RBI - Speeches

 Regulation and Supervision – Adapting to the Digital Age

Shri Sanjay Malhotra

Keynote Address by Shri Sanjay Malhotra, Governor, Reserve Bank of India at the Third Annual Global Conference of the College of Supervisors, Mumbai, January 9, 2026.

Good morning and Namaskar. It is my privilege to address the third annual global conference of the College of Supervisors.

Advancement in technology is impacting all spheres of human activity – personal, business and public. Financial system is no exception. Technology has revolutionised banking over the years. Yet, today’s landscape is distinct - the pace and scale of change are unprecedented. Technology has introduced new products, partners, and processes.

Digitalisation is widening access, enhancing efficiency, improving convenience, and enabling far more tailored financial services. At the same time, it is reshaping the nature and scale of risks. It is also accelerating the transmission of disruptions and risks underscoring the need for agility in regulatory and supervisory response. This makes the theme of the conference very apt.

I want to focus on five key messages today in my address: i) Systemic resilience as a collaborative effort ii) Supervisory action and enforcement as corrective measures iii) Effective use of data iv) Customer-centricity v) Capacity building

I. Systemic resilience as a collaborative effort

First, I want to emphasise that we in RBI view our regulatory and supervisory roles vis-a-vis the regulated entities as collaborative and not adversarial. We measure our success as a regulator not only in terms of stability but also the dynamism and vibrancy in the financial sector. Similarly, for the regulated entities to succeed in the long term, stability is essential. Essentially, the objectives and purposes of the regulator and the regulated are the same viz. to ensure the long term growth, advancement, stability, integrity, and credibility of the financial system.

The regulators and the regulated are in the same team and not opposite camps. We are partners in the nation’s development. Therefore, we have to work together to strike the right balance between growth and systemic stability on the one hand and between responsible innovation and consumer protection on the other hand.

I may mention that even the function of regulation and supervision is a collaborative effort. Almost every regulation is finalised through a consultative approach. Moreover, regulated entities also self-regulate through their own internal rules, controls, checks and procedures. Regulated entities have their own, if one can say so, in a broad sense, supervision - through their boards, senior management and assurance teams – both internal and external. Thus, while the statutory mandate to regulate and supervise lies with RBI, the obligation to uphold systemic resilience, to better serve the customers and facilitate the growth of the economy are shared responsibilities. It is a collaborative work with a collective aspiration.

Let us all remember that regulation works best when banks and other regulated entities view supervisors not as fault-finding inspectors, but as partners in resilience. For a country like India, where banks play a critical role in financial intermediation and inclusive growth, this collaborative approach is not just desirable—it is essential.

II. Supervisory action and enforcement as corrective measures

I now come to my second point. Supervisory action and enforcement are often viewed as the most visible aspect of regulation and supervision. It is therefore important to clarify that such actions by the Reserve Bank must be seen as part of a continuum of supervisory tools, not as a standalone response. This continuum begins with training and capacity building and moves through dialogue and guidance, off-site and on-site supervision.

Enforcement, restrictions and penalties are measures of last resort. Our endeavour is to have a robust financial ecosystem where supervision encourages self-correction and enforcement acts only as backstop. Moreover, the purpose of enforcement actions undertaken by the Reserve Bank is generally not punitive. The intent is largely to correct. They serve two purposes - (i) signal to those against whom such measures have been initiated; and (ii) make others aware of our acceptable standards of conduct and expectations.

III. Effective use of data

My third point is related to reports that the regulated entities submit and the data that we collect for various purposes including supervision and regulation. We have undertaken several initiatives in the past to streamline the reporting mechanisms and improve the quality of data. We collect large amounts of data through platforms like CIMS and DAKSH. While some amount of burden is placed on all of you in this process, our supervisory capabilities have been strengthened because of your support.

I am happy to note that the quality of data has improved recently, following introduction of the Supervisory Data Quality Index (SDQI) last year. I am confident that we will continue to collaborate for improving the system while reducing the burden placed on regulated entities.

While we have made good use of this data, there is scope for more effective use of this data. For example, Department of Supervision can build stronger analytics and supervisory dash boards for enhanced off-site surveillance, to support more continuous monitoring and early risk detection. Our endeavour should be to make supervision more off-site than on-site and as near real-time and not periodic. Increasingly, this will also mean using SupTech and AI-enabled tools more deeply, while retaining judgment and accountability, firmly with supervisors. Similarly, Department of Regulation can use this for evidence based regulation making. It should be our endeavour to make better and effective use of data.

