NFRA Releases Regulatory Framework for Safe and Responsible AI Adoption in Banking and Insurance

The National Financial Regulatory Administration (NFRA) has issued a comprehensive regulatory framework governing the development, deployment, and management of artificial intelligence (AI) applications within the banking and insurance sectors. The guidelines are designed to support the secure and responsible adoption of AI technologies while strengthening risk management, data protection, and regulatory oversight across financial institutions.

According to the framework, banking and insurance entities are required to establish robust AI governance structures covering the entire lifecycle of AI systems. Institutions deploying AI technologies must implement top-level planning, strengthen governance mechanisms, and maintain effective supervision over AI-driven business processes and application scenarios.

The guidelines introduce a risk-based and tiered management approach for AI applications. Financial institutions are required to classify AI systems based on risk levels and establish appropriate controls, particularly for high-risk applications. AI-related risks must be incorporated into enterprise-wide risk management frameworks, with institutions conducting periodic assessments and reviews to identify and mitigate emerging risks.

Special emphasis has been placed on managing challenges associated with AI technologies, including model opacity, algorithmic bias, inaccurate outputs, cybersecurity vulnerabilities, data security risks, and customer information protection. Institutions are expected to strengthen safeguards to ensure AI systems operate in a transparent, accountable, and secure manner.

The regulatory framework also requires the establishment of human oversight mechanisms for high-risk AI applications. Human intervention and review processes must be embedded at critical decision-making stages to maintain accountability and reduce reliance on automated outcomes in sensitive financial operations.

To support digital finance development, the guidelines encourage financial institutions to invest in secure, efficient, and independently controllable intelligent computing infrastructure. Large financial institutions with adequate technological capabilities are encouraged to provide computing services to smaller institutions and participate in industry-wide infrastructure sharing initiatives aimed at improving access to computing resources.

The framework identifies several financial activities as high-risk AI application areas, including fund trading, credit approval, underwriting, and insurance claims settlement. Applications deployed in these areas are subject to enhanced governance requirements, including internal approval processes and regulatory reporting obligations.

A significant feature of the guidelines is the introduction of stricter data protection requirements. Financial institutions are prohibited from using sensitive personal information and private customer data for the training and optimization of generative AI models. The framework further mandates data classification, protection controls, content filtering mechanisms, and data desensitization measures to strengthen privacy and security compliance.

Additionally, institutions are required to strengthen outsourcing and supply-chain risk management associated with AI deployment while ensuring continuous monitoring of model performance, transparency, explainability, and robustness throughout the operational lifecycle.

The guidelines represent the NFRA's first dedicated regulatory framework addressing artificial intelligence governance within the banking and insurance sectors. The initiative aims to facilitate the orderly integration of AI technologies into financial services, promote the sustainable growth of digital finance, and ensure that technological innovation remains aligned with prudential risk management and public interest objectives.