mutatis mutandis, but the draft layers two additional obligations on top. First, the entity must conduct its own independent validation of the model — "notwithstanding any validation, certification, or assurance provided by the third-party provider". Second, third-party models attract enhanced RMCB oversight regardless of their risk tier.

Before acquisition, the entity must run due diligence covering the provider's credibility, the model's methodological soundness and limitations, and the suitability and quality of the data used. And the contract itself becomes a compliance instrument: the draft requires contractual provisions for access to minimum technical documentation sufficient to validate the model, audit rights for both the RE and its supervisor (directly or via external experts), and continuity and exit arrangements. In effect, the RBI is asking entities to negotiate supervisory access and validation transparency into their vendor contracts — a tall order against large global model providers, and a point likely to attract comment during the consultation.

The AI/ML rulebook: the heart of the draft

If one chapter will define this Guidance, it is Chapter V.B. Across fifteen dense paragraphs the RBI sets out the most detailed expectations it has yet articulated for AI and machine-learning models — and the issues it names read like a catalogue of the field's hardest problems: explainability, hallucination, bias, drift, overfitting, adversarial manipulation and automation bias.

Scoping and risk assessment

Entities must define the scope of their AI/ML models — expressly including "foundational AI models and frontier AI models" — and add controls proportionate to potential impact. Tellingly, the draft permits deployment only where the resulting risk can be effectively managed: an RE "should ensure that such AI / ML models are deployed only in the business processes / use cases where commensurate risk can be effectively managed". Where a third-party provider will not disclose enough about a model, the entity must identify the resulting risks and mitigate them — for example, by limiting usage. When tiering an AI model, entities must also weigh the extent of reliance and level of autonomy placed on its outputs, and watch for concentration and supply-chain risk from depending on a few large providers whose updates can silently change model behaviour.

Explainability, hallucination and bias

The draft requires entities to set explainability and transparency thresholds for all AI models, with higher thresholds for models that drive material decisions or significantly affect customers. The pragmatic carve-out is notable: where full explainability "is not achievable", the model is not banned — but it must be wrapped in enhanced controls (more intensive validation and testing, output-corroboration mechanisms, frequent re-validation and continuous monitoring, usage restrictions and other compensating controls). The chapter then works methodically through AI's failure modes:

• Hallucinations. Entities must build "control boundaries" through system-level controls or model-design features, especially for generative AI and any use case where outputs drive customer interaction or decision-making.
• Bias and discrimination. Entities must identify the risk of biased or discriminatory outputs, conduct fairness assessments, and apply mitigants — including recalibration or redesign, constraining model complexity (e.g. regularisation) and limiting feature selection.
• Overfitting and generalisation. Models must be tested on out-of-sample data and varied scenarios to ensure they perform reliably in real-world, evolving conditions, and must not rely on spurious correlations.
• Output stability. Similar inputs should not produce excessive or unexplained variation; stochastic behaviour and model uncertainty must be managed with measures such as confidence scores and probability outputs.
• Data risk. Entities must address data quality, non-representativeness, incompleteness and intellectual-property infringement, and must monitor data drift and concept drift on an ongoing basis.

Two further obligations stand out: a requirement for structured challenge processes, including red-teaming or equivalent testing, particularly for customer-facing or generative models; and enhanced controls for models that update dynamically or automatically — a clear nod to continuously-learning systems — including a defined scope of what may auto-update, strict justifications, enhanced data-quality checks and more frequent monitoring. AI models also attract enhanced documentation to support traceability, reproducibility and auditability.

Deployment and cyber controls

Deployment of AI models must not introduce new vulnerabilities. The draft requires access controls, cyber safeguards, and controls over external interfaces, APIs and integration pipelines. For customer- or external-facing models — explicitly including generative AI — it goes further, demanding controls against prompt injection and adversarial inputs, limits on session and context persistence, and detection of anomalous usage. And in a provision that will be visible to ordinary consumers, entities must disclose that users are interacting with an AI/ML system, flag its limitations, and offer an option to switch to human assistance on request.

Human oversight and the kill-switch

A human must remain in command. For automated decision-making, the draft mandates oversight arrangements up to and including a kill-switch.