IV. Customer-centricity

I will now turn my attention to the use of technology for the benefit of customers. For all of us, protecting customers’ interest is not just a priority – it has to become the cornerstone of a sustainable and resilient financial system. Digital channels facilitate our efforts by improving inclusion and convenience. But, without guardrails, they can also facilitate opaque pricing, weak disclosures and inappropriate recovery practices. Our aim should be to ensure that digitalisation and innovations are aligned with fair outcomes for consumers.

A key element of this endeavour should be to protect customers from the menace of rising digital frauds, which has engaged national attention. While banks and other regulated entities individually should continue to improve their tools, techniques and processes in preventing and tackling digital frauds, this is an area where we need to collaborate with each other to build analytics and tools to detect mule accounts and suspicious transactions timely and pre-emptively.

V. Capacity building

Before I conclude, let me acknowledge that there are huge expectations from all of us in financial system. To deliver on these expectations, and on our broader mandate, we must improve our effectiveness. This can only be achieved when we have the right mix of skills not only within the Reserve Bank across regulatory and supervisory domains but also within the financial institutions.

Moreover, a strong financial system needs supervisors, regulators as also the regulated entities to provide feedback and learn continuously from each other. Regulated entities need to better understand regulatory expectations and requirements, particularly in the areas where models, partners, data, and digital delivery create new forms of risk. They need to imbibe the essence of regulation and follow the spirit of it and not merely follow a tick-box based compliance culture. Our endeavour, rather, should be to develop common understanding which can reduce frictions and improve outcomes.

Supervisors and regulators need to provide timely inputs and clarifications. Supervision should not only enforce existing regulations, but also help refine them by flagging regulatory gaps and inconsistencies observed during supervisory engagements. The amendments to the co-lending directions and lending against gold & silver jewellery last year were few recent examples where feedback from all the stakeholders helped us refine regulations. This feedback process is not just limited to supervisory engagement but also includes regulatory or supervisory reporting of data.

We need to intensify our engagement and capacity building efforts. This is where institutions like the College of Supervisors (CoS) can contribute immensely. CoS is not only a training institution. It is a platform for building a shared language of oversight, learning from case studies and practical scenarios. It provides a forum for skill upgradation and bridging the information gap between the Reserve Bank and our regulated entities. I urge all of you to collaborate and utilise the facilities offered by the CoS, more often.

Conclusion

As I conclude my address, I want to emphasise that the fundamental architecture of regulation and supervision remains the same even in the digital era. They still follow the guiding principle of risk sensitivity. Regulated entities still have their stakeholders’ interest topmost in mind. Nonetheless, digitalisation has altered the landscape in many ways.

I will leave you with a few key points to ponder and deliberate upon:

• First, regulation and supervision must remain risk-based, proportionate, and technology-neutral;
• Second, technology must embed compliance, not bypass it; and
• Third, accountability must remain human, and automation should not dilute accountability—it should sharpen it.

I am confident that your deliberations during the day will yield actionable insights on how regulation and supervision should adapt, and how we can forge stronger pathways for cooperation with our key stakeholders and peers.

I thank the CoS team for organising this conference and giving me the opportunity to share my thoughts. I wish you a very productive and successful conference.

Thank you. Namaskar.

Based on the sources provided, here is the full text of the speech by Shri Swaminathan J., Deputy Governor of the Reserve Bank of India.

---

Issues and Challenges in Banking Supervision in the Digital Era Shri Swaminathan J.

Speech by Shri Swaminathan J, Deputy Governor, Reserve Bank of India, on Friday, January 9, 2026, at the Third Annual Global Conference of the College of Supervisors, RBI, Mumbai.

Respected Governor; Deputy Governor, Shri S C Murmu; Chairman, Academic Council, College of Supervisors, Shri Arijit Basu; and members of the Academic Council of CoS; Director, CoS, Shri R. Subramanian; Distinguished speakers, panellists and Managing Directors & CEOs of Regulated Entities; My fellow colleagues from RBI, Ladies and Gentlemen.

A very good morning to all of you. It is a pleasure to be with you today at the third edition of the annual global conference of the College of Supervisors of the Reserve Bank of India. As we all know, banking is becoming more digital, more connected, and more complex. So, I will use this opportunity to take this one step further and speak about what “Supervision in the digital age” really means on the ground, for us and the supervised entities. How our questions change?. How our engagement will change, and what we expect boards and management to demonstrate—before the next incident tests the system!.

