India's Central Bank Releases Draft Data Governance Guidance
The Reserve Bank of India (RBI) has issued draft guidance outlining regulatory expectations for data governance by financial institutions. The proposal establishes a comprehensive framework for managing data throughout its lifecycle.

The Reserve Bank of India (RBI) has put forth a draft guidance detailing regulatory expectations for data governance, impacting banks, NBFCs, and other regulated entities (REs).
The draft, built upon supervisory findings and international standards, aims to address identified weaknesses in financial institutions' data management practices. It mandates a lifecycle-based approach, covering data collection, processing, and eventual disposal.
During collection, entities must ensure data is gathered for defined purposes, with clear ownership, classification, and usage identified, alongside obtaining customer consent where applicable. Processing requires adherence to approved rules, encryption, and security measures, with explicit accountability. Retention and disposal are governed by policies, with secure disposal processes mandated.
Organizationally, the plan proposes board-level oversight of the Data Governance Framework (DGF), with dedicated data governance committees. It also outlines specific roles, such as Data Owners and Data Stewards, with defined responsibilities.
Risk management and data architecture are also key components. The guidance requires risk identification and assessment across various data types, including cross-border data processing. Maintaining a Single Source of Truth (SSOT), tracking metadata and data lineage, and classifying data based on sensitivity and business criticality are also stipulated. The objective is to enhance data quality and security across the financial sector.