RBI Proposes Mandatory Kill Switch and Oversight for AI in Banks

By: Harsh Vardhan

|

Updated on: 25-Jun-2026 03:00 PM

4,584 views

Follow Us:

4,584 views

The Reserve Bank of India (RBI) has released draft guidelines requiring all banks to implement a kill switch for any artificial intelligence (AI) models used in their systems. This move aims to address growing concerns about the risks associated with AI in financial institutions that handle sensitive data. The guidelines propose a comprehensive framework to ensure banks can instantly override, suspend, or deactivate AI systems if necessary.

Key Highlights

• RBI draft guidelines require banks to implement a kill switch for all AI models.
• Banks must ensure human oversight and annual risk reviews for AI-driven systems.
• Entities must classify AI models by risk and apply proportionate controls.
• Customer-facing AI systems must disclose AI use and offer a human alternative.

Key Provisions in RBI's Draft Guidelines

The RBI's draft guidelines mandate that banks must establish mechanisms to override, suspend, or deactivate any AI model. This includes a kill-switch arrangement, allowing immediate shutdown of AI systems if they produce harmful or erroneous outputs. The guidelines emphasize that human oversight must remain central to all AI-driven decision-making. Even when AI handles tasks, a human must oversee and approve decisions.

The framework applies to all models used by regulated entities, from basic spreadsheet calculators to advanced AI systems. Banks will be held fully responsible for the outcomes of any AI model, whether developed internally or acquired from third parties. The RBI requires banks to conduct thorough due diligence before deploying such models.

Risk Management and Oversight Requirements

The RBI proposes a risk-based tiering structure. Entities must classify AI models by risk level and apply appropriate oversight, validation, and controls. If a model's risk exceeds the bank's risk appetite, the guidelines require swift action. This includes enhanced controls, usage restrictions, remediation, or decommissioning of the model. Banks must also report such actions to the board's risk management committee.

The risk tier of each model must be reviewed at least annually. High-risk models require approval from the Risk Management Committee of the Board before deployment, not just clearance from technology or risk teams.

Model Risk Management Framework and Additional Safeguards

For the first time, the RBI places AI and model governance at the board level. Every regulated entity must have a board-approved Model Risk Management Framework. This framework must cover all models, whether developed in-house, sourced from vendors, or created through a combination of both.

The RBI highlighted that increased use of AI and models across business processes can expose banks to financial, operational, compliance, and reputational risks. Ineffective management of these risks may lead to inaccurate outcomes, flawed decisions, financial losses, operational disruptions, and compliance failures.

The guidelines also address supply chain risk from overreliance on a limited number of AI model providers. Banks must actively manage this risk and ensure AI deployment does not introduce vulnerabilities. For customer-facing systems, banks must disclose when customers interact with AI and provide an option to switch to a human at any time.

The RBI warns against automation bias, where employees might rely too heavily on AI outputs without applying their own judgment. For generative AI models that interact with customers or external users, banks must implement additional cybersecurity controls.

The RBI has invited feedback on the draft guidelines until July 24.