The Reserve Bank of India (RBI) on Wednesday released the draft ‘Guidance on Regulatory Expectations for Data Governance’, proposing a comprehensive framework to strengthen data governance across regulated entities, including Urban Co-operative Banks (UCBs), State Co-operative Banks and Central Co-operative Banks.
Issued for public consultation, the draft aims to establish uniform standards for data governance, quality, accountability, security and risk management. Stakeholders can submit comments on the draft till August 17, 2026.
The guidance requires cooperative banks to establish a Data Governance Framework (DGF) aligned with their overall risk management framework. The DGF will cover the entire data lifecycle, from creation and collection to processing, storage, sharing and disposal, while ensuring compliance with the Digital Personal Data Protection (DPDP) Act, 2023.
One of the key proposals is the establishment of a Board-level Data Governance Committee (DGC) or assigning the responsibility to an existing Board committee. The Board will oversee the Data Governance Framework and periodically review reports, performance metrics and key data governance issues.
The RBI has also proposed an Executive-level Data Governance Committee to implement the framework. In addition, every regulated entity will have to create a dedicated Data Function headed by a sufficiently senior officer, not below the rank of Chief General Manager or equivalent, to coordinate data governance across the organisation.
To strengthen accountability, banks will need to designate Data Owners, Data Stewards and Data Custodians, each with clearly defined responsibilities for data quality, governance, security and technical management.
The draft further requires banks to maintain a Single Source of Truth (SSOT) for critical data, ensuring consistency across business, risk, compliance and reporting functions. It also calls for robust systems for data classification, metadata management, data lineage and continuous monitoring of data quality.
The RBI has also proposed stricter norms for data shared with third-party service providers. Banks will have to ensure secure data sharing, maintain traceability, restrict access on a ‘need-to-know’ basis, include appropriate confidentiality clauses and conduct periodic audits of third-party systems handling sensitive information.
According to the RBI, the proposed framework seeks to improve governance, accountability, data quality and security across the financial sector.





