India’s financial sector may be entering a new phase of AI adoption — one where the challenge is shifting from building artificial intelligence tools to governing them.
The Reserve Bank of India’s (RBI’s) draft guidance on model risk management proposes a far tighter compliance architecture for banks and regulated entities using artificial intelligence and machine learning (AI/ML). The framework goes beyond model performance and brings board-level accountability, independent validation, continuous monitoring, stress testing and mandatory human oversight into the regulatory process.
While the framework aims to make AI-led finance safer and more transparent, it also raises a difficult question: who will bear the cost of compliance?
For banks, non-banking financial companies (NBFCs) and fintech firms increasingly using AI in lending, fraud detection, onboarding and customer service, compliance requirements could become the next major investment cycle.
AI governance could become finance’s next cost centre
RBI’s proposed framework applies to all models — whether built internally, sourced from vendors or developed jointly. Institutions may need board-approved model risk frameworks, independent validation, stress testing, stronger cybersecurity controls and customer disclosure mechanisms.
Industry experts say implementation costs may not be small.
Shams Tabrej, co-founder and CEO of Ezeepay, told Business Standard, “The cost of compliance is going to be high, especially in the early years, during which governance, documentation, monitoring of models, audit trail, and expertise for compliance management would be set up.”
According to him, large banks already operate mature governance systems and may integrate AI oversight more easily. “NBFCs and fintech firms may require additional investment in terms of technology, human resource, and independent oversight framework,” he said.
Tabrej added that some of the compliance cost would also trickle down into the price of services, vendors, and technology alliances.
Jitendra Tanwar, managing director and CEO at Namdev Finvest Limited, said the requirements would create meaningful upfront investments.
“This includes board-level oversight, continuous model monitoring, validation processes, documentation standards, and robust auditability of AI-driven decisions. It will also necessitate investment in technology infrastructure, data governance capabilities, and specialized risk and compliance talent,” he told Business Standard.
Still, he argued that the framework should be viewed as an investment in institutional resilience rather than a regulatory burden.
Smaller players may feel more pressure
One of the biggest questions is whether compliance could widen the gap between large institutions and smaller financial players. Large banks already maintain risk, compliance and governance teams. NBFCs and fintech firms often operate with leaner structures and faster deployment cycles.
Tabrej said the framework may widen differences in the short term but could also create collaboration opportunities. “This will lead to increased usage of compliance systems, AI governance software, and third-party validation services, which will help smaller institutions meet the requirements without doing everything on their own,” he said.
Breaking News


