The Great Fragmentation: Mapping the New Contours of Global Trade

 The Great Fragmentation: Mapping the New Contours of Global Trade

R Kannan

For nearly three decades after the fall of the Berlin Wall, the narrative of global trade was one of relentless, borderless integration. The "End of History" was supposed to be paved with container ships, low tariffs, and the hyper-efficiency of just-in-time supply chains. Today, that world is unravelling. In its place, a more fractured, securitized, and complex landscape is emerging—what economists at the International Monetary Fund (IMF) and the World Bank are increasingly labelling "Gated Globalization."

 

From the financial hubs of Mumbai to the volatile shipping lanes of the Red Sea, the signals are clear: the era of efficiency-first trade is being replaced by an era of security-first trade. According to the latest reports from the World Trade Organization (WTO) and the United Nations, global trade is undergoing its most profound structural shift since the founding of the General Agreement on Tariffs and Trade (GATT) in 1947.

The Rise of "Geoeconomic Fragmentation"

The primary driver of this shift is the increasing weaponization of trade policy for geopolitical ends. In its World Economic Outlook (April 2026), the IMF warns that "geoeconomic fragmentation" is no longer a theoretical risk but a present reality. US effective tariff rates, which sat at roughly 2.4% in late 2024, surged to 15% by the end of 2025—the highest levels since the post-World War II reconstruction era.

This is not merely a bilateral dispute between the U.S. and China. Fragmentation is spreading across the G20 and beyond. The European Union has implemented new "strategic autonomy" safeguards on steel and chemicals, while Mexico recently introduced surcharges of up to 50% on a range of imports to protect domestic industries from perceived dumping. The Wall Street Journal reports that trade policy is now being "shaped by security and political considerations rather than efficiency or multilateral rules," leading to a world where trade blocks are increasingly insular.

From Offshoring to "Friend-Shoring"

The most visible trend in this new era is the death of the traditional "offshoring" model. During the "hyper-globalization" phase (2002–2007), companies moved production to wherever labour and capital costs were lowest. Today, the focus has shifted to "Resilience" and "De-risking."

UNCTAD’s 2025 reports highlight a sharp resurgence in "Friend-shoring"—the practice of restructuring supply chains to favour trade with politically aligned partners. This trend is particularly pronounced in strategic sectors such as semiconductors, electric vehicles (EVs), and critical minerals. In these industries, countries are prioritizing "technological sovereignty" over pure cost-efficiency.

As a result, we are seeing the emergence of new regional hubs. While US imports from China have dropped sharply in relative terms, countries like Vietnam, Taiwan, and Mexico have seen a surge in trade volume. However, the IMF cautions that this is often "indirect trade." Many goods are still manufactured with Chinese components and merely assembled in "friendly" third countries, creating a more opaque, more expensive, and potentially more fragile version of the old global supply chain.

The Digital Paradox: Services in an Age of Barriers

While trade in physical goods faces significant headwinds, digital trade is moving in the opposite direction. The WTO’s World Trade Report 2024 emphasizes that digitally delivered services—ranging from streaming and software to remote professional services and AI architecture—are the fastest-growing segment of global trade.

This "Digital Paradox" suggests that while it is becoming harder to ship a car or a turbine across a border due to physical and regulatory hurdles, it is becoming easier to ship the software that runs them. UNCTAD estimates that growth in digital services trade will continue to outpace goods trade through 2026. However, a new threat looms: data localization laws. The Financial Times notes that if data is treated as a "national asset" that cannot leave borders, digital trade could soon face its own version of the high tariffs currently hitting the manufacturing sector.

The Green Trade Revolution and Carbon Protectionism

Climate change is also rewriting the rules of the game. The "Green Transition" is fostering a new, more sophisticated type of protectionism. Governments are increasingly using massive subsidies and "carbon border adjustment mechanisms" (CBAMs) to protect domestic green industries while penalizing carbon-intensive imports.

The World Bank’s Trade Fragmentation Research Initiative notes that while these policies aim to reduce global emissions, they often create uncoordinated trade barriers that disproportionately hurt low-income economies. Developing nations, many of which are commodity-dependent, face heightened price volatility as they struggle to adapt to the rigorous green standards imposed by advanced economies like the EU. This "Green Squeeze" is becoming a central point of contention in North-South trade relations.

