The Reserve Bank of India (RBI) has proposed a major overhaul of data governance standards for banks and other regulated entities, requiring them to establish dedicated data governance functions and appoint Data Owners, Data Stewards and Data Custodians to strengthen accountability over data management.
The draft Guidance on Regulatory Expectations for Data Governance, released for public comments, aims to address supervisory concerns around weaknesses in data management that could expose financial institutions to operational, compliance and financial risks. It applies to commercial banks, small finance banks, payment banks, regional rural banks, cooperative banks, non-banking financial companies (NBFCs), All India Financial Institutions, Asset Reconstruction Companies (ARCs) and Credit Information Companies (CICs).
Under the proposed framework, every regulated entity (RE) will have to establish a Data Function headed by a sufficiently senior officer, not below the rank of Chief General Manager or an equivalent position. The function will serve as the central coordinating body for implementing the institution’s Data Governance Framework (DGF) across business, risk, technology and other functions.
The RBI has also proposed clearly defined roles for Data Owners, Data Stewards and Data Custodians, assigning accountability for data throughout its lifecycle.
A Data Owner will be responsible for defining, classifying and governing data within a specific domain. The role includes overseeing data quality, approving data-sharing and usage rules, designating the Single Source of Truth (SSOT), maintaining metadata and data lineage, and approving changes or exceptions affecting the data.
Supporting the Data Owner will be the Data Steward, who will manage day-to-day implementation of data governance requirements. Responsibilities include maintaining data definitions and documentation, coordinating governance issues across departments, monitoring data flows, identifying gaps and reporting material issues to the Data Owner.
The Data Custodian will handle the technical management of data, including enforcing access controls, maintaining metadata and lineage systems, implementing security measures for data storage and transmission, overseeing retention and disposal processes, and ensuring business continuity and disaster recovery mechanisms. Material incidents or control failures must be promptly escalated to the Data Owner and the executive data governance committee where appropriate.
Beyond creating these roles, the RBI has proposed that regulated entities maintain a documented mapping of responsibilities across the data lifecycle, clearly specifying accountability, execution responsibilities, consultation points and escalation mechanisms. The mapping will have to be reviewed periodically and updated whenever there are significant changes in business operations, technology systems or regulatory requirements.
The draft guidance forms part of a broader data governance framework that also calls for board-level oversight, executive data governance committees, stronger data risk management practices, maintenance of a Single Source of Truth, improved data quality controls and stricter safeguards for sharing customer data with third parties. It also requires compliance with the Digital Personal Data Protection (DPDP) Act, 2023, and related rules.
According to the RBI, the proposals are intended to improve the accuracy, integrity, consistency, traceability and security of data across regulated entities as digital financial services, interconnected technology ecosystems and advanced analytics continue to increase the volume and complexity of data handled by financial institutions.
#RBI #banks #appoint #data #owners #data #stewards #data #custodians1784139965












