Risk
RBI has set the bar for AI lending.
Almost no one can clear it.
RBI's 2026 Model Risk Management draft quietly rewrites the rules for AI in lending. Behind the headline-grabbing kill switch, it asks for something much harder: validate every model, explain every decision, and keep a human in control.
By Krim · 30 June 2026 · 6 min read

India's banking and credit sector has been putting AI to work inside lending operations for the better part of five years. Scoring models, document-processing pipelines, outbound call automation, real-time fraud checks: banks, NBFCs, co-operatives and credit information companies are all running some version of it. The adoption is real, and in the world's fastest-growing large economy it is accelerating. The Reserve Bank of India, which licences and supervises all of them, has been watching. And building its response.
On 24 June, the RBI acted. It published a draft guidance that, once final, will be the comprehensive model risk framework every regulated lender in the country must operate inside. Guidance of this kind is not advisory in practice: it shapes what examiners look for, what enforcement actions reference, and at the limit, what licences are renewed.
The first wave of coverage landed on two words: kill switch. Easy to picture, easy to write about, and the easiest thing in the whole document to build. It is also beside the point.
Read the draft as an operator and a harder picture comes into focus. It asks you to own the risk of every model you run, including the ones you bought from a vendor and never looked inside. It asks you to explain individual lending decisions to the people they land on: a customer, an examiner, a board. And it asks you to keep a human in genuine control while an agent is working, close enough to step in before an action goes out. Those three demands reach into how lending actually runs at most banks and NBFCs today, and they are expensive to meet.
The draft Guidance on Regulatory Principles for Model Risk Management, 2026 is open for public comment until 24 July. Strip away the headline and what it really does is remove three assumptions the entire Indian AI-lending stack has been resting on. By its own regulator's measurement, the sector is nowhere near ready to stand without them.
Aug 2024
First credit-model draft
Aug 2025
FREE-AI report published
Jun 2026
This draft released
24 Jul 2026
Comments close
It applies to almost everything
Start with scope, because it is wider than people expect. The Guidance reaches eleven categories of regulated entity: every bank, every NBFC down to the smallest, co-operatives, the large financial institutions, even credit information companies. If you lend, you are in.
And "model" is defined to swallow your whole stack. Anything that takes inputs, applies logic, and produces an output that materially shapes a decision counts, whether or not you call it a model. RBI's own example is a spreadsheet: a loan-pricing calculator in Excel is just arithmetic, until it sets your rates, at which point it is a regulated model. The subtext is blunt. You have models you have never inventoried, and the regulator knows it.
Three demands in the body actually bite.
One: you can't outsource the risk
The spine of the document is a single sentence. A regulated entity is accountable for the outcomes of all its models (built in-house, bought from a vendor, or some mix). There is no clause that lets you point at a supplier.
That matters, because the default way to adopt AI in lending has been to buy the risk away: sign with a credible vendor, accept their certifications, treat the model as their problem. The draft shuts that door. You must independently validate a third-party model regardless of any assurance the provider gives you. And if a vendor won't disclose enough for you to validate it, the prescribed remedy is to limit how much you use it. For anyone selling AI into regulated lenders, "validatable" just became a gate, not a nice-to-have.
Two: the black box has to explain itself
The densest passage in the draft asks for explainability thresholds on every AI model, with the bar rising wherever the model drives material decisions or affects customers.
The technical difficulty is real. The frontier models now seeping into credit are, by design, not fully explainable; their behaviour comes from billions of parameters no human reads. RBI knows this, and concedes that where full explainability isn't achievable you must wrap the model in compensating controls. But the bar doesn't move. The regulator isn't asking you to explain the model. It's asking you to explain, and stand behind, the decision.
RBI isn't asking you to explain the model. It's asking you to explain the decision.
This isn't an Indian quirk. It's the same fault line in the EU AI Act's treatment of credit scoring and in the US Federal Reserve's SR 11-7, the text that has governed model risk in American banking since 2011. What's striking is that RBI has written its version not for the age of credit scorecards but for the age of agents, naming frontier models explicitly, and adding that the more autonomy a model has, the higher its risk tier. That's a regulator pricing autonomy as risk, in writing.
Three: control before the fact, oversight forever after
The last demand is operational and relentless. Every model inventoried, or it can't be used. Decommissioned models kept for ten years. Independent validation before and after deployment. Red-teaming for anything customer-facing. Drift monitoring on an ongoing basis. Human-in-command, override, and yes, the kill switch. And telling customers when they're talking to an AI.
The real work happens before the model acts: bounding it, validating it, keeping a human able to stop it. By the time you are reviewing what it already did, the action has happened. The draft is reaching for a control point that ordinary MLOps doesn't provide: a layer between an agent's intent and the irreversible action.