The Role of Financial Stability and Gold

As the trade landscape fragments, the financial foundations of global commerce are also shifting. The New York Times reports a significant increase in central bank gold purchases, particularly in emerging markets, as a hedge against a weakening or "weaponized" US dollar.

The volatility of the dollar, combined with the rise of regional currencies in trade settlements (such as the "petro-yuan" or local currency settlement systems in ASEAN and BRICS+), is complicating the traditional "dollars-for-goods" model. The IMF warns that a multi-currency trade world, while potentially more diverse, carries higher transaction costs and greater exchange rate risks for small-to-medium enterprises.

Re-Globalization vs. De-Globalization: The Path Forward

Despite the prevailing gloom, the WTO argues that we are not witnessing the end of globalization, but its "re-globalization." The World Trade Report 2024 makes a passionate case that trade remains the most effective tool for income convergence and poverty reduction. The challenge, according to the UN’s World Economic Situation and Prospects, is that the benefits of trade are currently being concentrated among a few "aligned" blocks, leaving the most vulnerable nations behind.

Reforming the dispute settlement mechanism—which has been paralyzed for years—and addressing the specific needs of the Global South will be critical to preventing a total collapse of the rules-based order.

Conclusion: A World of "Episodic Shocks"

As we move toward 2027, the global economy appears to have entered a period where "fragility and episodic shocks are increasingly structural features," per the IMF. For global corporations and national governments, the strategy is no longer about maximizing growth at all costs, but about managing risk in a world that is less coordinated and more risk-averse.

The "Great Convergence" that defined the early 21st century has stalled. In its place, we find a world of "strategic power gaps" being filled by regional alliances and protective walls. Global trade is not dying, but it is becoming a much more expensive and complicated game to play. The winners in this new era will not be those with the lowest costs, but those with the most resilient and politically astute supply networks.

 

The Mythos of Security: Why AI-Driven Exploitation Demands a "Biological" Defence

The Mythos of Security: Why AI-Driven Exploitation Demands a "Biological" Defence

By R. Kannan

The traditional perimeter of global enterprise has not just been breached; it has been rendered obsolete. In April 2026, the release of frontier models like Anthropic’s Claude Mythos signalled a permanent shift in the balance of power between the digital lock and the digital pick. We have entered the era of autonomous exploitation, where software vulnerabilities—some lying dormant for nearly three decades—are being unearthed and weaponized in minutes by machine intelligence.

For the modern CEO and the boards they report to, the message is chilling: the window of opportunity for human-led defence has shrunk from months to mere seconds. If our defensive posture remains anchored in human reaction times and periodic audits, we are essentially fighting a supersonic war with a cavalry mindset.

 

 

To address the exponential threat posed by autonomous exploitation models like Claude Mythos, defensive strategies must evolve from static checklists to dynamic, machine-speed ecosystems.

What to do

I. Strategic Infrastructure & Governance

Establish an AI Threat War Room

A traditional Security Operations Centre (SOC) is reactive, often mired in "alert fatigue." The AI Threat War Room is a proactive command centre staffed by "Purple Teams"—specialists who blend offensive (Red) and defensive (Blue) tactics.

• Offensive Synthesis: The team utilizes adversarial AI to simulate multi-stage attacks. This involves "LLM-orchestrated" fuzzing, where the AI generates millions of permutations of inputs to break your proprietary software.
• Predictive Remediation: Instead of waiting for a CVE (Common Vulnerabilities and Exposures) to be published, this unit identifies "silent" weaknesses in logic and business workflows that traditional scanners miss.
• Executive Oversight: This room provides the Board with a real-time "Resilience Scorecard," translating technical vulnerabilities into enterprise risk metrics.

Zero-Trust Architecture (ZTA)

The "Castle and Moat" philosophy is dead. ZTA operates on the mantra: "Never Trust, Always Verify."

• Identity-as-the-New-Perimeter: Access is not granted based on being "on the office Wi-Fi." Every request—from a CEO's laptop or a cloud microservice—requires cryptographic verification and device health attestation.
• Contextual Risk Engines: ZTA uses AI to analyse the "signals" of a login. If a user logs in from Mumbai but their device lacks the latest security patch, or the typing cadence (biometrics) doesn't match, access is denied or "stepped up" to higher authentication.
• Least Privilege Enforcement: Users only see the applications necessary for their specific role. This "darkens" the rest of the network to a potential attacker.

