The Reserve Bank of India (RBI) and India’s banking boards are at a crossroads. Recent episodes of disclosure lapses and governance failures have resurrected a familiar but uncomfortable debate: are boards exercising the right blend of oversight, independence and time-use to keep large, complex lenders safe and sound? The RBI’s stepped-up scrutiny of board agendas and deliberations — sparked by high-profile incidents such as IndusInd Bank’s accounting disclosures — is a timely reminder that supervision now requires closer collaboration between regulator and boards, and sharper definition of roles within each bank.
This article argues that rebuilding trust in bank governance doesn’t mean boards and the RBI should retreat into concentric circles of blame. Instead, both must fine-tune roles, reporting, culture and capabilities. The central bank must provide clearer expectations and supervisory bandwidth; boards must rework how they set agendas, interrogate management and embed risk-forward thinking across committees. Below we set out the context, examine the governance gaps laid bare by recent events, outline existing regulatory scaffolding, and propose practical steps to re-engineer board governance for a more resilient banking system.
A crisis of attention: what recent episodes reveal
The immediate trigger for the RBI’s renewed focus on board governance was the disclosure by IndusInd Bank of material accounting irregularities linked to internal derivatives trades. The disclosure — which sparked a sharp market reaction and prompted external investigation — highlighted how control lapses and weak internal challenge can translate into reputational and financial stress. The episode is not isolated; India’s banking history has recurrent examples (from Yes Bank to other cases) where inadequate oversight by boards and inadequate internal controls have amplified risks.
What stands out in recent supervisory accounts is not merely the existence of rules — India’s rulebook on fit-and-proper criteria, committee composition and disclosures is extensive — but the execution gap. RBI supervisors are now reportedly scrutinising not just board composition but the substance of board work: how agendas are set, how much time is spent on risk items, the quality of papers presented, and whether independent directors receive timely, candid briefings that allow them to question management robustly. This marks a significant shift from tick-the-box compliance to scrutiny of board processes and culture.
The regulatory scaffolding exists — but needs sharpening
India’s regulatory framework for corporate governance in banks has evolved substantially over the past decade. RBI master circulars, master directions for NBFCs, guidance on board composition and fit-and-proper norms, and recent master directions on IT governance and operational resilience, all articulate roles and responsibilities for boards and senior management. For instance, RBI guidance on IT governance requires boards to define authority and responsibilities for oversight of technology and cyber risks — a crucial area as banks digitise.
Yet the existence of rules is not the same as their effective operation. Multiple observers have pointed out recurring weaknesses: boards that spend limited time on critical risk topics, committees that become procedural, management packs that are dense but not decision-focused, and a culture where independent directors rely heavily on management for information rather than seeking independent assurance. Moreover, enforcement tools — such as directions, removal of executives or penalties — are rightly used sparingly because remediation, not destruction, is often the priority. That makes prevention through better governance even more important.
What good board governance should look like
A well-functioning bank board does four things exceptionally well: sets clear risk appetite and strategy; ensures senior management is competent and accountable; provides independent, inquisitive challenge; and establishes a culture that prizes integrity and internal control. To operationalise this, boards should pay attention to several practical areas:
- Agenda architecture and time allocation. Boards should ensure agendas prioritise strategic and risk items, not just routine approvals. Time spent on audit, compliance, large exposures, derivatives positions, treasury operations and information security should be visible and tracked. Supervisory teams are already requesting such evidence.
- Quality of materials and independent assurance. Management packs should be concise and decision-oriented, with clear executive summaries and scenarios. Boards need access to independent assurance — internal audit, external experts and, where necessary, forensic reviews — without friction. This reduces information asymmetry and empowers directors to ask better questions.
- Committee design and role clarity. Risk, audit and nomination committees must have clear mandates and sufficient expertise. Where specialised risks exist — e.g., complex derivatives, cross-border operations or large treasury portfolios — boards should constitute sub-committees with the necessary skill sets, meeting frequency and reporting lines.
- Fit-and-proper and director induction. Director selection should prioritise sectoral and technical competence in addition to independence. New directors must receive structured induction covering the bank’s risk profile, systems, and regulatory expectations, and should be evaluated periodically.
- Metrics and incentives aligned to long-term safety. Performance frameworks should move beyond short-term profit metrics to include control metrics: audit findings closed, risk limit breaches, compliance incidents and stress test results.
- Culture and whistleblowing. Boards must be the ultimate custodian of ethical culture. Effective, confidential whistleblowing channels and protections for whistleblowers are essential. Boards should receive regular, anonymised analytics on employee complaints, remediation timeliness and management response.
These are not radical prescriptions. They’re practical refinements of what governance frameworks already ask for — but with greater discipline and evidence of execution.
Where the RBI must calibrate supervisory expectations
The RBI, for its part, faces a delicate balancing act. Heavy-handed micro-management of boards could undermine their independence; conversely, passive oversight allows gaps to fester. The central bank’s evolving emphasis — moving from composition checks to process checks such as agenda content and time allocation — is a constructive middle path. Recent reporting suggests senior supervisory managers (SSMs) are examining board packets, minutes and the time spent on key items as part of regular supervision.
Still, RBI can make its expectations more actionable and easier to implement through several measures:
• Clear supervisory expectations documents. The RBI could publish a concise supervisory bulletin specifying minimum expected board practices (e.g., percentage of board meeting time on risk/controls, escalation protocols, independent director briefings). This would translate principle-based guidance into operational norms.
