New Compliance Framework

    By adopting proven frameworks, financial institutions can cultivate a proactive, information-driven compliance environment
    new-compliance-framework

    In recent years, India’s financial services industry has seen a significant shift in regulatory compliance due increased vigilance by the Reserve Bank of India (RBI). This aligns with a global trend where regulatory bodies prioritise financial stability, governance, and customer protection. Prompted by crises at major banks and financial institutions, this new approach underscores the need for stronger compliance frameworks. As a result, institutions face heightened scrutiny, stringent standards, and substantial penalties. In FY24, the RBI’s monetary penalties more than doubled year-on-year—from Rs 40.39 crore to Rs 86.1 crore.

    Bridging the gaps

    The compliance framework for regulated entities (REs) in India has evolved, transitioning from manual processes to automated systems. Previously dependent on labour-intensive methods prone to errors, the industry faced vulnerabilities, especially in the burgeoning digital payments ecosystem. Broad cybersecurity guidelines lacked the depth to counter emerging threats.

    To counter these, the RBI has adopted a technology-driven approach to bridge compliance and governance gaps. The February-2024 mandate on automating compliance functions represents a major step forward. This mandate standardises compliance monitoring for REs, allowing boards and leadership to ensure accountability and streamline operations. It highlights the need for automation and real-time monitoring to minimise data manipulation and human error.

    The RBI has issued Master Directions and Circulars addressing IT outsourcing, cybersecurity, digital payment security, card tokenisation, and Incident Response protocols. These directives emphasise the regulator’s focus on technology and customer protection. The central bank also revised the fraud risk management directions for REs, which expanded the role of the board of directors and senior management in overall governance, and outlined a new framework for prevention, early detection, and timely reporting of fraud. The RBI has also mandated regular reporting, set key risk indicators and key performance indicators, and has intensified scrutiny.


    Gauging the impact

    The increasing regulatory demands have profound implications for the sector, presenting operational and strategic challenges. Financial institutions must embed compliance within their business models to mitigate financial repercussions and reputational risks that can erode customer trust. The RBI’s new guidelines require a holistic approach to managing data integrity, governance and risk assessments, making automation essential to mitigate threats such as ‘man-in-the-middle’ attacks.

    To address these, BFSI institutions are embracing digital transformation. Advanced technologies such as GenAI, blockchain, and RegTech solutions are empowering compliance teams.

    • Automation in compliance

      Institutions are investing in automation for real-time data analysis and monitoring, with technology spend increasing from 6-8% to 10-12% of the total operating expenses in the last financial year. Data analytics and AI/ML aid compliance functions to interpret new regulations, assess impact, and ensure robust regulatory change management. Many multinational banks have computerised systems to:

    auto_mode

    Disseminate and interpret new regulations and perform impact assessment of regulatory circulars

    manage_search

    Issue management, tracking, and monitoring to strengthen resolution process of adverse findings

    send_time_extension

    Use technology to deliver tailored trainings to the staff

    • Leveraging RegTech for compliance precision

      With KYC and AML violations being primary drivers of non-compliance penalties (which have grown by 88% from 2021 to 2024), RegTech solutions are vital. They automate compliance processes, provide risk assessment, monitoring and reporting, consolidate customer profiles and facilitate real-time behaviour monitoring, helping institutions foresee and address compliance risks.

    • Harnessing GenAI

      GenAI automates tasks such as document review, transaction monitoring and fraud detection. However, risks such as AI biases and insufficient data necessitate a cautious approach.

      In addition, there is an increasing emphasis on strengthening the Risk and Compliance Governance at these institutions with focus on key aspects related to the enterprise structure and relevant operational matters emanating from the business.

    • Three Lines of Defence model framework

      Adopting a “Three Lines of Defence” model strengthens compliance. By defining roles across operational management, compliance and risk management and internal audit, it reinforces governance and creates a cohesive compliance structure.

    • Extending compliance to operational strategies

      Compliance demands enhanced focus on customer experience, including onboarding, grievance redressal and transaction transparency. Institutions must adopt practices that safeguard customers and uphold trust. Stricter due diligence for risk rating systems and Expected Credit Loss (ECL) modelling, necessitate advanced analytical tools and skills. Institutions need to evaluate financial health, market conditions and historical performance.

    • Shifting perception about compliance

      Building a robust compliance culture requires commitment from the top. Boards and senior leadership must champion compliance as a strategic priority rather than a mere checkbox activity. Transparent communication, ongoing training, and regular evaluations are essential.


    Future of compliance

    As the regulatory landscape evolves, financial institutions must anticipate further changes in compliance mandates and prepare for a future where automation, digital transformation and strategic foresight will drive compliance. Key focus areas for regulators are expected to include the following:

    auto_mode

    Expanding regulatory automation

    Building on current directives, regulators may require additional compliance functions such as regulatory returns, risk-based assessments, compliance monitoring and testing and compliance incident management are automated. The storage of historical data in automated systems paves the way for AI applications that can help predict and manage future compliance risks.

    list_alt

    Enabling greater accountability through self-regulatory frameworks

    The RBI has proposed to recognise a self-regulatory organisation to develop industry standards and codes within its regulatory framework. This will foster collaboration between regulators and industry participants, signaling a move towards more granular approach to compliance assessments. Business teams may bear greater responsibility for the implementation of regulatory changes, and also contribute to enhance the monitoring processes in the industry.

    auto_graph

    Elevating governance standards

    Stronger governance structures, including reporting lines and a “tone at the top” approach, will remain pivotal. Boards and senior leadership will be expected to play an active role in championing compliance and setting long-term strategies for regulatory alignment.

    perm_data_setting

    Managing data-driven compliance

    Focus on developing a centralised repository using data lakes, straight-through processing mechanism for management information systems and regular regulatory reporting are expected to increase to improve accuracy and timeliness.

    account_tree

    Necessitating investment in advanced analytics

    In-line with directive for automated compliance infrastructure, REs may be required to implement advance data analytics, model risk management frameworks and machine learning algorithms to further enhance the ECL modelling or credit rating systems.

    emergency

    Mitigating risks of greenwashing

    The regulatory stringency for green claims made by organisations is expected to rapidly develop, aiming to foster responsible environmental stewardship by REs. The RBI has proposed measures to address greenwashing concerns in green deposits. These include the use of third-party verification and impact assessments to prove the veracity of eco-friendly claims. While the RBI has not specified penalties, it aims to increase transparency and consumer trust in green financial products.

    Charting a resilient path

    In an industry facing continuous regulatory evolution, the financial sector must not view compliance as a hurdle, but as an opportunity to foster resilience. By leveraging advanced technologies and adopting proven frameworks, financial institutions can cultivate a proactive, information-driven compliance environment. This approach mitigates risks and aligns with the regulatory overarching goals of financial stability, customer protection and governance excellence.

    Following KPMG in India Partners also contributed to the article : Suveer Khanna –Partner and Head, Forensic Services; Amitava Mukherjee –Partner, Financial Risk Management; Kunal Pande – Partner and Co-Head, Digital Risk and Cyber Management and Vishnu Pillai –Partner and Lead, FS Technology Enablement


    A version of this article was published in Business Today Magazine. The same can be read  in January 05 2025 issue of the magazine.

    Author

    Sanjay Doshi

    Partner and Head, Transaction Services and Financial Services Advisory

    KPMG in India

    Hoshnar Kapadia

    Partner – Governance, Risk and Compliance Services

    KPMG in India

    Access our latest insights on Apple or Android devices