Twenty-four Asks of the RBI: A Detailed Comment on the 2026 Model Risk Management Draft

Qualified support, twenty-four operational asks

The Guidance is welcomed as "a significant and welcome regulatory intervention" and called a "landmark". The asks that follow are not asks for retreat. They are asks for the specificity that the draft skipped.

The commenter does not contest the Guidance's architecture. Board-owned Model Risk Management Framework, three-tier governance, proportional tiering, full-lifecycle controls, dedicated AI and ML chapter: all of that is accepted. Where the comment letter pushes back is on the operational specificity that compliance teams need before they can begin to implement.

The asks land in six clusters: proportionality, definitions, governance choreography, third-party validation, AI and ML detail, and transitional arrangements. There is also a regulatory-interaction cluster that points the RBI toward the DPDPA, the Consumer Protection Act 2019, and the Competition Commission's October 2025 AI Market Study. Each cluster carries specific clause references and concrete language for what to add.

One stylistic observation worth recording. The commenter calls the consumer-protection paragraph at clause 25 "the shortest section in the entire Draft Guidance, a single paragraph for a topic that warrants detailed treatment". That single sentence is doing real diplomatic work: it praises the Guidance's intent and quietly indicts its proportional silence.

Eleven categories, one rulebook, no room to breathe

Paragraph 4 of the draft applies the Guidance to eleven categories of regulated entity: commercial banks (including foreign banks), Small Finance Banks, Payments Banks, Local Area Banks, Regional Rural Banks, Urban and Rural Co-operative Banks, NBFCs across all four layers, the all-India FIs (EXIM, NABARD, NaBFID, NHB, SIDBI), Asset Reconstruction Companies, and Credit Information Companies. The draft is principle-based and says obligations should be commensurate with size, complexity and materiality. The commenter says principle is not enough.

The proposed fix is a three-tier framework written into the Guidance itself.

For Tier 3, the commenter goes further: permit external validators on a shared basis through industry bodies. A 250-crore UCB cannot stand up its own independent model risk and validation function within any sensible cost. The Guidance should recognise that and write the workaround into the rulebook rather than leave it to supervisory forbearance.

The commenter cites the RBI's own FAQ on NBFC compliance as evidence that the regulator is willing to write detailed sectoral guidance when needed. The Guidance here, the comment says, should be willing to do the same on proportionality.

The breadth of "model" and the silence on "frontier AI"

The definition of "model" at paragraph 7(3) is intentionally wide. The commenter accepts the principle and asks for the operational guardrails that make the principle workable.

The model definition

The draft's illustration of a spreadsheet-based loan-pricing calculator that becomes a "model" the moment it is used in business decisions is celebrated for clarity and feared for scope. Without a materiality threshold, every Excel template across an RE's lending, treasury, ALM and operations functions becomes inventory-eligible. For a mid-size bank the count goes into the thousands. For an upper-layer NBFC the count is similar.

The ask is targeted: materiality threshold guidance with quantitative examples (financial impact, customer impact, regulatory significance); explicit exclusions for lookup tables, regulation-mandated calculations and pure data-extraction tools; and a "model candidate" pre-assessment process so REs can document why something is not in inventory rather than discovering it during an inspection.

The undefined AI lexicon

The Guidance uses, without defining, the following terms: "foundational AI models", "frontier AI models", "hallucinations", "spurious correlations", "data drift", "concept drift", "explainability and transparency thresholds", "commensurate risk", "adequate information", "reasonable understanding", "harm to consumer", and "fairness assessment". That is not a stylistic gap. It is the gap that determines whether an RE can defend a Board-approved decision under examination.

Interpretability versus explainability

The definition of "explainability" at paragraph 7(2) conflates two distinct concepts that the AI governance literature has been at pains to separate. Interpretability is the property of a model whose structure a human can follow directly (a logistic regression scorecard with 12 variables is interpretable). Explainability is a post-hoc property delivered through techniques like SHAP and LIME that approximate why an opaque model produced a given output. Treating them as the same forces REs to either over-engineer simple models or claim more of opaque ones than the techniques can deliver. The commenter cites recent literature putting SHAP and LIME risk reduction at 32 to 48 per cent. They reduce opacity. They do not eliminate it.

