Updated April 30th, 2024 at 18:44 IST

RBI expands operational risk management guidance to include NBFCs

The revised 'Guidance Note on Operational Risk Management and Operational Resilience' aligns with international best practices.

Reported by: Business Desk
Reserve Bank of India | Image:PTI

The Reserve Bank of India (RBI) unveiled updated operational risk management guidelines on Tuesday, extending its scope to encompass non-banking financial companies (NBFCs), including housing finance firms. The move marks a major expansion of the regulatory framework, which previously focussed solely on commercial banks.

Recognising the potential threat posed by operational disruptions to the viability of regulated entities (REs), the RBI stressed on the need for robust risk management practices. Such disruptions can arise from various sources, including man-made causes, IT threats, geopolitical conflicts, fraud, errors, and natural disasters.


The revised 'Guidance Note on Operational Risk Management and Operational Resilience' aligns with international best practices outlined by the Basel Committee on Banking Supervision (BCBS). Its overarching goal is to enhance the operational resilience of REs by improving risk management effectiveness and addressing the complex interconnections within the financial system.

Key enhancements in the updated guidance include extending its applicability to NBFCs, co-operative banks, and financial institutions, alongside commercial banks. The new framework emphasises the ''three lines of defence model,'' delineating the roles of business units, operational risk management functions, and audit functions in mitigating risks.


Furthermore, the guidance introduces separate principles for incident management, information and communication technology (ICT), and disclosures. It also emphasizes the importance of ''lessons learned exercises'' and continuous feedback mechanisms to enhance risk awareness and responsiveness.

The COVID-19 pandemic underlined the criticality of operational resilience, particularly as the financial sector increasingly relies on technology and third-party providers. The RBI's updated guidance aims to address these evolving challenges and ensure the sector's ability to withstand and recover from operational disruptions effectively.


By extending operational risk management principles to NBFCs and other financial entities, the RBI seeks to foster a more resilient and secure financial ecosystem.

(With PTI inputs)


Published April 30th, 2024 at 18:44 IST