4.3 — RBI Guidelines on AI/ML in Financial Services
The Reserve Bank of India has issued guidance on responsible use of AI/ML in financial services, covering credit scoring, fraud detection, customer service chatbots, and algorithmic trading. Banks and NBFCs must ensure AI systems are fair, transparent, and accountable.
Establish comprehensive governance covering all AI/ML models used in banking operations.
High-impact AI models must be validated by an independent team not involved in development.
AI-driven credit decisions must provide specific, actionable rejection reasons — not opaque 'AI-decided' responses.
Payment system data must be stored exclusively in India. AI processing payment data must ensure residency compliance.
Banks using third-party AI remain fully responsible. Due diligence, contractual safeguards, and monitoring are mandatory.
Under RBI's data localization mandate, ALL payment system data must be stored exclusively in India. This applies to AI systems processing payment data, including those using cloud-hosted ML models. Non-compliance can result in loss of payment system authorization.
An NBFC uses a third-party ML model for loan underwriting. Under RBI guidelines, the NBFC must: (1) validate the model independently, (2) ensure rejection reasons are explainable to applicants, (3) verify the vendor stores data in India, and (4) maintain full documentation of the model's logic and limitations.