Increased adoption of AI could lead to new risks like bias and lack of explainability, as well as amplifying existing challenges to data protection, cybersecurity, among others
FinTech BizNews Service
Mumbai, August 15, 2025: In pursuance to the announcement made in the Statement on Developmental and Regulatory Policies released along with the Monetary Policy Statement dated December 06, 2024, the Reserve Bank of India had set up the committee to develop a Framework for Responsible and Ethical Enablement of Artificial Intelligence (FREE-AI) in the Financial Sector on December 26, 2024.
The Committee, after extensive deliberations with diverse stakeholders, has recently submitted its report and the same has been placed on the RBI website.
Dr. Pushpak Bhattacharyya, Chairperson of the FEEE AI committee, and Professor, Department of Computer Science and Engineering, IIT Bombay
AI has the potential to unlock new forms of customer engagement, risk monitoring, fraud detection
Artificial Intelligence (AI) is the transformative general-purpose technology of the modern age. Over the years, the simple rule-based models have evolved into complex systems capable of operating with limited human intervention. More recently, it has started to reshape how we work, how businesses operate and engage with their customers. In the process, it has forced us to question some of our most fundamental assumptions about human creativity, intelligence and autonomy.
For an emerging economy like India, AI presents new ways to address developmental challenges. Multi-modal, multi-lingual AI can enable the delivery of financial services to millions who have been excluded. When used right, AI offers tremendous benefits. If used without guardrails, it can exacerbate the existing risks and introduce new forms of harm.
The challenge with regulating AI is in striking the right balance, making sure that society stands to gain from what this technology has to offer, while mitigating its risks. Jurisdictions have adopted different approaches to AI policy and regulation based on their national priorities and institutional readiness.
In the financial sector, AI has the potential to unlock new forms of customer engagement, enable alternate approaches to credit assessment, risk monitoring, fraud detection, and offer new supervisory tools. At the same time, increased adoption of AI could lead to new risks like bias and lack of explainability, as well as amplifying existing challenges to data protection, cybersecurity, among others. In order to encourage the responsible and ethical adoption of AI in the financial sector, the FREE-AI Committee was constituted by the Reserve Bank of India. The RBI conducted two surveys to understand current AI adoption and challenges in the financial sector. The Committee referenced these surveys and, in addition, undertook extensive stakeholder consultations to gain further insights.
After extensive deliberations, the Committee formulated 7 Sutras that represent the core principles to guide AI adoption in the financial sector. These are:
(i) Trust is the Foundation
(ii) People First
(iii) Innovation over Restraint
(iv) Fairness and Equity
(v) Accountability
(vi) Understandable by Design
(vii) Safety, Resilience and Sustainability
Using the Sutras as guidance, the Committee recommends an approach that fosters innovation and mitigates risks, treating these two seemingly competing objectives as complementary forces that must be pursued in tandem. This is achieved through a unified vision spread across 6 strategic Pillars that address the dimensions of innovation enablement as well as risk mitigation. Under innovation enablement, the focus is on Infrastructure, Policy and Capacity and for risk mitigation, the focus is on Governance, Protection and Assurance. Under these six pillars, the report outlines 26 Recommendations for AI adoption in the financial sector. To foster innovation, it recommends: • the establishment of shared infrastructure to democratise access to data and compute; the creation of an AI Innovation Sandbox • the development of indigenous financial sector-specific AI models • the formulation of an AI policy to provide necessary regulatory guidance • institutional capacity building at all levels, including the board and the workforce of REs and other stakeholders, • the sharing of best practices and learnings across the financial sector • a more tolerant approach to compliance for low-risk AI solutions to facilitate inclusion and other priorities To mitigate AI risks, it recommends: • the formulation of a board-approved AI policy by REs • the expansion of product approval processes, consumer protection frameworks and audits to include AI related aspects • the augmentation of cybersecurity practices and incident reporting frameworks • the establishment of robust governance frameworks across the AI lifecycle • making consumers aware when they are dealing with AI This is the FREE-AI vision: a financial ecosystem where the encouragement of innovation is in harmony with the mitigation of risk.
