The rationalisation drive aims to simplify compliance, repeal redundant circulars and make the regulatory framework more accessible for all.
The control functions refer to risk management, compliance and internal audit.
The exercise is aimed at “strengthening the governance framework for these functions and to ensure greater clarity, consistency and harmonisation in the instructions pertaining to these functions”, the central bank said.
These directions will come into effect from January 1, 2027.
The RBI laid importance on boards’ role on overseeing the control functions to strengthen the overall corporate governance framework, saying that “the board must set the ‘tone at the top’ and ensure that these functions are adequately resourced and maintain their independence.”
In the draft, the regulator reiterated the mandate for banks to establish risk management, compliance and internal audit functions, commensurate with their size and business complexity and risk profile.To be sure, these functions need to be headed by a chief risk officer (CRO), chief compliance officer and head of internal audit respectively. For banks which are a part of a group consisting of more than one financial entity, these functions should be headed by group level officers for greater oversight, compliance and coordination.
The RBI has also told banks to have board approved policies for each of the three control functions, which need to be reviewed periodically.
Control functions refer to functions that have a responsibility independent from business functions to provide objective assessment, reporting and/or assurance. This includes risk management, compliance and internal audit.
Assurance, on the other hand, refers to activities which provide independent confirmation and confidence to the board or its committees on the compliance of business functions with the internal control environment, as well as the applicable laws, rules and regulations, the central bank explained.