この記事は現在英語でのみご利用いただけます。
AI in India's Financial Services: RBI, SEBI, and IRDAI Frameworks for AI Governance
India's financial regulators — RBI, SEBI, and IRDAI — have published guidance on AI governance that financial services firms must incorporate. Here is the regulatory landscape for AI in Indian financial services.
Key Takeaways
RBI's model risk management guidance for regulated entities applies to AI models used in credit, fraud detection, and other regulated financial activities — establishing validation, documentation, and governance expectations that apply regardless of whether the model is traditional statistical or AI-based.
SEBI's algorithmic trading framework and increasing attention to AI in investment advisory requires financial firms to validate AI trading systems, maintain audit trails, and ensure AI investment recommendations meet suitability standards for individual clients.
IRDAI's guidance on technology in insurance applies to AI in underwriting and claims — requiring explainability, discrimination prevention, and consumer protection standards.
The RBI's Fair Practices Code requires that credit decisions — including AI-driven ones — be communicated clearly with specific reasons. 'Algorithm decided' is not a sufficient explanation for credit rejection under RBI requirements.
India's DPDP Act 2023 overlays on sector-specific AI governance requirements — consent requirements, purpose limitation, and access rights have direct implications for how financial services firms design and operate AI systems.
The Data Protection Board (under DPDP Act) will provide an additional complaint pathway for AI-related data protection violations in financial services, supplementing existing RBI, SEBI, and IRDAI complaint mechanisms.
"情報提供のみを目的としています。この記事は法律、規制、財務または専門的なアドバイスを構成するものではありません。具体的なアドバイスについては、資格を持つ専門家にご相談ください。"
RBI: model risk management and AI in credit
The Reserve Bank of India's model risk management guidance (including its 2023 circular) establishes expectations that apply to AI models in banking, NBFC, and payment system operations. Core requirements: model validation (independent assessment of performance and limitations before deployment); documentation (clear documentation of model purpose, methodology, data inputs, and limitations); ongoing monitoring (performance monitoring with defined thresholds for intervention); and model risk governance (board and management oversight). For AI credit models specifically, RBI expects validation studies demonstrating adequate performance across the application population, documentation of limitations and failure modes, monitoring of credit outcomes by demographic segment to detect bias, and processes for handling model failures.
The RBI's Fair Practices Code for NBFCs requires that borrowers receive specific reasons for credit rejection. When AI is used, the institution must translate model output into specific, human-understandable reasons — model score and feature importance values must map to explanations borrowers can understand and act on.
SEBI: algorithmic trading and investment AI
SEBI's algorithmic trading framework requires approval of algorithmic trading systems by the relevant exchange, kill switch mechanisms, audit log maintenance, and adequate testing before deployment. SEBI has increasingly extended AI governance expectations to investment advisers and research analysts using AI in investment processes — investment recommendations must meet suitability requirements for the specific client's risk profile and financial situation, not just statistical averages.
IRDAI: insurance AI and consumer protection
IRDAI's guidance on technology in insurance distribution and underwriting applies to AI tools in claims processing and customer communication. AI-driven underwriting must not result in unfair discrimination; AI in claims processing must be explainable to claimants who dispute decisions; and AI used in distribution must comply with suitability and advice standards. IRDAI is developing additional guidance on InsurTech including AI use cases in parametric insurance, telematics-based pricing, and automated claims settlement.
DPDP Act intersection
The DPDP Act's requirements overlay on sector-specific AI governance requirements from RBI, SEBI, and IRDAI. Financial services firms must integrate these requirements: AI models processing personal data must have adequate consent basis; purposes for which data is used in AI must be disclosed to data principals; and access and correction requests must be fulfilled in ways consistent with both DPDP Act requirements and operational realities of AI systems.