Mumbai: Reserve Bank of India (RBI) logo at its headquarters, in Mumbai, Maharashtra, Friday, June 5, 2026. The Reserve Bank on Friday expectedly kept interest rates unchanged for the second time in a row as it weighed the impact of rising energy prices and supply disruptions caused by the West Asia crisis. (PTI Photo/Shashank Parade)(PTI06_05_2026_000103A)
| Photo Credit:
SHASHANK PARADE
and reporting systems, and the institution’s adherence to internal and regulatory requirements.
RBIA should also focus on fraud-prone areas, emerging vulnerabilities, and the effectiveness of remedial actions. Its ambit extends further to system and process audits of critical functions, scrutiny of anti-money laundering and related compliance frameworks, and assessment of risks arising from new or evolving business lines, with appropriate recommendations and follow-up to ensure timely corrective measures.
Unlike traditional compliance-oriented audits, RBIA aligns audit activities with REs’ (regulated entities’) risk management frameworks and strategic objectives.
The aim is to provide independent assurance on whether material risks are being managed effectively and in line with the entity’s risk appetite.
The RBI said the risk management and compliance functions shall be subject to regular internal audit. Further, banks shall develop and maintain a Quality Assurance and Improvement Program (QAIP) covering all aspects of the Compliance and Internal Audit Functions.
A bank shall establish risk management, compliance and internal audit functions, commensurate with its size, complexity and risk / business profile, headed by a Chief Risk Officer (CRO), Chief Compliance Officer (CCO) and Head of Internal Audit (HIA), respectively. In banks that are part of a group comprising more than one financial entity, there may be a Group Chief Risk Officer (GCRO) and a Group Chief Compliance Officer (GCCO), responsible for group-level risk oversight / compliance, and for coordination.
The bank shall have policies for each of the three control functions, viz., Risk Management, Compliance and Internal Audit, clearly articulating the objectives, roles and responsibilities of each function.
As part of the overall corporate governance framework, the Board is responsible for overseeing the control functions. The Board must set the ‘tone at the top’, ensure that these functions are adequately resourced, and maintain their independence.
Published on June 10, 2026
