RBI wants banks to appoint data owners, data stewards, data custodians

RBI wants banks to appoint data owners, data stewards, data custodians

The RBI has unveiled an ambitious blueprint to strengthen data governance across banks and financial institutions, signalling that poor data management is now a key supervisory concern. The draft norms seek to improve accountability, data quality and risk management as digital finance becomes increasingly data-driven.

Advertisement
    Share:
The draft rules apply to banks, NBFCs, cooperative banks, All India Financial Institutions, Asset Reconstruction Companies and Credit Information Companies regulated by the RBI.The draft rules apply to banks, NBFCs, cooperative banks, All India Financial Institutions, Asset Reconstruction Companies and Credit Information Companies regulated by the RBI.
Business Today Desk
  • Jul 15, 2026,
  • Updated Jul 15, 2026 9:32 PM IST

The Reserve Bank of India (RBI) has proposed a major overhaul of data governance standards for banks and other regulated entities, requiring them to establish dedicated data governance functions and appoint Data Owners, Data Stewards and Data Custodians to strengthen accountability over data management.

The draft Guidance on Regulatory Expectations for Data Governance, released for public comments, aims to address supervisory concerns around weaknesses in data management that could expose financial institutions to operational, compliance and financial risks. It applies to commercial banks, small finance banks, payment banks, regional rural banks, cooperative banks, non-banking financial companies (NBFCs), All India Financial Institutions, Asset Reconstruction Companies (ARCs) and Credit Information Companies (CICs).

Advertisement

Related Articles

Under the proposed framework, every regulated entity (RE) will have to establish a Data Function headed by a sufficiently senior officer, not below the rank of Chief General Manager or an equivalent position. The function will serve as the central coordinating body for implementing the institution's Data Governance Framework (DGF) across business, risk, technology and other functions.

The RBI has also proposed clearly defined roles for Data Owners, Data Stewards and Data Custodians, assigning accountability for data throughout its lifecycle.

A Data Owner will be responsible for defining, classifying and governing data within a specific domain. The role includes overseeing data quality, approving data-sharing and usage rules, designating the Single Source of Truth (SSOT), maintaining metadata and data lineage, and approving changes or exceptions affecting the data.

Advertisement

Supporting the Data Owner will be the Data Steward, who will manage day-to-day implementation of data governance requirements. Responsibilities include maintaining data definitions and documentation, coordinating governance issues across departments, monitoring data flows, identifying gaps and reporting material issues to the Data Owner.

The Data Custodian will handle the technical management of data, including enforcing access controls, maintaining metadata and lineage systems, implementing security measures for data storage and transmission, overseeing retention and disposal processes, and ensuring business continuity and disaster recovery mechanisms. Material incidents or control failures must be promptly escalated to the Data Owner and the executive data governance committee where appropriate.

Beyond creating these roles, the RBI has proposed that regulated entities maintain a documented mapping of responsibilities across the data lifecycle, clearly specifying accountability, execution responsibilities, consultation points and escalation mechanisms. The mapping will have to be reviewed periodically and updated whenever there are significant changes in business operations, technology systems or regulatory requirements.

Advertisement

The draft guidance forms part of a broader data governance framework that also calls for board-level oversight, executive data governance committees, stronger data risk management practices, maintenance of a Single Source of Truth, improved data quality controls and stricter safeguards for sharing customer data with third parties. It also requires compliance with the Digital Personal Data Protection (DPDP) Act, 2023, and related rules.

According to the RBI, the proposals are intended to improve the accuracy, integrity, consistency, traceability and security of data across regulated entities as digital financial services, interconnected technology ecosystems and advanced analytics continue to increase the volume and complexity of data handled by financial institutions.

The Reserve Bank of India (RBI) has proposed a major overhaul of data governance standards for banks and other regulated entities, requiring them to establish dedicated data governance functions and appoint Data Owners, Data Stewards and Data Custodians to strengthen accountability over data management.

The draft Guidance on Regulatory Expectations for Data Governance, released for public comments, aims to address supervisory concerns around weaknesses in data management that could expose financial institutions to operational, compliance and financial risks. It applies to commercial banks, small finance banks, payment banks, regional rural banks, cooperative banks, non-banking financial companies (NBFCs), All India Financial Institutions, Asset Reconstruction Companies (ARCs) and Credit Information Companies (CICs).

Advertisement

Related Articles

Under the proposed framework, every regulated entity (RE) will have to establish a Data Function headed by a sufficiently senior officer, not below the rank of Chief General Manager or an equivalent position. The function will serve as the central coordinating body for implementing the institution's Data Governance Framework (DGF) across business, risk, technology and other functions.

The RBI has also proposed clearly defined roles for Data Owners, Data Stewards and Data Custodians, assigning accountability for data throughout its lifecycle.

A Data Owner will be responsible for defining, classifying and governing data within a specific domain. The role includes overseeing data quality, approving data-sharing and usage rules, designating the Single Source of Truth (SSOT), maintaining metadata and data lineage, and approving changes or exceptions affecting the data.

Advertisement

Supporting the Data Owner will be the Data Steward, who will manage day-to-day implementation of data governance requirements. Responsibilities include maintaining data definitions and documentation, coordinating governance issues across departments, monitoring data flows, identifying gaps and reporting material issues to the Data Owner.

The Data Custodian will handle the technical management of data, including enforcing access controls, maintaining metadata and lineage systems, implementing security measures for data storage and transmission, overseeing retention and disposal processes, and ensuring business continuity and disaster recovery mechanisms. Material incidents or control failures must be promptly escalated to the Data Owner and the executive data governance committee where appropriate.

Beyond creating these roles, the RBI has proposed that regulated entities maintain a documented mapping of responsibilities across the data lifecycle, clearly specifying accountability, execution responsibilities, consultation points and escalation mechanisms. The mapping will have to be reviewed periodically and updated whenever there are significant changes in business operations, technology systems or regulatory requirements.

Advertisement

The draft guidance forms part of a broader data governance framework that also calls for board-level oversight, executive data governance committees, stronger data risk management practices, maintenance of a Single Source of Truth, improved data quality controls and stricter safeguards for sharing customer data with third parties. It also requires compliance with the Digital Personal Data Protection (DPDP) Act, 2023, and related rules.

According to the RBI, the proposals are intended to improve the accuracy, integrity, consistency, traceability and security of data across regulated entities as digital financial services, interconnected technology ecosystems and advanced analytics continue to increase the volume and complexity of data handled by financial institutions.

ABOUT THE AUTHOR

Business Today Desk

Business Today brings you the latest news, views and analysis from the world of finance, economy, markets, corporates, startups, tech, and the digital economy. You can find everything from breaking news to deep dives to immersive essays and more on a variety of subjects across all formats - online, magazine, television, data visualisation, et al.

Read more!
Advertisement