AI in India's Financial Services: RBI, SEBI, and IRDAI Frameworks for AI Governance

RBI: model risk management and AI in credit

The Reserve Bank of India's model risk management guidance (including its 2023 circular) establishes expectations that apply to AI models in banking, NBFC, and payment system operations. Core requirements: model validation (independent assessment of performance and limitations before deployment); documentation (clear documentation of model purpose, methodology, data inputs, and limitations); ongoing monitoring (performance monitoring with defined thresholds for intervention); and model risk governance (board and management oversight). For AI credit models specifically, RBI expects validation studies demonstrating adequate performance across the application population, documentation of limitations and failure modes, monitoring of credit outcomes by demographic segment to detect bias, and processes for handling model failures.

The RBI's Fair Practices Code for NBFCs requires that borrowers receive specific reasons for credit rejection. When AI is used, the institution must translate model output into specific, human-understandable reasons — model score and feature importance values must map to explanations borrowers can understand and act on.

SEBI: algorithmic trading and investment AI

SEBI's algorithmic trading framework requires approval of algorithmic trading systems by the relevant exchange, kill switch mechanisms, audit log maintenance, and adequate testing before deployment. SEBI has increasingly extended AI governance expectations to investment advisers and research analysts using AI in investment processes — investment recommendations must meet suitability requirements for the specific client's risk profile and financial situation, not just statistical averages.

IRDAI: insurance AI and consumer protection

IRDAI's guidance on technology in insurance distribution and underwriting applies to AI tools in claims processing and customer communication. AI-driven underwriting must not result in unfair discrimination; AI in claims processing must be explainable to claimants who dispute decisions; and AI used in distribution must comply with suitability and advice standards. IRDAI is developing additional guidance on InsurTech including AI use cases in parametric insurance, telematics-based pricing, and automated claims settlement.

DPDP Act intersection

The DPDP Act's requirements overlay on sector-specific AI governance requirements from RBI, SEBI, and IRDAI. Financial services firms must integrate these requirements: AI models processing personal data must have adequate consent basis; purposes for which data is used in AI must be disclosed to data principals; and access and correction requests must be fulfilled in ways consistent with both DPDP Act requirements and operational realities of AI systems.