Aggressive "Technical Debt" Liquidation

Legacy systems (Mainframes, old Windows servers, unpatched ERPs) are "sitting ducks" for AI like Mythos, which can scan decades-old codebases in seconds.

• Vulnerability Aging Analytics: Categorize all software by its "exploitability age." Any system running code that hasn't been refactored in 5+ years should be moved to an "Isolated Legacy Zone."
• The "Sunsetting" Mandate: Establish a rigid policy where "End-of-Life" (EOL) means immediate disconnection. If a business unit requires an EOL tool, they must pay a "Security Tax" to fund its modernization.
• Cloud-Native Migration: Prioritize moving legacy workloads to "Serverless" or "Containerized" environments where the underlying infrastructure is patched automatically by the cloud provider.

Micro-Segmentation

In a flat network, one compromised password leads to a total data breach. Micro-segmentation creates "digital bulkheads" similar to a submarine.

• Application-Level Isolation: Every application is wrapped in its own micro-perimeter. A breach in the "Marketing Analytics" tool cannot jump to the "Payroll Database."
• Dynamic Policy Generation: Using AI to observe traffic patterns, the system automatically drafts firewall rules that allow only necessary communication (e.g., "Web Server A can only talk to Database B on Port 443").
• Blast Radius Limitation: Even if an AI agent gains "Admin" rights within one segment, it finds itself trapped in a "cell," unable to see or reach other critical enterprise assets.

Software Bill of Materials (SBOM)

Modern software is a "Lego set" of third-party libraries. If one small library (like Log4j) is vulnerable, your entire enterprise is at risk.

• Supply Chain Transparency: Demand a machine-readable SBOM (in formats like CycloneDX) from every software vendor. This is essentially a "list of ingredients."
• Real-Time Dependency Mapping: If an AI model discovers a zero-day in an obscure open-source library, your SBOM system should instantly flag every application in your company that uses it.
• VEX (Vulnerability Exploitability eXchange): Integrate SBOMs with VEX data to determine not just if a "vulnerable library" exists, but if the library is actually "reachable" and "exploitable" in your specific configuration.

II. AI-Native Defence Operations

Deploy "Virtual Patching"

The "Vulnerability-to-Patch" gap is where hackers win. It takes humans weeks to test and deploy a patch; AI exploits the bug in minutes.

• Immediate Shielding: When a vulnerability is identified, a Web Application Firewall (WAF) or an Intrusion Prevention System (IPS) applies a "virtual patch"—a rule that specifically blocks the traffic pattern required to exploit that bug.
• Zero-Downtime Security: This allows the company to stay protected without rebooting critical servers or disrupting business operations while developers work on the permanent code fix.
• Automated Signature Generation: Advanced defence tools can now analyse a new exploit and write their own virtual patch rules in milliseconds.

Automated Red Teaming

Security is no longer a "once-a-year" audit. It is a continuous battle.

• Continuous Adversarial Simulation: Deploy "Defensive AI" agents that act as "Chaos Monkeys." They constantly try to trick your employees with AI-generated phishing, probe your cloud buckets for misconfigurations, and attempt to crack passwords.
• Evidence-Based Security: Instead of wondering "Are we secure?", you have a daily report of exactly which attacks were attempted and which ones were stopped.
• Evolving Defence: As the Red Team AI learns new tricks from global threat intelligence, your Blue Team (defenders) automatically receives updates on how to counter those specific techniques.

Agentic SOC Orchestration

The human brain cannot process 100,000 security alerts per day. Agentic AI can.

• Reasoning-Capable Agents: Unlike old automation (which followed "If-This-Then-That" rules), Agentic AI can "think." It can see an alert, decide to look at the user's recent emails, check the server logs, and determine if the activity is a real attack or a false alarm.
• Automated Remediation: If a breach is confirmed, the AI agent can autonomously isolate the infected laptop, reset the user's password, and notify the legal team—all in under 30 seconds.
• Cross-Tool Intelligence: These agents act as a "connective tissue" between your firewall, your email security, and your cloud logs, creating a unified defence narrative.

Outbound Traffic Filtering (Egress Control)

Most security focuses on who is entering the network. In the age of data theft, who is leaving is more important.

• "Default Deny" for Outbound: Production servers should never be able to browse the general internet. They should only be allowed to talk to specific, pre-approved update sites or APIs.
• Command & Control (C2) Blocking: When an AI agent infects a system, it must "call home" to receive instructions. Rigorous outbound filtering breaks this link, rendering the malware "blind and deaf."
• Data Exfiltration Prevention: Use AI to monitor the volume and destination of outgoing data. A sudden 50GB transfer to an unknown IP address in a foreign country should be blocked instantly.