• Templates and checklists. Standardised templates for board packs, board minutes and committee reports would reduce variability and help directors focus on crucial information. Templates for IT and operational risk reporting, given the RBI’s Master Direction on IT governance, would be particularly useful.
• Capacity building and outreach. RBI should supplement enforcement with capacity building: workshops, case study reviews, and guidance notes for independent directors and board secretaries. This helps elevate the baseline across smaller banks and co-operative lenders where capacity may be thin.
• Proportionate escalation tools. Supervisory responses should be calibrated: remediation timelines, enhanced supervision, targeted restrictions and, in extreme cases, removal of responsible executives. The regulator should make the thresholds and likely responses transparent to deter willful neglect.
• Data-driven supervision. RBI can leverage analytics to flag anomalies in board minutes, transaction patterns and reporting delays that warrant deeper reviews. Early detection reduces the need for blunt corrective actions.
These steps would help shift governance from reactive crisis-management to systematic prevention.
The role of independent directors — and their limits
Independent directors are the cornerstone of effective board oversight. They provide non-executive challenge and bring outside perspectives. Yet their efficacy depends on information, time and expertise. Where independent directors are appointed primarily to satisfy regulatory checks rather than to add genuine oversight capacity, the system weakens.
Boards and the RBI should ensure independent directors have:
- Appropriate induction and continuing education on financial instruments, regulatory expectations, and emerging risks (cyber, fintech, climate).
- Direct access to independent advisors and internal audit without management gatekeeping.
- Sufficient meeting frequency and access to management (including separate sessions with internal audit and compliance) to form informed views.
In short, independence must be substantive, not merely titular. The RBI’s renewed focus on board processes should include checks on whether independent directors are really enabled to be independent.
Technology, cyber risk and the board
Modern banking is inseparable from technology. RBI’s Master Direction on IT governance and operational resilience has underlined that boards must define roles and responsibilities for IT oversight and ensure appropriate resources for cybersecurity, third-party risk and disaster recovery. As banks rely increasingly on complex fintech partners, boards must treat technology risk with the same urgency as credit risk: ensure scenario planning, test incident response and demand regular, comprehensible reporting.
Boards must also ask tough questions about vendor governance and concentration risk. A bank’s apparently strong front office can mask third-party dependencies that create systemic vulnerability. The board’s role is to ensure management maps those dependencies, sets contingency plans and tests them regularly.
Transparency and disclosure: rebuilding market trust
One of the most damaging effects of governance failures is loss of market confidence. Transparent, timely and candid disclosures can mitigate reputational fallout and help markets price risk accurately. The IndusInd episode shows how delayed or partial disclosures can trigger sharp market reactions. Regulators and banks should therefore champion clarity over cautious understatement.
Practical measures to improve disclosure include: pre-agreed escalation protocols for material anomalies, clear lines for when external audits or forensic reviews will be commissioned, and a communications strategy co-ordinated between the board, management and regulators. The objective should be to restore the market’s trust in a bank’s governance rather than to obscure details in the hope of minimising short-term volatility.
Incentives, shareholder governance and activism
Shareholders — particularly large institutional investors — have a part to play. Passive acceptance of poor governance weakens the incentive structure for boards. Investors should hold boards accountable through engagement, voting on director appointments and demanding independent reviews when red flags emerge.
At the same time, activist approaches must be thoughtful: sudden disruptions at the top can cause instability. A constructive investor approach pairs clear expectations with support for remediation efforts and acceptance of timebound plans aimed at fixing internal control deficits.
Smaller banks and urban co-operative banks: a special focus
Urban co-operative banks and smaller regional lenders often struggle with governance due to capacity constraints, owner influence and weak internal controls. RBI interventions in recent months — including placing some co-operative banks under moratorium where governance and embezzlement issues surfaced — underline the stakes of weak oversight. Strengthening governance here requires targeted capacity building, clearer expectations on board composition and more robust enforcement where malfeasance is found.
Practical checklist for boards — a blueprint
To translate principles into practice, boards can adopt the following checklist:
- Agenda audit: conduct an internal review of the past four board meetings to measure time spent on risk, compliance and strategic items. Rebalance future agendas accordingly.
- Board pack redesign: require one-page executive summaries that identify decisions required, key risks and contingency options.
- Committee health check: map committee membership against required skills; commission external expertise where gaps exist.
- Director empowerment: adopt a formal policy granting independent directors access to internal audit, external counsel and independent advisors.
- Stress testing of governance: run an annual governance stress test — e.g., simulate a tech outage, large trading loss or liquidity squeeze — and evaluate board and management response.
- Whistleblower effectiveness: review whistleblowing reports and remediation timeliness; publish anonymised metrics to the board.
- Disclosure readiness: adopt predefined escalation and disclosure templates for material events.
- Continuous education: mandatorily schedule director training on topical areas (cyber, derivatives, climate risk) annually.
These items are pragmatic, measurable and implementable within months — not years.
Where industry associations and professional bodies can help
Beyond banks and the RBI, industry associations, institute of directors and professional bodies can uplift governance standards. They can provide standardised training modules for board members, create certification for independent directors in banking governance and curate case studies of failures and best practices. This ecosystem support amplifies the effect of regulatory guidance and creates a more uniform governance baseline.
