Distinguished guests and my colleagues, Namaste and a very good afternoon! It is a privilege to address this illustrious gathering at College of Supervisors’ Third Annual Global Conference convened around the theme of ‘Adapting the Regulation and Supervision to the Digital Age’.

2. Digitalisation has brought significant benefits such as efficiency and productivity gains, improved transparency, enhanced competition and expanded access to financial services. At the same time, it is also creating new categories of risk and reshaping familiar risks in unfamiliar ways, altering their transmission, visibility, and controllability. The digital transverses beyond products, platforms, or processes to organizational structures, partnerships, and information flows, and with enhanced speed and scale, fundamentally altering the nature of how risks emerge and spread, and how trust is built or undermined. These shifts compel regulators to revisit the operating assumptions of their regulatory approaches. Trust, a cornerstone of financial stability, is increasingly being forged through digital channels, presenting regulators with the challenge of balancing innovation against risk.

3. Building on this, I will first touch upon some issues and challenges that digitalisation presents for regulators, and I will then turn to the opportunities it offers for developing more effective and forward-looking regulatory approaches. I will conclude by outlining a set of guiding principles that, in my view, should anchor regulation in the digital age.

I. Issues and Challenges for Regulation in the Digital Era

A. Regulatory Agility

4. Digitalisation has compressed the time dimension in finance. Transactions settle instantly, services operate continuously, and decisions across payments, credit, and markets are executed automatically at machine speed. This has narrowed the time available between early warning and realised impact; with the risk that operational incidents, fraud, or loss of confidence may scale rapidly, even before conventional indicators register meaningful deterioration. Accordingly, the regulatory processes historically designed around reporting cycles and post-facto remediation must also evolve towards proactive detection and agile interventions without sacrificing prudence and quality of regulatory judgement.

5. New applications and business models are emerging with increasing frequency, thus challenging the regulators on the appropriateness and speed of regulatory response. Frequent changes to regulations can create uncertainty and compliance fatigue, while delayed adaptation risks leaving material developments inadequately addressed. Regulation must therefore maintain an optimal balance between durability and responsiveness.

B. Regulatory Perimeter and Fragmentation

6. Digitalisation is also blurring traditional regulatory boundaries. Many of the financial activities are now being unbundled and delivered through non-financial platforms and arrangements involving both regulated and un-regulated entities, that do not fit neatly within the existing regulatory scope of RBI. Oversight of such activities is often fragmented among multiple financial and non-financial regulators with no single authority having a comprehensive, end-to-end view of the entire activity chain and risk transmission pathways. Hence, regulatory actions taken within individual mandates may be sound in isolation yet collectively may not fully address such cross-cutting risks.

7. The challenge lies in the ability of sector-specific regulatory frameworks to remain coherent when digital financial activity cuts across them by design. Reflecting this, international experience indicates a range of approaches—from legally anchored extensions of regulatory reach, such as Digital Operational Resilience Act in European Union², to collaborative forums with industry experts, like Singapore’s Cyber and Technology Resilience Experts (CTREX) Panel ³. RBI has adopted a hybrid approach that integrates elements of both activity-based such as directions on credit and debit cards and entity-based such as prudential norms, to ensure resilience of its oversight mechanisms.⁴ It is complemented by elements such as framework for supervision of financial conglomerates⁵, directions for non- financial holding companies⁶ and inter-regulatory platforms under the aegis of Financial Stability and Development Council⁷, which help in combined assessment of risks from the financial stability perspective.

8. Fragmentation across jurisdictions further complicates the oversight of digital financial activity. Difference in legal frameworks, institutional mandates, and domestic policy priorities can lead to divergent regulatory approaches which may create scope for regulatory arbitrage and uneven risk management, thereby underscoring the importance of effective cross-border co-operation⁸.