What changes on the ground for supervisors?

Let me start with a simple thought. For decades, supervisors were trained to read balance sheets and inspect processes. We still do that. But today, a bank can look perfectly healthy on paper and still be one incident away from severe disruption. The reason is that the centre of gravity is shifting from the “branch and product” to the “pipes and code”. In other words, stability now depends as much on operational resilience, data integrity, and third-party dependencies as much it does on capital and liquidity.

Therefore I would like to dwell upon how has the risk landscape changed in the digital age:

a. The first is speed. In the digital world, both growth and stress can travel faster. Customer acquisition can be exponential, but so can misinformation, panic, and outflows. Risks that used to take weeks to build can now crystallise in hours. This means supervisory feedback loops must tighten, with early triggers, faster follow-up, and clear escalation.

b. Secondly, concentration and interdependence. Many institutions may rely on the same core service providers, cloud platforms, payment rails, data vendors, and cybersecurity tools. This creates a new form of common exposure. It is not always visible in traditional financial ratios, but it is very real. For supervision, we need to map dependencies more actively and assess concentration risk at the ecosystem level, not only at the individual institution level.

c. Third is the growing role of algorithms. AI and machine learning are entering credit underwriting, fraud detection, customer service, treasury, and even internal control functions. This improves efficiency but also raises new questions of accountability, explainability, and fairness. Supervisors need to be able to ask, and entities need to be able to answer, a simple question: who owns the outcome when a model drives a decision?.

d. The fourth is an expanded threat surface and cyber risk. Digital banking increases points of entry, and the adversary is no longer a random hacker. It is often organised, well-funded, and persistent. Even when a bank’s internal controls are strong, a weakness at a vendor, a partner, or a common technology component can spill over. Resilience and recovery must be treated as core capabilities.

e. Lastly and perhaps most importantly, there are conduct risks in a digital wrapper. Digital lending, embedded finance, and platform-based distribution have significantly improved access and convenience. But we have also seen risks of mis-selling, opaque charges, aggressive recovery practices, and data misuse. In a digital environment, customer harm can quickly become a confidence issue, and that can quickly transform into a liquidity issue.

How supervision must respond: principles before tools

Let me now turn to the supervisory response. We certainly need better tools, but we must start with a few fundamental principles that keeps supervision grounded even as technology evolves.

The first is technology-neutral, risk-based supervision. We should regulate and supervise activities and risks, not technology brand names. Innovation will keep changing. Our objectives do not and there is no real replacement to human judgement.

The second is proportionality. Not every institution has the same complexity, systemic footprint, or technology maturity. The supervisory approach must be risk-based, calibrated and proportional, but without lowering expectations for basic controls, such as cybersecurity hygiene, data protection, and governance.

The third is clear accountability. Digital systems can diffuse responsibility between bank, vendor, fintech partner, and so on and so forth. The supervisory approach must be clear: the supervised entity remains accountable for activities conducted in its name and on its rails.

The fourth principle is forward-looking supervision. In a fast-changing environment, backwards-looking compliance checks are necessary but not sufficient. We have to be able to spot weak signals early, test resilience before incidents occur, and intervene before vulnerabilities become events.

New Supervisory Focus Areas

These principles are not new. What is new is the supervisory mindset we need around them. Supervision must shift from periodic snapshots to continuous awareness. It also needs to move beyond a single institution and take a sharper view of its ecosystem. And finally, we need to move from asking only “did you comply?” to also asking “can you withstand stress, recover quickly, and protect customers when things go wrong?”.

Let me translate that mindset into four supervisory focus areas that are becoming central in the digital age: i. operational resilience and cyber readiness, ii. ecosystem and third-party dependencies, iii. governance of data, models and AI, and iv. technology-enabled, continuous supervision, including better use of SupTech and analytics.

Operational resilience and cyber readiness The first shift is in how we view operational disruptions. In the past, operational risk was often treated as a support function issue. In the digital world, it can become the main event. A few hours of outage, a serious cyber incident, or a breakdown at a key service provider can impair critical services. This calls for deeper engagement with boards and senior management on cyber governance, crisis playbooks, recovery capability, and learning from near-misses. It also means simulations that test decision-making under pressure, not just documentation.

