The Indian banking sector functions in an environment with growing regulatory expectations, increasing customer trust requirements and changing fraud and financial crime risks. The increased vigilance from regulatory authorities is evident with monetary penalties imposed by the RBI more than doubled on a year-on-year basis in FY24, rising from Rs 40.39 crore to Rs 86.1 crore. As financial crime and regulatory scrutiny intensify, banks are looking at not just having strong governance frameworks, but also proactive assurance and continuous monitoring.
Traditional governance, assurance and monitoring frameworks which rely heavily on manual checking and periodic reviews are no longer sufficient to manage these risks effectively, and this is where partners like SAS are helping banks move from reactive to proactive oversight.
The Three Lines of Defence (3LoD) model – Business & Operations, Risk & Compliance and Internal Audit remains the cornerstone of governance in banks, ensuring accountability and layered protection. Together, these can be the basis of banking governance frameworks where risks are owned, governed and independently assured. At this juncture, the implementation of AI can modernise this model, allowing banks to transform governance, assurance and monitoring.
Moving Beyond Silos with Integrated Governance
While the 3LoD model is robust, banks often face challenges because each line maintains its own risk assessments, taxonomies, and reporting. This siloed approach leads to duplication, inconsistent risk ratings, and fragmented assurance. An integrated governance framework seeks to unify these efforts by bringing together risk, compliance, and audit into a coordinated model. A centralised view helps in aligning risk, compliance and audit functions seamlessly. Additionally, a single point of oversight can reduce blind spots.
That said, integrating fragmented systems is one of the toughest challenges for organisations. In most organisations, information is scattered across fragmented systems. Additionally, different departments or functions rely on their own interpretations. In the case of banks, what the compliance team defines as “high-risk” may differ from the audit function’s interpretation of “high-risk.” This gap, and also the repetition of reviewing the same processes by multiple teams, can potentially create challenges.
How AI Helps Navigate Integration Challenges
Integrating disparate governance processes will always be a challenge. This is where AI makes a difference. AI helps banks automate and simplify complex processes, eliminate duplication and make better use of resources. For example, Risk and control data across the three lines of defence are often stored in different systems and defined in different ways. AI can help map, cleanse, and standardise these datasets into a common format, enabling a single source of truth. Through Natural Language Processing (NLP) and semantic mapping, AI aligns inconsistent taxonomies, control descriptions, and issue categorisations.
An example of this approach is the Continuous Compliance Monitoring (CCM) system implemented at a leading Indian bank with SAS’s support. The solution pooled data from multiple streams into a centralised hub, enabling real-time checks on compliance gaps. For instance, if a new account was opened without complete documentation, the system could flag it within a defined frequency, allowing immediate corrective action. This proactive oversight illustrates how automated compliance can replace periodic reviews with continuous monitoring.
Assurance is another significant challenge. Different reviews and testing from different teams across risk management, compliance assurance and audit may review the same process at different times, wasting resources and time. Analytics can accelerate this process by identifying where teams are working in a similar area and advising when one review can suffice.
Traditionally, control testing has been periodic and sample-based, relying heavily on manual reviews. AI makes this a continuous, data-driven process. By analysing system logs, transaction data, and workflow activities in real time, AI can automatically validate whether controls are operating as designed.
Platforms like SAS Viya combine these capabilities with predictive analytics, enabling banks to move from sample-based control testing to continuous, data-driven assurance. Analysing data across system logs and workflow activities in real time helps validate control effectiveness and flags anomalies proactively.
How model-based scoring helps businesses handle changing risks
In a traditional assurance setup, each control function maintains its own scorecards – audit rates control health, compliance measures regulatory adherence, and risk management tracks operational or credit exposures. These siloed metrics make it difficult for leadership to see the true, combined risk posture of a business line or product. Integrated governance enables the creation of a unified risk score that consolidates signals from all three lines of defence.
For a unified score, it is important to provide relevant risk factors and weights. The definition of risk factors and weights doesn’t just ensure consistency in measurement; it’s what makes unified scoring possible across all control functions. For example, if KYC lapses are often tied to penalties or financial crime, the model gives them a higher weight. The source of the risk also matters. An issue flagged by an independent audit may get more weight than one raised internally, because past evidence shows audits often point to problems that regulators or customers care about.
The same applies to digital and IT risks. A system outage or cyber issue might happen less often than compliance lapses, but the impact can be huge across customer disruption, reputation damage, or even regulatory scrutiny.
By considering both the source and the impact of risks, model-based scoring creates a more accurate picture of exposure. It combines results from compliance, fraud, operations, and audit into one integrated risk score. Leaders can then see where risks are and focus resources there, instead of tackling problems in isolation.
When the scores are combined at the enterprise level, banks get one clear view of overall risk. They don’t have to manage separate dashboards for compliance, IT, or audit. Management can see where risks overlap and act before they grow into bigger problems.
In the end, model-based scoring strengthens each line of defence and builds the base for integrated governance. Decisions are then made on a risk view that is complete and forward-looking.
From compliance to confidence
In the future and even now, banking will no longer be defined by static frameworks. Banking platforms will evolve to be shaped by systems that provide real-time visibility. Analytics will play a catalytic role in accelerating this evolution and enable banking to shift from fragmented oversight to achieving compliance, agility and resilience at scale. With its deep domain expertise and commitment to responsible AI, SAS continues to support banks in building governance frameworks that are both future-ready and regulator-aligned.
Views expressed by: CA Neha Pansari, Banking Fraud Lead – Customer Advisory, SAS
Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔ www.eletsonline.com/subscription/