The gap RBI already measured
Here's what should make every board uncomfortable. We know how ready the sector is, because RBI measured it. The survey behind its FREE-AI report (the parent of this draft) found that among lenders already using AI, only around 15% used interpretability tools, roughly 18% kept audit logs, about 21% watched for model drift, and only a third had any board-level AI oversight at all.
RBI readiness gap
What RBI now requires vs. what the sector has
Source: RBI FREE-AI Committee survey of regulated entities, 2025. Figures are approximate.
Among lenders already running AI, ~15% used interpretability tools and ~18% kept audit logs. RBI has now made all of it mandatory.
RBI has taken what a sophisticated minority did voluntarily and made it the floor for everyone, down to the small NBFC running a credit model it bought from a fintech it has never audited. That isn't a gap. It's a chasm. And it won't be closed with a policy PDF. An entity can write a framework in a quarter; it cannot, in a quarter, conjure the thing the framework assumes: a real control layer that validates AI decisions before they execute, explains them after, keeps an auditable record of every action, and lets a human override them in real time. That has to be built or bought.
Before the window closes
Three moves, in order of urgency. First: inventory honestly, including the spreadsheets and rule engines you don't think of as models. The document's definition of "model" is broad enough to catch all of them. Second: revisit your AI vendor agreements for documentation rights, audit access, and exit terms. If you cannot validate it, the draft says to limit it. Third: decide where your control layer sits. Firms treat this as a compliance box to tick, but it is really a question of how the system is built, and the draft leaves one workable answer: run the checks before an action executes, while there is still something to stop.
What Krim built for this
We should be transparent: this is the layer we build. But the more important point is when, and why. Krim is a safe superintelligence research company. The founding thesis was that AI operating in regulated institutions needs a fundamentally different architecture: not better models, but a different operating system, one where the intelligence and the rules governing it are built as a single system, not connected afterwards.
KrimOS is that operating system. Kendra is the runtime inside it, eight modules that run everything a KrimOS agent does. At Kendra's core is Krim-Nyāya: a pre-execution validation pipeline that runs every action an agent proposes through 33 validators before it fires. Those validators are derived from Navya-Nyāya, the formal-logic tradition of Mithila, two thousand years of precise reasoning about what follows from what, applied as a machine-executable grammar for what an agent is and isn't permitted to do. Each validator returns pass, amber, or fail. Nothing executes on an amber or a fail. The record is deterministic: the same inputs produce the same output, every time.
That is the explainability answer this draft is reaching for. Not a post-hoc summary of what a model probably weighted. A formal record of exactly which rules an action was checked against, and what each returned. An auditor can read it. A board risk committee can read it. An RBI examiner can read it.
Own the risk. Explain the decision. Control before the act. These three demands describe the architecture we built before this draft existed, because we believed they would eventually be required. The RBI draft is a regulator arriving at the same conclusion.
The model stays a black box. The decision doesn't.
These demands cannot be met by paperwork. They need a control layer most lenders don't have, and the draft was not written with any vendor in mind. Whoever builds it, "validatable, explainable, overridable, on the record" is the specification. KrimOS was built to it.
The RBI draft as a specification — and how KrimOS answers it
You own the outcomes of every model you run, including the ones you bought.
One gate. Every action. Regardless of source.
A vendor's certification doesn't discharge your duty. You validate it yourself.
Validation logic you own, running inside your perimeter.
Material decisions must be explainable, even when the model is not.
Krim-Nyāya renders formal reasons, not probability scores. Every decision, decomposed.
System-level controls must constrain what a model can do.
Actions blocked before they execute. Not logged after.
More model autonomy means a higher risk tier and stricter scrutiny.
Per-agent limits at the action layer. Higher autonomy triggers stricter checks.
A human must be able to inspect, override, or stop the system at any point.
The gate is always human-accessible: inspect, override, freeze.
Every AI decision must be traceable, reproducible, and auditable.
Deterministic, reproducible logs as a by-product of every action. Automatically retained.
See exactly how KrimOS addresses each row in that table: Explore KrimOS →
The window is open — briefly
There's a fashionable view that draft guidance can be ignored until it's final. It can't. Once issued, this Guidance supersedes the rule that has governed credit-model risk since 2002, and it binds every regulated lender. The draft is simply the near-final shape of a rule that is coming. The comment window closes 24 July, the last chance to shape how it lands before it does.
The lenders who treat the next few weeks as a consultation will spend the next two years catching up. The ones who read the draft as the specification it already is will spend that time building.
Krim builds KrimOS, an agent-native operating system with a pre-execution validation layer for regulated lending. The draft is open for public comment until 24 July. If you use AI in lending, it is worth reading in full and responding to. You can read RBI's original draft and press release here.
Krim is building the control layer this draft describes.
Validated before it acts. Explainable by construction. On the record before the regulator asks.