RBI’s FREE-AI Framework: Guiding Ethical AI in India’s Financial Sector

by

Artificial Intelligence (AI) is transforming financial services—from fraud detection to credit assessment—but without proper safeguards, it can also amplify risks. To balance innovation with safety, the Reserve Bank of India (RBI) formed a committee in December 2024 to design the Framework for Responsible and Ethical Enablement of AI (FREE-AI).

This framework aims to encourage innovation while ensuring fairness, trust, and financial stability.

Committee, Mandate, and Methodology

The committee was chaired by Dr. Pushpak Bhattacharyya (IIT Bombay) and included experts from policy, industry, and academia. Its tasks were to:

  • Review global AI governance models
  • Assess AI adoption in Indian banks/NBFCs/FinTechs
  • Identify risks and regulatory gaps
  • Recommend a tailored governance roadmap

The committee adopted a four-step method:

  1. Stakeholder consultations across the financial sector
  2. Two national surveys by RBI’s DoS and FTD departments
  3. Review of global frameworks (EU, Singapore, UK/US, China)
  4. Gap analysis of existing RBI guidelines (IT, cybersecurity, outsourcing, digital lending, consumer protection)

Opportunities: Where AI Adds Value

AI offers multiple benefits for India’s financial system, including:

  • Automation of routine processes
  • Personalised customer service (multilingual chat/voice support)
  • Sharper risk analytics for fraud detection and creditworthiness
  • Financial inclusion through alternative data models

The report also stresses the need for multilingual, India-specific AI models, domain-tuned small and large models, and a GenAI Sandbox for safe experimentation.

Risks: What Could Go Wrong

The framework highlights risks at both model and systemic levels:

  • Model risks: bias, lack of transparency, hallucinations, model drift
  • Cyber threats: phishing automation, deepfakes, adversarial prompts
  • Operational risks: data poisoning, vendor concentration, liability challenges
  • Systemic risks: herding behavior, pro-cyclicality in credit

It calls for clear disclosures, contestability of AI decisions, and robust cybersecurity defenses.

Global Approaches and India’s Stance

  • EU → Risk-tiered AI Act
  • Singapore → FEAT principles and Veritas toolkit
  • UK/US → Principle-based governance
  • China → Regulation by AI category

India’s approach is pro-innovation with safeguards, supported by:

  • IndiaAI Mission (₹10,372 crore)
  • AI Safety Institute (AISI) for independent model evaluation

Seven Sutras and Six Strategic Pillars

The FREE-AI framework rests on seven guiding principles (Sutras):

  1. Trust
  2. People First
  3. Innovation over Restraint
  4. Fairness & Equity
  5. Accountability
  6. Understandable by Design
  7. Safety, Resilience & Sustainability

To operationalise these, six strategic pillars are proposed:

  • Infrastructure: shared compute/data platforms, sectoral AI models, AI Sandbox
  • Policy: proportional, risk-based regulations
  • Capacity: AI literacy for boards, training centers, playbooks
  • Governance: board-approved AI policy, lifecycle documentation
  • Protection: disclosures, fairness testing, human oversight
  • Assurance: audits, cyber resilience, incident reporting

Key Recommendations

Among the 26 actionable recommendations, some highlights are:

  • Develop shared AI/data infrastructure
  • Launch a GenAI sandbox for experimentation
  • Promote indigenous financial-grade AI models
  • Require board-approved AI policies in all banks/NBFCs
  • Extend audit, product approval, and cybersecurity controls to AI systems
  • Ensure consumer awareness and disclosures when interacting with AI
  • Create a model register with lineage/traceability
  • Allow lighter compliance for low-risk use cases like FAQ chatbots

Survey Findings: Current AI Adoption

  • Only 20.8% (127/612) supervised entities are using or developing AI.
  • Urban Co-op Banks (Tier-1): 0% usage; Tier-2/3 UCBs: <10%
  • NBFCs: 27% adoption; ARCs: 0%
  • Top use cases:
  1. Customer support → 15.6%
  2. Credit underwriting → 13.7%
  3. Sales/marketing → 11.8%
  4. Cybersecurity → 10.6%
  • Cloud preference: 35% use public cloud
  • Governance gaps:
  1. Only 1/3 have board oversight
  2. Only 1/4 have AI incident management
  3. Limited use of SHAP/LIME (15%), bias validation (35%), retraining (37%), drift monitoring (21%)

The data indicates a two-speed AI economy—large banks advancing faster, while smaller UCBs/NBFCs lag.

Fit with Existing RBI Regulations

The FREE-AI framework complements existing RBI rules by:

  • Outsourcing: REs remain accountable for vendor AI; contracts must include AI clauses
  • IT/Cybersecurity: extending access controls, audit trails, and model security
  • Digital Lending: explainable and auditable AI-based credit scoring
  • Consumer Protection: clear AI disclosures, grievance redress mechanisms

Leave a Comment