The Reserve Bank of India had constituted the Committee on FREE-AI in December, 2024 with the following composition:
Sl | Name | Chairperson/member |
i) | Dr. Pushpak Bhattacharyya, Professor, Department of Computer Science and Engineering, IIT Bombay | Chairperson |
ii) | Ms. Debjani Ghosh, Distinguished Fellow, NITI Aayog; Independent Director, Reserve Bank Innovation Hub; and Ex-President, NASSCOM | Member |
iii) | Dr. Balaraman Ravindran, Professor and Head, Wadhwani School of Data Science and AI, IIT Madras | Member |
iv) | Shri Abhishek Singh, Additional Secretary, Ministry of Electronics and Information Technology, Government of India | Member |
v) | Shri Rahul Matthan, Partner, Trilegal | Member |
vi) | Shri Anjani Rathor, Group Head and Chief Digital Experience Officer, HDFC Bank Ltd. | Member |
vii) | Shri Sree Hari Nagaralu, Head of Security AI Research, Microsoft India (R&D) | Member |
viii) | Shri Suvendu Pati, CGM, FinTech Department, Reserve Bank of India | Member Secretary |
Weaving It All Together
As AI continues to evolve and reshape the financial landscape, it brings with it both transformative opportunities and complex challenges. This report has sought to present a balanced and forward-looking framework of how AI can be responsibly and ethically enabled in the Indian financial sector. At the heart of the FREE-AI framework are the 7 Sutras, the foundational principles which are the living spirit of the framework. The 6 Pillars provide structural balance by enabling innovation as well as mitigating risks. Finally, the 26 Recommendations bring it all to life with specific, implementable steps that translate aspiration into action. The recommendations have been carefully crafted to embody and advance the Sutras. Together, the Sutras, the Pillars, and the Recommendations, forge a progressive path forward for all stakeholders, including regulators, financial institutions, technology service providers, to harness the potential of AI in the financial sector.
Summary of Sutras and Recommendations
Summary of the 7 Sutras
1 Trust is the Foundation:
Trust is non-negotiable and should remain uncompromised
2 People First:
AI should augment human decision-making but defer to human judgment and citizen interest
3 Innovation over Restraint:
Foster responsible innovation with purpose
4 Fairness and Equity:
AI outcomes should be fair and non-discriminatory
5 Accountability:
Accountability rests with the entities deploying AI
6 Understandable by Design:
Ensure explainability for trust
7 Safety, Resilience, and Sustainability:
AI systems should be secure, resilient and energy efficient Summary of Recommendations
Summary of Recommendations
Innovation Enablement Framework
Infrastructure Pillar
1 Financial Sector Data Infrastructure:
A high-quality financial sector data infrastructure should be established, as a digital public infrastructure, to help build trustworthy AI models for the financial sector. It may be integrated with the AI Kosh – India Datasets Platform, established under the IndiaAI Mission.
2 AI Innovation Sandbox:
An AI innovation sandbox for the financial sector should be established to enable REs, FinTechs, and other innovators to develop AI-driven solutions, algorithms, and models in a secure and controlled environment. Other FSRs should also collaborate to contribute to and benefit from this initiative.
3 Incentives and Funding Support:
Appropriate incentive structures and infrastructure must be put in place to encourage inclusive and equitable AI usage among smaller entities. To support innovation and to meet strategic sectoral needs, RBI may also consider allocating a fund for setting up of data, compute infrastructure.
4 Indigenous Financial Sector Specific AI Models: Indigenous AI models (including LLMs, SLMs, or non LLM models) tailored specifically for the financial sector should be developed and offered as a public good.
5 Integrating AI with DPI:
An enabling framework should be established to integrate AI with DPI in order to accelerate the delivery of inclusive, affordable financial services at scale.
Policy Pillar
6 Adaptive and Enabling Policies:
Regulators should periodically undertake an assessment of existing policies and legal frameworks to ensure they effectively enable the AI driven innovations and address the AI-specific risks. Regulators should develop a comprehensive AI policy framework for the financial sector, anchored in the Committee’s 7 Sutras to provide flexible, forward-looking guidance for AI innovation, adoption, and risk mitigation across the sector. The RBI may consider issuing consolidated AI Guidance to serve as a single point of reference for regulated entities and the broader FinTech ecosystem on the responsible design, development, and deployment of AI solutions.
7 Enabling AI-Based Affirmative Action:
Regulators should encourage AI-driven innovation that accelerates financial inclusion of underserved and unserved sections of society and other such affirmative actions by lowering compliance expectations as far as is possible, without compromising basic safeguards.
8 AI Liability Framework:
Since AI systems are probabilistic and non-deterministic, regulators should adopt a graded liability framework that encourages responsible innovation. While REs must continue to remain liable for any loss suffered by customers, an accommodative supervisory approach where the RE has followed appropriate safety mechanisms such as incident reporting, audits, red teaming etc., is recommended. This tolerant supervisory stance should be limited to first time / one-off aberrations and denied in the event of repeated breaches, gross negligence, or failure to remediate identified issues.
9 AI Institutional Framework:
A permanent multi-stakeholder AI Standing Committee should be constituted under the Reserve Bank of India to continuously advise it on emerging opportunities and risks, monitor the evolution of AI technology, and assess the ongoing relevance of current regulatory frameworks. The Committee may be constituted for an initial period of five years, with a built-in review mechanism and a sunset clause. A dedicated institution should be established for the financial sector, operating under a hub-and-spoke model to the national-level AI Safety Institute, for continuous monitoring and sectoral coordination.