Behavioural Anomaly Detection

Hackers today don't "break in," they "log in" using stolen or AI-guessed credentials.

• User & Entity Behaviour Analytics (UEBA): Establish a "baseline of normal" for every employee. If a Corporate Advisor who usually reads "Strategic Reports" suddenly starts downloading "SQL Database Schemas," the system flags the behaviour as an anomaly.
• Time & Velocity Checks: If an account logs in from Mumbai at 9:00 AM and from London at 9:05 AM, the system detects "impossible travel" and locks the account.
• Process Integrity: Monitor how software behaves. If the "Calculator" app suddenly tries to access the "Microphone" or the "Keychain," the AI defence identifies this as a "Process Injection" attack and kills the task.

 

Expert Insight for the Board: The transition to these  steps requires a cultural shift from "Security as a Cost Centre" to "Cyber-Resilience as a Competitive Advantage." In 2026, the companies that survive Claude Mythos-style attacks will be those that treat their digital infrastructure as a living, self-healing organism.

To combat the speed of Claude Mythos, your Identity, Supply Chain, and Recovery protocols must shift from "static barriers" to "dynamic ecosystems."

III. Identity & Access Management (IAM)

Just-in-Time (JIT) Privileges

In a traditional setup, an admin has "god-mode" keys 24/7. If an AI compromises that account at 2 AM, it’s game over. JIT turns these into "Cinderella permissions."

• Ephemeral Tokens: Access is granted via a temporary token that expires in 30, 60, or 120 minutes. Once the task is done, the "key" dissolves.
• Approval Workflows: For high-risk systems, the AI defensive layer requires a "second set of eyes" (human or a verified secondary AI) to authorize the elevation of privileges.
• Zero Standing Risk: By ensuring no one has permanent admin rights, you remove the most valuable target from the attacker’s map. Even if a password is stolen, it grants zero power until a JIT request is validated.

Non-Human Identity (NHI) Governance

Modern enterprises have 10x more "bot" identities (API keys, service accounts, secrets) than human ones. Mythos targets these because they rarely have MFA.

• Secret Rotation: Automatically rotate API keys and passwords every 24 hours. This shrinks the "usability window" for a stolen credential.
• Scoped Permissions: Ensure a service account meant to "Read Weather Data" doesn't have the permission to "Delete Database."
• NHI Discovery: Use AI to find "orphaned" accounts—old bots left behind by former developers that still have access to production environments.

Phishing-Resistant MFA

Traditional 2FA (SMS or App Push) is now trivial for AI to bypass via "MFA Fatigue" attacks or proxy-phishing sites.

• FIDO2 / WebAuthn: Shift to hardware keys (YubiKeys) or device-level Passkeys. These use asymmetric cryptography; the secret never leaves the hardware, making it impossible for an AI to "intercept" the code.
• Eliminating the "Human Hook": By removing the need for a user to type a 6-digit code, you remove the opportunity for an AI to trick them into typing that code into a fake website.

Contractor Credential Hardening

External partners are the "Trojan Horse" of the modern enterprise.

• Siloed Environments: Contractors should work in isolated Virtual Desktop Infrastructures (VDI). They see a screen, but the data never actually touches their local machine.
• Time-Bound Access: Contractor accounts should automatically disable themselves every Friday evening and require re-validation every Monday morning.
• Monitoring "Normalcy": If a contractor’s account usually accesses three specific folders but suddenly starts scanning the entire network, the AI defence should terminate the session instantly.

IV. Development & Supply Chain Security

AI-Integrated CI/CD Pipelines

If your developers are using AI to write code, your security must use AI to check it.

• Static & Dynamic Analysis (SAST/DAST): Integrate "Guardrail AI" into the deployment pipeline. If code contains a logic flaw that Mythos could exploit, the build is "broken" and cannot be deployed to the cloud.
• AI Code Review: Use Large Language Models trained specifically on cybersecurity to read pull requests, flagging not just syntax errors but "semantic vulnerabilities" (e.g., insecure handling of user data).

Managed Artifact Repositories

The "Open Source" world is a minefield of poisoned packages.