The RMCB will become a bottleneck. Permit delegation.

The architecture at paragraphs 9 through 12 is endorsed. The Board owns the Model Risk Management Framework. The Risk Management Committee of the Board (RMCB) oversees implementation. Senior management operationalises. Three lines of defence underwrite the whole thing.

One operational concern dominates the chapter. Paragraph 12(3) requires the RMCB to review validation reports and approve deployment of high-risk models. The commenter notes that "high-risk" plus "all third-party models regardless of tier" pulls every AI deployment into the RMCB's queue. The RMCB is a Board committee that meets quarterly. The deployment pipeline at a large bank can run weekly. The mismatch produces either a deployment freeze or a rubber-stamp culture.

The three lines of defence at smaller REs

Paragraph 15 requires independent model owners, an independent MRM and validation function, and an independent internal audit function. For an SFB or an Upper-Layer UCB the headcount math does not work. The commenter asks for explicit permission to engage external validators, use shared services through industry bodies (IBA, FIDC, NIBM), or implement compensating controls (enhanced documentation, peer review across REs) where functional independence is not feasible at scale.

What the tiering rule gets right, and what AI tiering still needs

Paragraphs 17 through 20 are commended. The clause that has done the most analytical work, in the commenter's view, is paragraph 20: "a low complexity should not result in a disproportionate reduction of the overall risk tiering of a highly material model". That sentence prevents the most common gaming pattern. A simple rule-based lending model that sets rates for millions of borrowers is still high-risk because of materiality. A complex deep learning model used for internal document classification is still low-risk because the impact is small. The composite test holds.

Paragraph 52 introduces two AI-specific tiering factors: extent of reliance, and level of autonomy. The commenter calls them good but incomplete. The proposed additions:

Ten years is a long time for a TensorFlow model

Paragraph 23's ten-year retention requirement for decommissioned models is the most operationally substantial provision the commenter engages with. It is also the provision that surfaces a clean conflict with the DPDPA's storage limitation principle.

The technical objection is concrete. A TensorFlow 2.x model trained in 2026 will not reproduce on TensorFlow 5.x in 2036. The Python ecosystem, the CUDA stack, the dependency graph, the underlying data preprocessing pipeline: any of these can drift in ways that make a saved model unloadable. The Guidance does not say whether the obligation is met by documentation alone or whether the model itself must remain executable. The answer materially changes the storage and engineering burden.

The DPDPA conflict is sharper. Section 8(7) of the DPDPA establishes the storage limitation principle and erasure rights for personal data. A model trained on personal data, retained for ten years, processes a data principal's personal information well past the period for which it can be retained under the consent obtained. The commenter wants explicit acknowledgement of this interaction and a safe harbour for documentation-led retention in lieu of live model retention.

The retention question, the data localisation question, and the cross-border training data question are all elaborated in our legal framework deep dive. The technical reproducibility question is elaborated in our technical and operational deep dive.

The shortest section in the draft, the longest in the comment

Paragraph 25 reads, in full: "An RE should not use any model that harms consumer. Its grievance redressal mechanism should also address grievances arising from consumer facing models used by it." One sentence. That is the entire consumer protection chapter.

The commenter does not contest the principle. It contests the scale of the principle relative to the surface area it has to cover. The asks are concrete:

1. Define consumer harm. Financial harm (direct monetary loss), indirect harm (downstream effects on credit access), informational harm (misinformation), privacy harm (unauthorised disclosure), dignitary harm (discrimination on protected characteristics under Article 15 of the Constitution).
2. Pre-deployment consumer impact assessment. Mandatory for any model that touches retail customers, on the lines of a Data Protection Impact Assessment under the DPDPA.
3. Right to explanation for any adverse model-driven decision (credit denial, account closure, fraud freeze), with a defined response time and a stated standard for what "explanation" means.
4. Cross-reference the RBI Integrated Ombudsman Scheme 2021 as the primary remedy forum, and require REs to instrument complaints so AI-driven grievances can be reported separately.
5. Audit trails of consumer-facing model decisions sufficient to reconstruct, retrospectively, why a given customer received a given outcome.

