1. **Control/Assurance Functions** are independent, non-revenue-generating units designed to oversee the business lines. They act as checks and balances to prevent risk-taking, regulatory breaches, and financial loss, while ensuring overall corporate governance. 2. ==The 3 departments are risk management, compliance and internal audit.== 3. RBI explicitly emphasizes that these three functions must be robust, independent, and separate from business/revenue-generating operations. 4. They work to control risk and provide assurance to the board. In central banking and corporate governance framework, this is globally known as the "Three Lines of Defence" model. 1. Risk Management Department (First Line) - Identifies, measures, and monitors risks proactively to ensure the business doesn't take on more risk than the board's appetite allows. 2. Compliance Department (Second Line) - Ensures the institution strictly follows all RBI regulations, legal mandates, and internal policies to prevent regulatory penalties. 3. Internal Audit Department (Third Line) - Provides independent, objective _assurance_ to the Board/Audit Committee that both the business lines (first line) and the risk/compliance units (second line) are working effectively. ## Timeline 1. [Jun 04, 2002](https://rbi.org.in/scripts/NotificationUser.aspx?Mode=0&Id=702) - RBI released the report of the SEBI Committee on Corporate Governance, detailing guidelines to Indian commercial banks listed in stock exchanges. 2. ==[Jun 11, 2020](https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=49937) - RBI released [Discussion Paper](RBI_Occasional_Discussion%20Papers_20200611_Discussion%20paper%20on%20Governance%20in%20Commercial%20Banks%20in%20India.pdf) on ‘Governance in Commercial Banks in India’== 3. [April 8, 2026](https://rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=62516) - In the Statement on Developmental and Regulatory Policies, RBI announced the consolidation of supervisory instructions. 1. The Reserve Bank has constantly endeavored to refine and strengthen its regulatory and supervisory framework while minimising compliance costs, through periodic evaluation of instructions for their continued relevance. In furtherance of this objective, Reserve Bank had undertaken a comprehensive consolidation exercise of the regulatory instructions, on an _‘as is’_ basis, in 2025. The exercise involved consolidation of more than 9000 existing regulatory circular/ guidelines into 238 function-wise Master Directions (MDs), specific to each category of regulated entity. 2. A similar exercise has now been carried out for the [supervisory](Department%20of%20Supervision.md) instructions. Accordingly, the drafts of 64 Master Directions [consolidating](https://rbi.org.in/scripts/Bs_viewcontent.aspx?Id=4971) extant supervisory instructions on up to **nine functional areas** are being published today on RBI website for public comments. 3. These 9 functional areas are: 1. Compliance Function 2. Concurrent Audit; 3. Cybersecurity, Technology: Risk, Resilience and Assurance; 4. Digital Payments Security Controls; 5. Fraud Risk Management; 6. Internal Audit Function; 7. Statutory Audit; 8. Supervisory Returns; and 9. Miscellaneous. ## Master Directions - Instructions on Governance 1. The regulatory instructions with respect to control/assurance functions viz. risk management, compliance and internal audit are contained in these directions. To ensure greater clarity, consistency and harmonisation in the instructions pertaining to these functions, RBI decided to review and consolidate them under these Directions in Nov, 2025. 2. Following entities were covered under this framework - Commercial Banks, Small Finance Banks, Payments Banks, Local Area Banks, Regional Rural Banks and All India Financial Institutions, Urban Co-operative Banks, Rural Co-operative Banks, Non-Banking Financial Companies, Credit Information Companies and Asset Reconstruction Companies. 3. This section lists directions for commercial banks. 4. Nov 8, 2025 - [Reserve Bank of India (Commercial Banks - Governance) Directions, 2025](https://rbi.org.in/scripts/NotificationUser.aspx?Mode=0&Id=13161) 1. June, 2026 - [Reserve Bank of India (Commercial Banks - Governance) Second Amendment Directions, 2026](https://rbi.org.in/scripts/Bs_viewcontent.aspx?Id=5066), effective from January 1, 2027 2. April 8, 2026 - Draft - [Draft Reserve Bank of India (Commercial Banks – Governance) (First) Amendment Directions, 2026](https://rbi.org.in/scripts/Bs_viewcontent.aspx?Id=4972), effective from Sept 1, 2026 ## Related Notes 1. [Department of Supervision](Department%20of%20Supervision.md) ## Further Reading [References](Department%20of%20Supervision.md#References)