• Quarantine Zones: All new libraries downloaded from the internet must sit in a "quarantine repository" for 24 hours while an AI red-teams them for hidden backdoors.
• Version Pinning: Never use the "latest" version of a tool automatically. Use a verified version that has been vetted by your internal security team.
• Digital Signatures: Ensure every piece of code used in your production environment is digitally signed, proving it hasn't been tampered with since it was vetted.

SaaS Posture Management (SSPM)

A single "Public" checkbox in a Salesforce or S3 bucket can leak millions of records.

• Configuration Drift Detection: AI constantly compares your current SaaS settings against a "Golden Standard." If a user accidentally makes a Slack channel public, the SSPM tool switches it back to private automatically.
• Cross-Platform Visibility: Get a single dashboard that shows the security health of Microsoft 365, AWS, ServiceNow, and Zoom simultaneously.

Data Loss Prevention (DLP) for GenAI

Employees often "leak" secrets by asking public AI models to "debug this code" or "summarize this confidential meeting."

• AI Firewalls: Intercept prompts sent to public LLMs. If the prompt contains a credit card number, a private API key, or internal IP addresses, the system redacts the data before it leaves the company.
• Enterprise AI Tunnels: Provide employees with internal, "sanitized" versions of AI tools (like a private instance of Claude or ChatGPT) where the data stays within your corporate boundary and is not used for training.

V. Resilience & Recovery

Immutable Backups

Ransomware now targets backups first to ensure you have to pay.

• WORM Storage: Use "Write Once, Read Many" technology. Once data is backed up, it physically cannot be modified or deleted by any user (even an admin) for a set period (e.g., 30 days).
• Air-Gapped Copies: Keep one copy of your most critical data entirely offline. If the cloud is compromised, the "Gold Copy" remains untouched.
• Automated Recovery Testing: Use AI to constantly "rehearse" the recovery of your data. If a backup is corrupted, you need to know before the disaster strikes.

AI-Specific Tabletop Exercises

Traditional disaster drills are too slow. You need "War Games" for the AI era.

• Hyper-Speed Simulations: Run drills where the "attack" happens in real-time. Can your team make a decision in 2 minutes? If not, what parts of the decision-making process can be handed over to an AI agent?
• The "Human-in-the-Loop" Test: Determine exactly where a human must be involved and where they are just a bottleneck.
• Psychological Readiness: Train staff to recognize "Deepfake" audio or video from the CEO asking for emergency fund transfers or password resets—a hallmark of Mythos-era social engineering.

The New Bottom Line: MTTR vs. MTTD

In the past, we focused on Mean Time to Detection (MTTD)—how long until we see them? In the era of Claude Mythos, detection is instant because the AI is loud and fast. The only metric that matters now is Mean Time to Remediation (MTTR).

Conclusion

The release of Claude Mythos is a "Sputnik moment" for global enterprise. It has exposed the fragility of the digital foundations upon which the global economy is built. However, this is not a counsel of despair. It is a call for an evolutionary leap.

By adopting AI-native defence, embracing zero-trust, and focusing on the speed of remediation over the height of the wall, companies can build a new kind of resilience. We cannot stop the AI from finding the weak points, but we can build systems that are too fast, too segmented, and too "biologically" adaptive for those weak points to matter. The future belongs to the agile, the autonomous, and the resilient. The era of the "unbreakable" castle is over; the era of the self-healing organism has begun.

 

India’s “Scale-Based” Approach to Shadow Banking

 

India’s “Scale-Based” Approach to Shadow Banking

R Kannan

For decades, India’s Non-Banking Financial Companies (NBFCs) operated in a regulatory "grey zone." While they were essential engines of credit—reaching the MSMEs and rural pockets that traditional banks often ignored—they were frequently dismissed as "shadow banks". The dual crises of IL&FS and DHFL served as a brutal wake-up call, proving that some NBFCs had become "too big to fail" while remaining regulated like small, local lenders.

As we progress through 2026, the Reserve Bank of India (RBI) has fully operationalized its Scale-Based Regulation (SBR) framework. This four-tiered pyramid—comprising the Base, Middle, Upper, and Top layers—is not merely a bureaucratic reclassification. It is a sophisticated, "ownership-neutral" regime designed to ensure that as India marches toward a $7 trillion economy, its credit engine remains a "financial fortress" rather than a house of cards.