Ecosystem and third-party dependencies The second focus area is the ecosystem around the supervised entity. Critical functions may be hosted by cloud providers, technology vendors, payment intermediaries, outsourced service centres, fintech partners, and data service providers. Collectively, the system can become exposed to a small number of common points of failure. The cross-border element adds another layer. Many providers operate globally, and incidents do not respect jurisdictional lines. The global IT outage in July 2024 is a useful reminder. The lesson is not about any one firm, but about how quickly third-party incidents can transmit disruption at scale, including to well-run institutions. This calls for near real-time cooperation among supervisors.

Governance of data, models, and AI The third focus area is the rise of data-driven decision-making, including AI. From a supervisory standpoint, the question is not whether a bank uses AI. The question is whether it can demonstrate governance and accountability around its use. Two issues deserve particular attention. One is reliance on vendor models and embedded tools, in which the institution may use the output without fully understanding the underlying engine. The second is fairness and unintended exclusion, where data proxies can produce outcomes that appear efficient but are unacceptable. Governance is what allows innovation to scale safely.

Technology enabled continuous supervision The fourth focus area is the supervisory transformation itself. If banking is becoming always-on, supervision cannot remain episodic. This requires on-site and off-site teams to work more closely together, to pick up early signals and for faster follow-up. SupTech can help supervisors identify patterns early, detect anomalies, and focus attention where it matters most. But data quality and data governance remain critically important. With better data quality and right analytics, supervisors can increasingly connect dots across silos.

A sharper customer lens: grievance redress as an early warning indicator

Before I conclude, let me add one more point: customer service and grievance redress. In a digital environment, a weak grievance system is not a minor irritation. It is often an early warning. From a supervisory angle, we need to look not only at whether a bank has a grievance framework, but at how it performs. Are complaints resolved on time?. Do institutions identify root causes and close them, or do they only manage closures on paper?. Do boards see a clear dashboard of complaint trends, repeat failures, and customer pain points?. And, is there a proactive and swift remediation?. A mature digital financial system does not have zero complaints. Instead, it learns and fixes quickly, and customers can get fair outcomes without running from pillar to post.

Conclusion

Let me conclude by summing up what the digital age means for supervised entities and their supervisors.

For supervised entities, three messages are important: i. First, compliance cannot be treated as a quarter-end activity. With faster cycles, banks will need stronger operational discipline and data governance throughout the year. When an anomaly is flagged, the ability to explain it and fix it quickly becomes a marker of control maturity. ii. Second, third-party management must be treated as risk management. Institutions will need better oversight of partners, clearer accountability for incidents, and contracts that support audit, access, and resilience. The regulated entity cannot outsource responsibility. iii. Third, as AI and analytics become more embedded, institutions should be prepared for more intensive supervisory questions on model risk, explainability, and fairness.

For supervisors, the bar is also rising. We need to remain rooted in the basics while also becoming more familiar with new risk areas. That means building the right mix of skills, including cyber, IT, data, and model expertise, alongside core prudential judgement.

This is where the role of College of Supervisors (CoS) becomes central. The College is not only about training programmes. It is about building a shared supervisory language, practical comfort through casework and simulations, and the confidence to ask the right questions in new areas. The College also has a broader role as a platform for peer learning, particularly with supervisors from the Global South. Sharing practical experience on what works and what does not is one of the quickest ways to raise supervisory effectiveness.

Finally, capacity building is not a one-time effort. Technology and business models will continue to evolve. Threat actors will keep adapting. Our training and supervisory methods must continue to grow as well.

In the digital era, supervision must remain prudent but also become more vigilant, more ecosystem-aware, and more outcome-focused. The intent is not to impede innovation. Instead, it is to ensure that innovation rests on trust, resilience, and customer fairness. I am confident that the deliberations in this conference will help us sharpen our thinking on these issues. I wish you all a productive conference, and I look forward to the discussions.

Thank you. Jai Hind.

Based on the sources provided, here is the full text of the speech by Shri Shirish Chandra Murmu, Deputy Governor of the Reserve Bank of India.

---

Regulation in the Digital Era – Issues, Opportunities and Challenges Shri Shirish Chandra Murmu

Special Address delivered by Shri Shirish Chandra Murmu, Deputy Governor, Reserve Bank of India on January 9, 2026, at the 3rd Annual Global Conference of the College of Supervisors, Reserve Bank of India on the theme of ‘Adapting the Regulation and Supervision to the Digital Age’, in Mumbai.

Distinguished guests and my colleagues, Namaste and a very good afternoon! It is a privilege to address this illustrious gathering at College of Supervisors’ Third Annual Global Conference convened around the theme of ‘Adapting the Regulation and Supervision to the Digital Age’.