C. Nature of Regulation

9. It is often seen that prescriptive regulations become misaligned as technologies and business models evolve. Conversely, principle-based regulation introduces scope for interpretation and uneven application, if not supported by strong governance and supervisory engagement.⁹ The challenge of regulators, especially with respect to digital technologies, lies in calibrating regulation to have clarity without rigidity and flexibility without ambiguity. As international experience suggests, principle-based regulation, accompanied by a mature industry with strong governance structures, continuous engagement of regulators with the industry, an enhanced supervision and suitable enforcement, yields more successful results.

D. Financial Stability

10. Digital innovations like usage of cloud and decentralised finance introduce new and potentially systemic risks, owing to increased interconnectedness with unregulated entities like technology providers, single points of failure, opacity of underlying arrangements and diluted accountability. As systemic fragility can emerge without any single entity appearing vulnerable, regulators are required to look beyond entity-level soundness to systemic effects of concentration, limited substitutability, and the potential for disruption when widely relied-upon services are impaired.

11. The increasing use of models, algorithms, and code across financial industry is reshaping how outcomes are generated. However, their limitations such as explainability, embedded bias, and model drift may not be immediately apparent, and may emerge only as these technologies gain scale. The overarching framework such as in the report of Committee on Framework for Responsible and Ethical Enablement of Artificial Intelligence (FREE-AI)¹⁰ may be helpful but needs to be translated into appropriate regulation with the underlying principle that the accountability from usage of such technologies, lies with the regulated entity.

E. Operational Resilience

12. In today’s financial system, data has become a core asset. As financial institutions collect and process vast amounts of sensitive personal and transactional information, they have become increasingly attractive targets for cyberattacks. The use of technologies for fraudulent activities like impersonation, fabricated identities, and synthetic content is reducing the reliability of traditional checks dependent on stable identity and familiar patterns. The challenge is to come out with regulations promoting innovation while enhancing safeguards for operational resilience and the Guidance Note on Operational Risk and Resilience¹¹ issued by RBI is a good example of this.

13. Another emerging challenge for regulators is the veracity of information, as digital platforms enable information, whether accurate or distorted, complete or incomplete, to circulate rapidly. The distorted information can influence consumer behaviour and market sentiment potentially amplifying stress and contagion. In such environment, a clear, targeted and timely regulatory communication assumes greater significance for anchoring stakeholders’ confidence.

F. Capacity

14. Digitalisation has materially expanded the scope and sophistication of issues that fall under the regulatory domain. Regulatory judgement increasingly requires understanding technology-enabled business models, data-driven decision systems, digital operational processes, and fast-evolving risk transmission channels, which place sustained demands on regulatory capacity. Regulators should proactively attract, retain, and effectively deploy talent ensuring that expertise is well embedded across regulatory teams.

II. Opportunities for Regulation in the Digital Era

15. The same forces that generate challenges for regulation in the digital era also create opportunities for the regulator by enabling them to continually assess and adaptively calibrate their approaches – not by expanding their reach but by improving how risks are observed, assessed and addressed.

A. Proactive Regulation

16. Digital financial activity generates granular, high-frequency information across transactions, operations, and channels, creating the opportunity for early and deeper regulatory assessments of emerging issues, such as incipient stress, anomalous behaviour, or deterioration in controls, helping them time and calibrate their regulatory interventions. RBI’s machine learning tool- MuleHunter.ai is an example of its digital intervention to tackle the problem of mule bank accounts plaguing the digital ecosystem.¹²

B. System Wide Visibility

17. As alluded to earlier, many digital-era risks arise through shared dependencies, common technology choices, and interconnected infrastructure. Advances in data availability and analytical tools can be used by regulators to look through these complex chains of dependencies and interconnections to identify critical nodes and assess concentration and other intersecting risks. This helps in not only having a more coherent view of risk but also anticipating system wide disruptions even though individual entities appear resilient; as also assessing of the second-order effects of such disruptions - like a cyber incident triggering liquidity stress.

C. Regulatory Calibration

18. Digitalisation creates scope for regulator to become more adaptive. A granular understanding of activities, exposures, and risk drivers, facilitated through digital tools provides an opportunity to operationalise proportionality with greater precision. At the same time, digital tools help regulators incorporate feedback from incidents, near-misses, market developments and supervisory experience more systematically into regulations supporting a mature and stable regulatory posture.