 

The End of "One Size Fits None"

The core philosophy of SBR is proportionality. In the past, small gold-loan shops were often drowning in paperwork designed for giants, while systemic giants exploited loopholes intended for small shops. The 2026 mandate shifts the intensity of supervision to match the "systemic risk" an entity poses.

At the bottom of the pyramid lies the Base Layer (NBFC-BL), representing over 90% of the industry. By keeping this layer "lean"—exempting them from needing highly specialized, regulator-vetted appointees like a Chief Risk Officer (CRO)—the RBI has created an innovation hub. This allows Fintechs and P2P lenders to experiment and grow without being stifled by the compliance costs of a commercial bank.

The Professionalization Threshold: The Middle Layer

Once an NBFC crosses the ₹1,000 crore asset threshold or begins taking public deposits, it enters the Middle Layer (NBFC-ML). This is the "Professionalization Threshold". Here, the entity is no longer treated as a simple company but as a formal financial institution.

The requirements become significantly more stringent: mandatory appointment of an independent CRO with a fixed tenure to ensure they can say "no" to risky loans without fear of termination. Furthermore, these entities must now transition to the Expected Credit Loss (ECL) framework, providing for potential bad loans based on forward-looking probability rather than waiting for an actual default.

Ownership Neutrality: The Upper Layer Revolution

The most significant pivot in 2026 is the move toward an "ownership-neutral" regime in the Upper Layer (NBFC-UL). Historically, government-owned NBFCs enjoyed exemptions from certain stringent standards. No longer. Massive state-run entities like PFC, REC, and IRFC are now classified as Upper Layer if they meet the criteria, forcing them to adhere to the same capital adequacy and governance standards as their private-sector counterparts. This eliminates "regulatory arbitrage" and ensures that the largest players in the economy—regardless of who owns them—are held to a uniform standard of excellence.

The identification for this elite club (typically 15–20 entities) has also been simplified for transparency. Any entity with an asset size of ₹1,00,000 crore and above is now automatically classified as Upper Layer.

Market Discipline as a Co-Regulator

The RBI is no longer the only one watching the giants. A key pillar of the 2026 strategy is the mandatory listing requirement. Once identified as "Upper Layer," an NBFC has a three-year clock to go public. The logic is brilliant: stock market investors serve as a real-time "early warning system". If a giant NBFC begins hiding bad loans, the stock price will likely tank long before a quarterly audit catches the discrepancy.

To further bolster this "fortress," Upper Layer NBFCs must maintain a Common Equity Tier 1 (CET1) capital buffer of at least 9%, mirroring the Basel III requirements applied to global banks. They must also conduct rigorous Internal Capital Adequacy Assessment Processes (ICAAP)—essentially "stress tests" to prove they can survive an economic downturn.

The "Regulatory ICU": The Top Layer

The Top Layer (NBFC-TL) remains, by design, empty. It serves as a "Red Zone" or "Regulatory ICU". If the RBI identifies an Upper Layer entity as behaving recklessly or exhibiting a liquidity spiral, they can "promote" them to this layer. This is not an honour; it is a lockdown. The RBI can impose immediate restrictions on management compensation, dividend payouts, and branch expansion—a final warning before a forced merger or license cancellation.

Modernizing for 2026: AI, Climate, and Data

The SBR framework has evolved to meet the specific technological and environmental challenges of 2026:

• Responsible AI: For entities using algorithms for credit underwriting, the Board must now personally approve a "Responsible AI" framework to prevent "algorithmic bias" from excluding vulnerable demographic segments.
• Climate Risk: Upper Layer NBFCs are now mandated to disclose their exposure to climate-sensitive sectors like fossil fuels, marking the beginning of "ESG-linked" regulatory monitoring.
• Real-Time Data: The transition from the old "XBRL" reporting to the Centralized Information Management System (CIMS) allows for an automated, granular data flow. This enables the RBI to perform "off-site surveillance" in near real-time, catching systemic stress before it boils over.

Ease of Doing Business: The Type I Revolution

While the "top" of the pyramid faces bank-like rigor, the RBI has also introduced significant relief for the "bottom." The new "Unregistered Type I" category allows investment vehicles and family offices with no customer interface and no public funds to deregister if they stay below the ₹1,000 crore threshold. This removes the RBI from micromanaging closed-loop entities, allowing the regulator to focus its resources on firms that actually impact retail consumers.