Digitalisation has brought significant benefits such as efficiency and productivity gains, improved transparency, enhanced competition and expanded access to financial services. At the same time, it is also creating new categories of risk and reshaping familiar risks in unfamiliar ways, altering their transmission, visibility, and controllability. The digital transverses beyond products, platforms, or processes to organizational structures, partnerships, and information flows, and with enhanced speed and scale, fundamentally altering the nature of how risks emerge and spread, and how trust is built or undermined. These shifts compel regulators to revisit the operating assumptions of their regulatory approaches. Trust, a cornerstone of financial stability, is increasingly being forged through digital channels, presenting regulators with the challenge of balancing innovation against risk.

Building on this, I will first touch upon some issues and challenges that digitalisation presents for regulators, and I will then turn to the opportunities it offers for developing more effective and forward-looking regulatory approaches. I will conclude by outlining a set of guiding principles that, in my view, should anchor regulation in the digital age.

I. Issues and Challenges for Regulation in the Digital Era

A. Regulatory Agility Digitalisation has compressed the time dimension in finance. Transactions settle instantly, services operate continuously, and decisions across payments, credit, and markets are executed automatically at machine speed. This has narrowed the time available between early warning and realised impact; with the risk that operational incidents, fraud, or loss of confidence may scale rapidly, even before conventional indicators register meaningful deterioration. Accordingly, the regulatory processes historically designed around reporting cycles and post-facto remediation must also evolve towards proactive detection and agile interventions without sacrificing prudence and quality of regulatory judgement.

New applications and business models are emerging with increasing frequency, thus challenging the regulators on the appropriateness and speed of regulatory response. Frequent changes to regulations can create uncertainty and compliance fatigue, while delayed adaptation risks leaving material developments inadequately addressed. Regulation must therefore maintain an optimal balance between durability and responsiveness.

B. Regulatory Perimeter and Fragmentation Digitalisation is also blurring traditional regulatory boundaries. Many of the financial activities are now being unbundled and delivered through non-financial platforms and arrangements involving both regulated and un-regulated entities, that do not fit neatly within the existing regulatory scope of RBI. Oversight of such activities is often fragmented among multiple financial and non-financial regulators with no single authority having a comprehensive, end-to-end view of the entire activity chain and risk transmission pathways. Hence, regulatory actions taken within individual mandates may be sound in isolation yet collectively may not fully address such cross-cutting risks.

The challenge lies in the ability of sector-specific regulatory frameworks to remain coherent when digital financial activity cuts across them by design. Reflecting this, international experience indicates a range of approaches—from legally anchored extensions of regulatory reach to collaborative forums with industry experts. RBI has adopted a hybrid approach that integrates elements of both activity-based and entity-based supervision. It is complemented by inter-regulatory platforms under the aegis of the Financial Stability and Development Council, which help in combined assessment of risks from the financial stability perspective. Fragmentation across jurisdictions further complicates the oversight of digital financial activity. Difference in legal frameworks, institutional mandates, and domestic policy priorities can lead to divergent regulatory approaches which may create scope for regulatory arbitrage and uneven risk management, thereby underscoring the importance of effective cross-border co-operation.

C. Nature of Regulation It is often seen that prescriptive regulations become misaligned as technologies and business models evolve. Conversely, principle-based regulation introduces scope for interpretation and uneven application, if not supported by strong governance and supervisory engagement. The challenge of regulators lies in calibrating regulation to have clarity without rigidity and flexibility without ambiguity. As international experience suggests, principle-based regulation, accompanied by a mature industry with strong governance structures, yields more successful results.

D. Financial Stability Digital innovations like usage of cloud and decentralised finance introduce new and potentially systemic risks, owing to increased interconnectedness with unregulated entities like technology providers, single points of failure, opacity of underlying arrangements and diluted accountability. As systemic fragility can emerge without any single entity appearing vulnerable, regulators are required to look beyond entity-level soundness to systemic effects of concentration and limited substitutability.

The increasing use of models, algorithms, and code across the financial industry is reshaping how outcomes are generated. However, their limitations such as explainability, embedded bias, and model drift may not be immediately apparent. The overarching framework such as in the report of Committee on Framework for Responsible and Ethical Enablement of Artificial Intelligence (FREE-AI) may be helpful but needs to be translated into appropriate regulation with the underlying principle that the accountability from usage of such technologies lies with the regulated entity.

