RBI Mandates Business Continuity Plans for All Banks

Live · in forceNo withdrawal recorded as of 22 Jun 2026. Reviewed by Vikram Jain; always verify against the official RBI source below.

Issued by RBI: 15 Apr 2005 · Decoded by BankPulse: 21 Jun 2026, 09:38 IST

⏱ ~2 min read

Quick answerRBI directs all scheduled commercial banks to implement a Business Continuity Plan (BCP) to manage operational risks from business disruptions and system failures. Boards and top management are responsible for BCP policy, resource allocation, testing, and annual review. Banks must complete implementation within a fixed timeframe.

What changed

RBI issued a circular on April 15, 2005, requiring all scheduled commercial banks to have a Business Continuity Plan (BCP) in place. This followed a study showing some banks were still developing their BCPs. The circular assigns clear responsibility to the Board and top management for BCP oversight, including policy approval, resource allocation, testing, and annual review.

What it means for you

Banks must now treat operational risk, especially business disruption, as a distinct risk category alongside credit and market risk. The BCP must cover critical business functions, IT continuity, recovery time objectives, and interdependencies with other financial system participants. Non-compliance could expose banks to systemic risks and regulatory action.

What you must do

Ensure your bank has a Board-approved BCP policy that identifies critical business functions and allocates sufficient resources.
Conduct a structured risk assessment based on a comprehensive business impact analysis and define recovery time objectives (RTOs).
Test the BCP thoroughly at frequent intervals and review it annually, reporting results to the Board.
Evaluate contingency planning and periodic testing by service providers for outsourced critical operations.
Implement the BCP within a fixed time frame if not already done, and maintain it against changing threat scenarios.

Who it affects

All scheduled commercial banks in India, Board of Directors and top management of banks, IT and operational risk management teams, Service providers handling outsourced critical operations

What is the deadline for implementing the BCP?

The circular does not specify a specific date but advises banks to put a BCP in place within a fixed time frame. Banks should act promptly to comply.

Who is responsible for the BCP?

The Board of Directors is responsible for approving the BCP policy, prioritizing critical functions, and allocating resources. Top management must execute the plan during contingencies and review it annually.

Does the BCP need to cover IT systems?

Yes, the BCP must include an IT Continuity Plan template as part of the overall methodology, addressing risks from computer and telecommunication system failures.

AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · decoded & published by BankPulse · 21 Jun 2026, 09:38 IST

Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=2205&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.