Conclusion: Planning for "Regulatory Graduation"

The message for NBFC CEOs in 2026 is clear: don't just plan for business growth; plan for "Regulatory Graduation". Growing from ₹990 crore to ₹1,010 crore is the "most expensive ₹20 crore a company will ever make" because of the "compliance cliff" that follows—suddenly requiring Audit and Risk Management Committees.

By creating a dynamic, scale-based framework that evolves with the economy, India has turned its NBFC sector from a source of systemic anxiety into a source of global confidence. This "moat" of trust is exactly why foreign institutional investors are pouring billions into Indian non-banks. India hasn't just regulated its shadow banks; it has brought them into the light, ensuring they are strong enough to power the nation’s future.

Summary of SBR Layers (2026 Standards)

Layer	Key Criteria	Compliance Intensity
Base	Assets < ₹1,000 Cr	Baseline governance; 90-day NPA recognition
Middle	Assets ≥ ₹1,000 Cr; Deposit-taking	Independent CCO; ECL Framework; CRO mandate
Upper	Assets ≥ ₹1,00,000 Cr	Mandatory Listing; CET1 Buffers (9%); Large Exposure Framework
Top	High systemic risk (Empty by design)	Stricter than Bank-level regulations; restrictions on dividends/compensation

 

RBIs “Biopsy” Approach to Banking is the Global Gold Standard

 

R Kannan

For decades, banking supervision in India followed the logic of an autopsy. When a financial institution failed or a massive fraud was unearthed, regulators and auditors would descend upon the remains to perform a post-mortem. By the time the "cause of death" was determined, the capital was gone, and the public’s trust was often buried with it.

 

As we navigate 2026, the Reserve Bank of India (RBI) has fundamentally rewritten this script. We have moved from the era of "Post-Facto" regulation to the era of the "Live" Financial Institution. The RBI’s shift to a continuous, tech-driven, and risk-sensitive supervisory regime is not just a policy update; it is a paradigm shift that turns compliance from a back-office burden into the very fabric of a bank’s code.

From Snapshots to Motion Pictures

The centrepiece of this transformation is the transition from periodic manual oversight to real-time monitoring through the Centralized Information Management System (CIMS). Traditionally, compliance was a "snapshot"—a monthly or quarterly audit that captured a moment in time. Today, it is a "motion picture".

Through CIMS, regulated entities (REs) now provide structured data feeds that allow the RBI to monitor liquidity and solvency daily. This eliminates the "lag time" that once gave bad actors or incompetent management the shadows they needed to hide systemic stress. By demanding 24/7 compliance, the RBI has ensured that the "health" of the Indian financial system is always visible, in high definition.

The Rise of SupTech and the End of "Black Boxes"

The RBI’s adoption of Supervisory Technology (SupTech)—using AI and Machine Learning to scan vast amounts of bank data—has levelled the playing field. Compliance is no longer just about what a bank chooses to report; it is about what the RBI’s algorithms discover. This "God View" of banking uses active probes like the DAKSH platform to "pull" raw data directly from banks, ensuring a "Single Version of Truth". A bank can no longer show one NPA figure to the public and a different one to the regulator.

However, with great power comes great accountability. As banks adopt Generative AI and "Agentic AI" for credit scoring, the RBI has wisely mandated a "Responsible AI" framework. We have moved beyond the era of "black box" algorithms. Today, banks must provide audits of AI "explainability" to ensure that loan rejections or credit limits are not influenced by hidden biases that lead to financial exclusion.

Killing the Culture of "Evergreening"

Perhaps the most aggressive use of this new technology is the war on "Evergreening"—the practice of masking bad loans by giving a borrower a new loan to pay off the old one. In the past, this was the "Public Enemy No. 1" that hollowed out balance sheets.

Modern AI engines now scan "Related Party Clusters," tracking thousands of transactions to see if money is simply moving in a circle—from the bank to Company A, then to Company B, and finally back to the bank. By identifying these patterns in real-time, the RBI has forced banks to clean their balance sheets immediately rather than hiding Non-Performing Assets (NPAs) until they become unmanageable.

The "Golden Hour" of Cyber-Compliance

In 2026, the speed of commerce is matched only by the speed of cyber threats. The RBI’s "zero-tolerance" policy toward data breaches is exemplified by the strict 6-hour reporting window for significant incidents. For Tier I and II banks, a 24/7 Security Operations Centre (SOC) is now mandatory.