E. Operational Resilience In today’s financial system, data has become a core asset. As financial institutions collect and process vast amounts of sensitive personal and transactional information, they have become increasingly attractive targets for cyberattacks. The use of technologies for fraudulent activities like impersonation and fabricated identities is reducing the reliability of traditional checks. Another emerging challenge for regulators is the veracity of information, as digital platforms enable information, whether accurate or distorted, to circulate rapidly. In such environment, a clear, targeted and timely regulatory communication assumes greater significance for anchoring stakeholders’ confidence.

F. Capacity Digitalisation has materially expanded the scope and sophistication of issues that fall under the regulatory domain. Regulatory judgement increasingly requires understanding technology-enabled business models and data-driven decision systems, which place sustained demands on regulatory capacity. Regulators should proactively attract, retain, and effectively deploy talent ensuring that expertise is well embedded across regulatory teams.

II. Opportunities for Regulation in the Digital Era

The same forces that generate challenges for regulation in the digital era also create opportunities for the regulator by enabling them to continually assess and adaptively calibrate their approaches.

A. Proactive Regulation Digital financial activity generates granular, high-frequency information, creating the opportunity for early and deeper regulatory assessments of emerging issues. RBI’s machine learning tool- MuleHunter.ai is an example of its digital intervention to tackle the problem of mule bank accounts.

B. System Wide Visibility Advances in data availability and analytical tools can be used by regulators to look through complex chains of dependencies and interconnections to identify critical nodes and assess concentration risks. This helps in not only having a more coherent view of risk but also anticipating system wide disruptions even though individual entities appear resilient.

C. Regulatory Calibration Digitalisation creates scope for the regulator to become more adaptive. A granular understanding of activities facilitates an opportunity to operationalise proportionality with greater precision. At the same time, digital tools help regulators incorporate feedback from incidents and market developments more systematically into regulations.

D. Reducing Regulatory Burden The availability of richer data enables regulators to undertake regulatory impact assessments and cost–benefit analysis in a more structured manner. RBI has been actively working on embedding digital processes within its functions to reduce compliance burden. All regulatory services are now delivered through an end-to-end centralized digital portal PRAVAAH. DAKSH, an end-to-end supervisory workflow application, enables focused monitoring of compliance and cyber incident reporting.

E. Regulatory Capabilities The use of technology by both regulators (SupTech) and regulated entities (RegTech) supports more efficient supervisory processes. RBI’s Advanced Supervisory Analytics Group is increasingly using digital techniques for microdata analytics, social media monitoring, and assessing borrowers’ fraud vulnerability models. Furthermore, the Complaint Management System of RBI is progressively making use of tools to assess consumer grievances and mis-selling.

F. Regulatory Cooperation Digital tools can support faster information sharing and joint analysis for consistent regulatory outcomes in cross-border and cross-sectoral contexts. RBI has been continuously engaging with domestic and international regulators to further such collaborative efforts.

III. Principles for Regulation in the Digital Era

I would like to end by laying down some guiding principles about how a regulator should think, decide, and act in the digital era:

• a. Primacy of Public Interest: Regulation must remain anchored in its core objective of financial stability and customer protection.
• b. Risk-based Focus: Regulatory focus should be directed at the risks beyond institutional form, legal structure, or delivery channels.
• c. Enforce Accountability: Technological intermediation must not dilute accountability of regulated entities.
• d. Proportionate Calibration: Regulatory intensity should be calibrated to the materiality, complexity, and systemic relevance of activities.
• e. Data, Experience, and Foresight: Regulatory decision-making should draw on data, supervisory experience, and forward-looking judgement.
• f. Adaptive Refinement: Regulation should continually evolve.
• g. Outcome Orientation: Expectations should focus on desired outcomes and risk controls, allowing flexibility while avoiding the prescription of specific technologies.
• h. Resilience by Design: Frameworks should focus on the ability of entities and systems to absorb shocks and maintain continuity.
• i. Effective Communication: Regulatory communication should be clear to support confidence and stability.

Conclusion

Let me conclude with a reflection that extends beyond regulation. The digital era is steadily compressing the distance between action and consequence. Actions now travel faster, interact more widely, and compound more quickly than before. In such a setting, the central challenge is not uncertainty itself, but the quality of judgement exercised while outcomes are still unfolding.

In this environment, the value of regulation lies in its ability to serve as a stable reference point while everything else is in motion. When it is grounded in evidence, experience and is forward-looking, regulation can shape the trajectory of change rather than merely respond to it. That is how innovation moves forward with confidence, and how trust in the financial system is endured.

Thank you and wishing constructive deliberations and exchange of views.