D. Reducing Regulatory Burden

19. The availability of richer data and more advanced modelling tools enables regulators to undertake regulatory impact assessments and cost–benefit analysis in a more structured and forward-looking manner supporting reasoned regulatory choices. RBI through the Framework for Formulation of Regulations has institutionalised such structured decision-making which inter-alia includes impact assessments, periodic review of regulations and broadened stakeholder engagement through ‘Connect 2 Regulate’.

20. Reduction in compliance burden is another use case for regulators, which RBI has been actively working on by embedding digital processes within its regulatory and supervisory functions. All regulatory services are now delivered through an end-to-end centralized digital portal PRAVAAH¹³. DAKSH¹⁴, also an end-to-end supervisory workflow application, enables focused monitoring of compliance, supervisory processes and communication, as also cyber incident reporting.

E. Regulatory Capabilities

21. The use of technology by both regulators (SupTech) and regulated entities (RegTech) supports more efficient supervisory processes and compliances, including automated reporting, targeted analysis, and shift away from static documentation, enabling effective risk management and outcomes. RBI’s Advanced Supervisory Analytics Group is increasingly using digital techniques for microdata analytics, governance assessment, social media monitoring, assessing borrowers’ fraud vulnerability model, etc¹⁵

22. From a conduct perspective, digital tools can help improve the ability to assess information- both structured and unstructured on consumer grievances, their resolution, service disruptions, mis-selling, etc. This helps in earlier supervisory engagement and more evidence-based intervention supporting consumer protection and financial inclusion outcomes. The Complaint Management System of RBI is progressively making use of such tools.¹⁶

F. Regulatory Cooperation

23. As pointed out earlier, digital infrastructures and service providers operate across institutional and jurisdictional boundaries by design. Digital tools can support faster information sharing and joint analysis for consistent regulatory outcomes in cross-border and cross-sectoral contexts, particularly for common critical third parties. RBI has been continuously engaging with domestic and international regulators and standard setting bodies to further such collaborative efforts.

III. Principles for Regulation in the Digital Era

24. I would like to end by laying down some guiding principles about how a regulator should think, decide, and act in the digital era.

1. Primacy of Public Interest: Regulation must remain anchored in its core objective of financial stability and customer protection.

2. Risk-based Focus: Regulatory focus should be directed at the risks beyond institutional form, legal structure, or delivery channels.

3. Enforce Accountability: Technological intermediation, or processes must not dilute accountability of regulated entities, even though responsibilities are shared.

4. Proportionate Calibration: Regulatory intensity should be calibrated to the materiality, complexity, and systemic relevance of activities.

5. Data, Experience, and Foresight: Regulatory decision-making should draw on data, supervisory experience, and forward-looking judgement.

6. Adaptive Refinement: Regulation should continually evolve.

7. Outcome Orientation: Regulatory expectations should focus on desired outcomes and risk controls, allowing flexibility in implementation, while avoiding the prescription of specific technologies, architectures, or models into regulation.

8. Resilience by Design: Regulatory frameworks should focus on the ability of entities and systems to absorb shocks, maintain continuity of critical functions, and recover in an orderly manner.

9. Effective Communication: Regulatory communication should be clear that supports confidence and stability without prejudging outcomes or constraining future regulatory action.

Conclusion

25. Let me conclude with a reflection that extends beyond regulation. The digital era is steadily compressing the distance between action and consequence. Actions now travel faster, interact more widely, and compound more quickly than before. In such a setting, the central challenge is not uncertainty itself, but the quality of judgement exercised while outcomes are still unfolding.

26. In this environment, the value of regulation lies in its ability to serve as a stable reference point while everything else is in motion. When it is grounded in evidence, experience and is forward-looking, regulation can shape the trajectory of change rather than merely respond to it. That is how innovation moves forward with confidence, and how trust in the financial system is endured.

Thank you and wishing constructive deliberations and exchange of views.