The black-box problem at paragraph 46

The commenter calls paragraph 46 "the most operationally challenging provision in the entire Draft Guidance". The rule says an RE must conduct its own independent validation of a third-party model "notwithstanding any validation, certification, or assurance provided by the third-party provider". The problem is that the largest third-party models on the market today cannot be independently validated by their consumers.

OpenAI, Google, Anthropic and Meta provide their foundation models through API access. The model weights, the training data, the fine-tuning corpora, the alignment recipes, the safety classifiers: all opaque to the RE. Traditional model validation (which requires access to the model's internals to test on out-of-sample data, examine sensitivity to inputs, and probe failure modes) cannot be performed.

The commenter's proposal is to write that reality into the rulebook. The Guidance should:

The contractual side of paragraph 48 needs to do more work too. Beyond the existing requirements for technical documentation, audit rights and exit arrangements, the commenter wants explicit clauses for: data localisation compliance consistent with the RBI's 2018 storage of payment system data circular, change notification with a defined lead time, IP indemnification for training-data infringement risk, periodic bias and fairness reports from the provider, and regulatory cooperation obligations binding the provider to assist with RBI inspections.

The chapter at the cutting edge, with the rough edges to polish

Chapter V Section B of the draft is the centrepiece of the Guidance and, on the commenter's reading, the chapter most worth defending against compression. Five clauses get particular attention.

Paragraph 49: foundational and frontier AI

The Guidance is the first Indian financial regulator instrument to reference "foundational AI" and "frontier AI" by name. The commenter wants both defined, with frontier AI subjected to a dedicated risk assessment covering emergent capabilities, deceptive alignment, capability overhang, and agentic behaviour. Board-level approval should be required for frontier AI in any material use case. Multi-provider strategies should be encouraged in light of the Competition Commission's October 2025 AI Market Study finding that India's AI value chain is dominated by a handful of providers.

Paragraph 54(1): explainability thresholds

The commendation is sincere; the calibration ask is operational. The Guidance currently says explainability thresholds should be "higher for material decisions". The commenter asks for calibration guidance per risk tier with worked examples: credit scoring at decision-grade explainability, fraud detection at population-level explainability, customer service chatbots at session-level disclosure. Partial post-hoc explainability should be accepted with compensating controls when full explainability is unachievable.

Paragraph 54(2): hallucination controls

The commenter calls for two things: a definition of "hallucination" (the Guidance uses the term, no defined meaning), and a minimum of at least two independent mitigation techniques (retrieval-augmented generation, domain fine-tuning, output validation, confidence scoring). Human or automated output validation should be required before any generative output drives a customer-facing or material decision.

Paragraph 54(3): bias and fairness

The Guidance requires "fairness assessments". The commenter asks the Guidance to be specific about what is being assessed. The minimum metrics list: demographic parity, equalised odds. The protected characteristics list: caste, religion, gender, place of birth, disability (the Article 15 list, adapted for financial services). The commenter wants explicit acknowledgement of the algorithmic fairness impossibility theorem (you cannot simultaneously optimise for demographic parity, equalised odds, and calibration in any model that is not perfectly accurate). REs should be required to document which fairness metric they are optimising for, and why.

Paragraph 55: red-teaming

Define red-teaming and "equivalent testing". Specify minimum requirements for high-risk AI (prompt injection, data leakage, adversarial inputs, bias). Permit external red-teaming and require documentation of findings, remediation actions, and re-testing.

Paragraph 56: dynamic and automatic updates

Every automatic update must be logged with a full audit trail. Automated performance monitoring with thresholds should trigger human review. Update operations must be reversible: rollback capability is non-negotiable for self-learning systems.

Kill-switches are necessary. Make them realistic.

Paragraph 60(ii) introduces the kill-switch concept into Indian banking regulation. The commenter calls it "novel and necessary" and also "operationally complex for real-time systems". A fraud detection system processing millions of transactions per second cannot fail gracefully with a single hard cut-off.

Paragraph 61 on automation bias and decision fatigue is described as "one of the most sophisticated provisions" the commenter has encountered in a financial regulator's instrument. The operational asks are simple: rotation schedules for oversight personnel; periodic challenge exercises with deliberately incorrect outputs to detect rubber-stamping; monitoring of override rates because a zero-override rate is itself a warning sign.

