RBI’s draft guidelines push banks toward AI kill switches and board oversight

The Reserve Bank of India (RBI) on June 24, 2026, released the draft Guidance on Regulatory Principles for Model Risk Management, 2026 for public comments until July 24. The comprehensive framework applies to all models used by regulated entities — including commercial banks — covering the full lifecycle and placing special emphasis on AI/ML systems.

Immediate implications for banks are significant. Model risk moves from a largely operational or risk-management function to explicit board-level accountability. Banks must implement a Board-approved Model Risk Management Framework (MRMF), maintain a comprehensive model inventory (including spreadsheets and third-party tools that qualify under the broad definition), and adopt risk-based tiering.

For AI models, mandatory “kill switch” or instant override mechanisms, robust human oversight, customer disclosures, and protections against bias, hallucinations, and adversarial attacks become required. Third-party models — widely used by banks — remain the bank’s full responsibility, with enhanced contractual, validation, and oversight demands.

What Banks Now Need to Do

Banks should act quickly during the consultation period:Conduct a gap assessment of current governance, model inventories, and validation practices against the draft.

Prepare for Board engagement: Develop and seek approval for the MRMF, risk appetite statements, tiering policies, and high-risk model oversight processes.

Build or strengthen independent validation functions with clear separation from developers and users.
Implement AI-specific controls: Deploy reliable deactivation/override mechanisms, human-in/on-the-loop arrangements, explainability standards, bias testing, and customer-facing disclosure + human handover processes.

Review third-party contracts: Secure audit rights, data access, and exit strategies with vendors.
Plan for phased implementation once the final guidance is issued, including remediation of existing models and ongoing monitoring enhancements.

Deeper Analysis: Strategic and Operational Shifts Ahead

This directive reflects the RBI’s recognition that banks’ rapid adoption of AI/ML across credit decisions, fraud detection, customer service, personalized offerings, and internal risk processes has outpaced governance. By drawing on the 2024 credit-specific draft and the 2025 FREE-AI Committee recommendations, the RBI aims to mitigate financial, operational, compliance, and reputational risks while enabling responsible innovation.

Governance Elevation
For the first time, model risk receives the same board-level scrutiny as other major risks. The Risk Management Committee of the Board gains enhanced oversight, particularly for high-risk and third-party models. This raises the bar for documentation, independence, and periodic review, potentially increasing costs and internal coordination demands, especially for large banks managing thousands of models.

AI-Specific Guardrails
The “kill switch” requirement addresses scenarios where AI systems produce harmful or erroneous outputs at scale. Combined with mandates to counter automation bias, ensure explainability for material decisions, and provide human fallback options, these rules aim to maintain human accountability in automated processes. Customer-facing deployments (e.g., chatbots or robo-advisors) will require clear AI disclosures and seamless switching to human staff.

Third-Party and Vendor Implications
Banks’ heavy reliance on fintech and global tech providers for AI capabilities comes under tighter scrutiny. Full accountability stays with the bank, requiring independent validation beyond vendor certifications and stronger supply-chain risk management to avoid over-dependence on a few providers. This could improve negotiating leverage but may lengthen procurement cycles and raise costs.

Proportionality and Challenges
The framework emphasizes risk-based implementation scaled to a bank’s size, complexity, and model risk profile. Larger banks like SBI, HDFC, or ICICI with mature teams may integrate changes more readily, while smaller or cooperative banks could face steeper relative burdens despite proportionality. Common challenges include building centralized model inventories, investing in monitoring tools, expanding validation teams, and redesigning customer journeys for AI transparency.

Opportunities and Trade-offs
Forward-looking banks can view this as a chance to professionalize AI governance, reduce long-term incident risks, build customer trust through transparency, and differentiate on responsible innovation. However, added bureaucracy and controls risk slowing beneficial use cases, such as faster credit access for underserved segments, at a time of competition from agile fintechs. Implementation timelines post-finalization will be critical — banks that start gap analyses now will be better positioned.

Overall, the RBI’s draft signals a clear message: Indian banks can harness AI’s transformative power, but only with robust guardrails, board oversight, and an always-available “off switch.” As comments flow in over the next month, the final guidance will shape the technology risk landscape for years to come, balancing innovation with the prudence expected in a systemically vital sector. Banks that treat this as a strategic governance upgrade rather than mere compliance will likely gain the greatest advantage.