The most consequential regulatory reforms rarely announce themselves as revolutions. They arrive disguised as housekeeping. A circular is consolidated. A framework is streamlined. A reporting line is clarified. The language is technical, the tone administrative, and the market moves on. Years later, historians discover that a constitutional shift occurred beneath the paperwork.

The Reserve Bank of India’s June 2026 proposal to create a unified framework governing Risk Management, Compliance, and Internal Audit functions appears, at first glance, to belong firmly in the housekeeping category. The draft seeks to consolidate supervisory instructions and strengthen governance arrangements across regulated entities. Most commentary has therefore interpreted the proposal as an exercise in harmonisation. That interpretation is correct. It is also incomplete.

The deeper significance of the proposal lies elsewhere. The RBI may have quietly declared war on one of the most enduring assumptions of modern corporate governance: the belief that institutions can safely divide responsibility without dividing accountability.

For nearly a century, governance systems have been built around specialisation. Risk officers measured risk. Compliance officers interpreted regulation. Internal auditors evaluated controls. Boards exercised oversight. Each function possessed its own vocabulary, hierarchy, metrics, and reporting structures. The arrangement looked elegant. The outcomes often were not.

When major institutional failures occur, post-mortems rarely reveal an absence of information. Instead, they reveal an abundance of disconnected information. The risk team noticed anomalies. Compliance identified warning signals. Internal audit documented weaknesses. Technology teams observed vulnerabilities. Business units saw emerging stresses. Everyone knew something. Nobody knew enough. The tragedy of modern governance has never been ignorance. It has been fragmentation.

This is why the RBI’s proposal deserves to be understood not merely as a governance reform but as an epistemological reform. It asks a deceptively simple question: How does an institution know what it knows? For decades, regulators have focused on decision-making. The next frontier may be information-making. The distinction matters. A poor decision can often be corrected. A fragmented understanding of reality cannot.

Consider the broader direction of regulatory travel. During the same period in which the RBI is proposing integration of risk, compliance, and audit functions, it is also strengthening frameworks around counterparty credit risk, emphasising cyber resilience, examining conduct risks embedded in digital interfaces, and engaging with questions surrounding artificial intelligence and operational resilience. These initiatives may appear unrelated. They are not. They share a common intellectual foundation: the recognition that contemporary risks refuse to stay within departmental boundaries.

The regulator increasingly appears to understand something that many institutions still do not. The greatest threats of the twenty-first century are boundaryless. Cyber risk migrates into reputational risk. Reputational risk becomes liquidity risk. Liquidity risk evolves into systemic risk. Artificial intelligence creates conduct risks, conduct risks become legal risks, and legal risks become governance failures. The chain is seamless. Only governance remains fragmented.

The old architecture was designed for an industrial age in which risks were largely linear. The emerging architecture is being designed for a networked age in which risks are contagious. That distinction changes everything.

Historically, governance was built around functions. The future may be built around relationships. The question is no longer whether a compliance department performed its role. The question is whether compliance information interacted effectively with risk intelligence, audit observations, technology signals, behavioural indicators, and Board oversight. The unit of analysis is shifting. The department is no longer the central actor. The institution is.

This represents a subtle but profound transformation in the philosophy of accountability. Traditional governance asked, “Who failed?” The emerging model asks, “Why was the system unable to see?” Those are not identical inquiries. The first searches for culpability. The second searches for architecture. The difference is enormous. When regulators focus on culpability, institutions respond by creating defensive structures. When regulators focus on architecture, institutions respond by redesigning information flows.

The RBI’s latest proposal appears firmly aligned with the second approach. Viewed through this lens, the draft framework is not really about audit. Nor is it about compliance. Nor is it about risk. It is about visibility.

Visibility is rapidly becoming the most valuable asset in governance. Not capital. Not technology. Not scale. Visibility. The ability to understand interconnected exposures before they become crises. The ability to detect patterns hidden across organisational silos. The ability to recognise that a cybersecurity incident, a compliance lapse, an AI deployment, a conduct failure, and a reputational shock may all be manifestations of the same underlying weakness.

This is why the proposal should command the attention of Company Secretaries. Many governance professionals continue to think in terms of reporting structures. The future belongs to those who understand information structures. Historically, the Company Secretary served as the institutional memory of the organisation. Tomorrow, the Company Secretary may increasingly become its institutional integrator.

The distinction is critical. Memory preserves knowledge. Integration creates intelligence. Boards are entering an era in which intelligence is becoming more valuable than information. The governance professional who merely reports developments may remain useful. The governance professional who connects developments will become indispensable.

This evolution is not unique to India. Globally, regulators are converging toward models that emphasise operational resilience, AI oversight, cyber governance, conduct accountability, and enterprise-wide risk visibility. The common theme is unmistakable: resilience is no longer viewed as the product of strong departments. It is viewed as the product of strong connections between departments.

That observation reveals the true significance of the RBI’s proposal. The draft is not dismantling silos because silos are inefficient. It is dismantling silos because silos are increasingly incompatible with reality. Reality itself has become integrated. Risks are integrated. Technologies are integrated. Markets are integrated. Stakeholder expectations are integrated. Only governance remains divided into neat compartments. The regulator appears to have concluded that this mismatch can no longer continue.

Perhaps the RBI’s proposal is ultimately about something far older than governance.

It is about visibility.

Throughout history, power has belonged to those who could see what others could not. Empires built maps. Generals built intelligence networks. Markets built information systems. Institutions built reporting structures. Every age has been shaped by its own architecture of visibility.

Corporate governance is now entering a similar transition.

For decades, organisations treated accountability as a matter of authority. The assumption was simple: if responsibilities were assigned clearly enough, accountability would naturally follow. Yet repeated crises have revealed a different truth. Institutions rarely fail because nobody was responsible. They fail because nobody could see the whole picture. That is why the death of siloed governance matters.

The real question facing boards, regulators, and governance professionals is no longer whether information exists. In the age of data abundance, information is rarely the scarce resource. Coherence is.

The institutions that thrive in the coming decade will not necessarily be those with the most data, the largest compliance teams, or the most sophisticated technologies. They will be the ones capable of transforming fragmented signals into a shared understanding of reality.

Perhaps that is the future the RBI’s proposal quietly anticipates. Not a world with more rules, but a world with fewer blind spots. Because in the end, accountability begins long before a crisis is investigated. It begins at the moment an institution decides whether it wishes to know what it already knows.

END OF ARTICLE