Paragraph 62 on personnel expertise opens the talent question. The commenter cites the IndiaAI Mission's August 2025 enrolment figure (around 3,20,000 candidates trained in AI and Big Data Analytics) as evidence that the absolute number of available specialists is below what the financial sector alone needs to absorb. The asks: minimum competency requirements by risk tier, mandatory training programmes, external expert engagement permissions, and an industry certification track jointly with IIBF or NIBM.

Three statutes the Guidance does not mention but cannot ignore

The Guidance is silent on its interaction with three Indian statutes that any AI model in financial services has to reckon with. The commenter asks for that silence to be replaced with explicit cross-references.

The Digital Personal Data Protection Act, 2023

AI models almost always train on personal data. The DPDPA's regime around consent, purpose limitation, storage limitation, cross-border transfer (Section 16) and erasure rights (Section 12) interacts with model lifecycle controls in ways the draft does not address. Most consequential: the right to erasure. Retraining a model to honour an erasure request is technically difficult and expensive. The commenter wants the Guidance to acknowledge the conflict and supply guidance on documentation-led compliance, anonymisation thresholds, and the use of differential privacy techniques.

The Consumer Protection Act, 2019

Section 2(47) defines unfair trade practices broadly enough to include non-disclosure of AI-driven decisions and algorithmic bias. The Act's product liability provisions (Sections 82 through 87) may apply to defective AI used in consumer-facing services. The commenter wants the Guidance to acknowledge this overlay and align its consumer-protection provisions with the CPA's strict-liability framework rather than running parallel.

The Competition Act, 2002, and the CCI's AI Market Study

The Competition Commission of India's October 2025 Market Study on Artificial Intelligence and Competition identified concentration risk across the AI value chain (foundational models, cloud infrastructure, training data, GPU compute). Most Indian REs deploying AI today are deeply exposed to this concentration. The Guidance's supply-chain risk treatment at paragraph 53 is good as far as it goes; the commenter wants it cross-referenced to the CCI's findings and the CCI's recommended six-component self-audit framework.

Eighteen, twenty-four, thirty-six months

The draft says the Guidance comes into force "with immediate effect" once finalised. The commenter says that timeline is incompatible with the operational lift required and proposes a tiered runway tied to the proportionality tiers introduced earlier:

• Tier 1 (commercial banks, AIFIs, large NBFCs): 18 months. Long enough to stand up the MRMF, run inventory, complete a first validation cycle for high-risk and material third-party models, and report to the Board.
• Tier 2 (SFBs, Payments Banks, mid-layer NBFCs, ARCs): 24 months. Recognises smaller compliance team capacity and the time needed to negotiate third-party validator engagements.
• Tier 3 (UCBs, RRBs, Local Area Banks, Rural Co-ops, NBFC-BL): 36 months. Recognises the structural constraint that these entities will rely heavily on shared services and external validators that themselves take time to mature.

The commenter also asks for explicit grandfathering of currently deployed models: existing models may continue in production during their first validation cycle so long as enhanced monitoring is in place, with full compliance required at the next scheduled re-validation.

The road from public consultation to final Guidance

The consultation closes on 24 July 2026. The RBI's typical pattern is a three to six month gap between consultation close and final issuance. The commenter's closing asks are six in number:

1. Proportionality mechanisms that scale to RE size, complexity and model usage.
2. Definitional clarity for critical AI and ML terms.
3. Regulatory interaction provisions covering the DPDPA, Consumer Protection Act 2019, and Competition Act 2002.
4. Practical guidance on validating black-box third-party models and implementing kill-switch mechanisms.
5. Transitional provisions with phased implementation (18, 24, 36 months).
6. Enhanced consumer protection including a right to explanation for model-driven decisions.

The final Guidance, once issued, will supersede Chapter 3 of the 2002 Guidance Note on Credit Risk Management. It will also sit alongside the recently issued Master Direction on Secondary Market Transactions in Government Securities, 2026 as the second major principle-based instrument the RBI has consolidated from a scattered base in the last twelve months. The pattern is unmistakable. One rulebook per substantive area, owned by the Board, audited by the supervisor.