The final sub-chapter requires "robust human oversight" for AI models, particularly where decisions are automated. The mitigants it lists are concrete: human-in-command arrangements (human-in-the-loop, human-on-the-loop or other oversight); override, suspension or deactivation mechanisms, including kill-switch arrangements; and periodic human review of model outputs and model-driven decisions to catch anomalies. The oversight design must guard against automation bias, over-reliance on outputs and decision fatigue; the humans doing the overseeing must have enough expertise to "effectively challenge, override, or escalate"; and the whole arrangement — including overrides, incidents and near-misses — must be periodically reviewed and strengthened by experience.

How it stacks up against global standards

India's draft lands in well-trodden territory. The global reference point for model risk management is the US Federal Reserve and OCC's SR 11-7 (2011), whose triad — sound development, independent "effective challenge" through validation, and governance with clear board accountability — became the de facto world standard and shaped the EU's ECB TRIM and the UK PRA's SS1/23. Notably, US regulators refreshed that guidance in April 2026 (the Fed's SR 26-2 and OCC Bulletin 2026-13), underscoring that model-risk regimes everywhere are being revisited for the AI era.

The takeaway: on architecture the RBI is firmly in the global mainstream, importing the SR 11-7 backbone wholesale. Where it pushes ahead is in writing AI-specific obligations directly into a model-risk framework — explainability thresholds, hallucination boundaries, red-teaming, kill-switches and AI-aware human oversight — rather than leaving them to a separate AI regime. In that sense the draft is less an Indian copy of SR 11-7 than an SR 11-7 framework updated for the generative-AI moment.

What's new versus the 2024 credit draft

For entities that began preparing against the RBI's August 2024 credit-model draft, the 2026 Guidance is a substantial expansion, not a refinement. The headline differences:

• Scope. From credit-risk models only, to all models in all business lines, across eleven categories of regulated entity.
• AI/ML. A purpose-built chapter that did not meaningfully exist in the credit-only draft — covering foundational and frontier models, generative AI, explainability, hallucination, bias, drift and human oversight.
• Enterprise lens. Explicit assessment of model risk at the enterprise-wide level, model inter-dependencies, and a ten-year inventory retention obligation.
• Third-party rigour. Independent validation despite vendor certification, enhanced RMCB oversight regardless of tier, and contractual audit/exit requirements.
• Consumer harm. A standalone prohibition on models that harm consumers, with grievance-redressal hooks.

The direction of travel is unmistakable: the RBI is consolidating model governance into a single, enterprise-wide, technology-neutral discipline — and putting AI at its centre.

What regulated entities should do now

Even though the draft is open for comment and not yet binding, the operational lift is large enough that early movers will be glad they started. The likely near-term agenda:

1. Build (or upgrade) a model inventory. The "no model unless inventoried" rule means the first task is discovery — finding every model, including spreadsheets and vendor tools that nobody currently calls a model.
2. Stand up the MRMF and tiering methodology. Draft the Board-approved framework, define risk tiers, and wire approval routes so that high-risk models reach the RMCB.
3. Separate the roles. Establish genuine independence between model owners, developers, validators and the second-line MRM function — and an internal-audit line over all of it.
4. Map the AI estate. Inventory every AI/ML and generative-AI use case; set explainability thresholds; identify where full explainability is unachievable and design the compensating controls now.
5. Re-paper vendor contracts. Negotiate documentation access, audit rights (including for the supervisor) and exit arrangements into third-party model agreements.
6. Instrument human oversight. Define human-in-command arrangements, build override and kill-switch capability, and train overseers to challenge model outputs.
7. Engage with the consultation. File comments by 24 July 2026 — particularly on the practicality of independent validation and contractual audit rights against large global AI providers.

The road ahead

The RBI has set a one-month consultation window, with comments due by 24 July 2026. The final Guidance will then supersede the model-risk portion of the 2002 Credit Risk note, and — if the draft's own signalling holds — be followed in time by further, more specific requirements for AI models as flagged under Utkarsh 2029.

For India's financial sector, the significance is hard to overstate. The draft reframes model risk from a credit-desk technicality into an enterprise-wide, Board-level discipline, and it does so at precisely the moment that generative AI is moving from pilot projects into live customer-facing decisions. By insisting that entities can deploy AI only where they can manage the risk — and that a human must always be able to pull the plug — the RBI is staking out a position that is pro-innovation but firmly accountability-first.

Whether the more demanding provisions survive consultation intact — independent validation of opaque vendor models, contractual supervisory audit rights, ten-year retention — will be the story to watch over the next month. What is already clear is the destination: in India, governing your models is becoming inseparable from governing your AI.