Capacity Pillar
10 Capacity Building within REs:
REs should develop AI related capacity and governance competencies for the Board and C suite, as well as structured and continuous training, upskilling, and reskilling programs across the broader workforce who use AI, to effectively mitigate AI risks and guide ethical as well as ensure responsible AI adoption.
11 Capacity Building for Regulators and Supervisors: Regulators and supervisors should invest in training and institutional capacity building initiatives to ensure that they possess an adequate understanding of AI technologies and to ensure that the regulatory and supervisory frameworks match the evolving landscape of AI, including associated risks and ethical considerations. RBI may consider establishing a dedicated AI institute to support sector-wide capacity development.
12 Framework for Sharing Best Practices:
The financial services industry, through bodies such as IBA or SROs, should establish a framework for the exchange of AI-related use cases, lessons learned, and best practices and promote responsible scaling by highlighting positive outcomes, challenges, and sound governance frameworks.
13 Recognise and Reward Responsible AI Innovation: Regulators and industry bodies should introduce structured programs to recognise and reward responsible AI innovation in the financial sector, particularly those that demonstrate positive social impact and embed ethical considerations by design.
Risk Mitigation Framework
Governance Pillar
14 Board Approved AI Policy:
To ensure the safe and responsible adoption of AI within institutions, REs should establish a board-approved AI policy which covers key areas such as governance structure, accountability, risk appetite, operational safeguards, auditability, consumer protection measures, AI disclosures, model life cycle framework, and liability framework. Industry bodies should support smaller entities with an indicative policy template.
15 Data Lifecycle Governance:
REs must establish robust data governance frameworks, including internal controls and policies for data collection, access, usage, retention, and deletion for AI systems. These frameworks should ensure compliance with the applicable legislations, such as the DPDP Act, throughout the data life cycle.
16 AI System Governance Framework:
REs must implement robust model governance mechanisms covering the entire AI model lifecycle, including model design, development, deployment, and decommissioning. Model documentation, validation, and ongoing monitoring, including mechanisms to detect and address model drift and degradation, should be carried out to ensure safe usage. REs should also put in place strong governance before deploying autonomous AI systems that are capable of acting independently in financial decision making. Given the higher potential for real world consequences, this should include human oversight, especially for medium and high-risk use cases and applications.
17 Product Approval Process:
REs should ensure that all AI enabled products and solutions are brought within the scope of the institutional product approval framework, and that AI specific risk evaluations are included in the product approval frameworks.
Protection Pillar
18 Consumer Protection: REs should establish a board approved consumer protection framework that prioritises transparency, fairness, and accessible recourse mechanisms for customers. REs must invest in ongoing education campaigns to raise consumer awareness regarding safe AI usage and their rights.
19 Cybersecurity Measures:
REs must identify potential security risks on account of their use of AI and strengthen their cybersecurity ecosystems (hardware, software, processes) to address them. REs may also make use of AI tools to strengthen cybersecurity, including dynamic threat detection and response mechanisms.
20 Red Teaming:
REs should establish structured red teaming processes that span the entire AI lifecycle. The frequency and intensity of red teaming should be proportionate to the assessed risk level and potential impact of the AI application, with higher risk models being subject to more frequent and comprehensive red teaming. Trigger-based red teaming should also be considered to address evolving threats and changes.
21 Business Continuity Plan for AI Systems:
REs must augment their existing BCP frameworks to include both traditional system failures as well as AI model-specific performance degradation. REs should establish fallback mechanisms and periodically test the fallback workflows and AI model resilience through BCP drills.
22 AI Incident Reporting and Sectoral Risk Intelligence Framework:
Financial sector regulators should establish a dedicated AI incident reporting framework for REs and FinTechs and encourage timely detection and reporting of AI related incidents. The framework should adopt a tolerant, good-faith approach to encourage timely disclosure.
Assurance Pillar
23 AI Inventory within REs and Sector-Wide Repository:
REs should maintain a comprehensive, internal AI inventory that includes all models, use cases, target groups, dependencies, risks and grievances, updated at least half yearly, and it must be made available for supervisory inspections and audits. In parallel, regulators should establish a sector-wide AI repository that tracks AI adoption trends, concentration risks, and systemic vulnerabilities across the financial system with due anonymisation of entity details.
24 AI Audit Framework:
REs should implement a comprehensive, risk-based, calibrated AI audit framework, aligned with a board-approved AI risk categorisation, to ensure responsible adoption across the AI lifecycle, covering data inputs, model and algorithm, and the decision outputs.
25 Disclosures by REs:
REs should include AI-related disclosures in their annual reports and websites. Regulators should specify an AI-specific disclosure framework to ensure consistency and adequacy of information across institutions.
26 AI Toolkit:
AI Compliance Toolkit will help REs validate, benchmark, and demonstrate compliance against key responsible AI principles such as fairness, transparency, accountability, and robustness. The toolkit should be developed and maintained by a recognised SRO or industry body.