To meet these "Golden Hour" requirements, banks have built internal "War Rooms" where the Chief Information Security Officer (CISO) and Chief Compliance Officer (CCO) sit together. Automation is the only way to survive this environment; banks now use APIs to push data directly from their SOC to the RBI, ensuring that "human hesitation" or internal bureaucracy doesn't delay a report.

Integrating the Physical and the Digital

The 2026 approach recognizes that the "Bank Branch" and the "Bank App" are no longer separate worlds. The RBI now mandates Integrated Monitoring, where physical security—CCTV, fire sensors, and vaults—talks to digital security systems.

Consider the "Locker Scenario". In the past, locker fraud was often an inside job. Today, IoT sensors on vault doors are synced with the bank’s HR system. If a staff member’s biometric is used to open a vault while they are marked as "On Leave," the system physically locks the door and alerts the authorities. Mere "recording" of footage is no longer enough; "active verification" is the new standard.

Behavioural KYC: Ending the 10-Year Cycle

The traditional 10-year cycle for updating customer records is dead, replaced by Perpetual or Event-Based KYC. A student account that typically handles small UPI transfers will now be flagged instantly if it receives a foreign remittance of ₹50 lakhs. While "Static KYC" might label the student as low risk, "Behavioural KYC" identifies the anomaly as high risk. This may trigger a temporary restriction on debits until a Video-KYC (V-KYC) confirms the source of funds, preventing money laundering at "internet speed".

A Financial Incentive for Safety

Crucially, the RBI has turned compliance into a direct financial incentive through the Risk-Based Deposit Insurance Premium. Starting April 2026, banks with superior risk management and supervisory ratings pay lower premiums (8 paise per ₹100) compared to weaker institutions (12 paise). This forces Boards to treat compliance not as a legal obligation to be minimized, but as a core business strategy that directly impacts the bottom line.

The Human Element: Whistleblowing and Mis selling

Despite the focus on AI and data, the RBI has not ignored the human element. New standards for digitized whistleblowing ensure that internal IT teams cannot compromise the anonymity of employees. By hosting these portals on separate clouds and using "Zero-Knowledge Proofs," the system verifies an employee’s status without ever revealing their identity.

Furthermore, the RBI is using speech analytics to combat aggressive mis selling. AI now scans sales call recordings for forbidden phrases like "guaranteed 20% return" or "no risk". If a specific branch shows a pattern of complaints regarding a specific product, the system can automatically halt sales of that product at that location until an investigation is complete.

Conclusion: The Fabric of the Code

The "India Approach" to banking in 2026 is defined by proactive prevention rather than post-facto recovery. By shifting capital from "Audit Departments" to "Data Science Units," banks are moving compliance from the "Back Office" to the "Front Line".

This continuous, "biopsy-based" monitoring ensures that the Indian financial system remains resilient in the face of global volatility, AI-driven fraud, and rapid digitalization. For the global banking community, the message is clear: in the digital age, you cannot regulate by looking in the rearview mirror. You must be in the driver’s seat, watching the road in real-time.

 

Global Standards in Indian Higher Education

  I am happy my write up on, “Strategies and Action Plans for Achieving Global Standards in Indian Higher Education” was published in Journal,  the Prestigious publication of Higher Education Forum.

The document could be read at : https://acrobat.adobe.com/id/urn:aaid:sc:AP:8ac851c5-3196-4d5a-95a9-3d40dd3c5a0a

 

Outcomes of IMF / World Bank Spring Meetings 2026

 Crisis Management to Radical Evolution: Path for Global Resilience

Outcomes of IMF / World Bank Spring Meetings 2026

R Kannan

As the cherry blossoms fade in the Potomac, the dust is settling on the 2024 Spring Meetings of the IMF and World Bank. The official communiqué speaks of "resilience" and "soft landings," and indeed, there is cause for a cautious sigh of relief. Inflation is retreating without the scorched-earth recession many feared. Yet, beneath the veneer of macroeconomic stability, a more dangerous "Great Divergence" is hardening.

The outcome of these meetings reveals a global economy at a crossroads: one path leads to a stabilized, integrated future; the other to a fragmented world where the poorest are left behind in a "lost decade" of debt and climate catastrophe. To prevent the latter, we must move beyond the incrementalism of the past and fully embrace the radical evolution of our global financial institutions.

Summary of the outcomes

Global Economic Outlook & Policy

Resilience and Soft Landing The IMFC highlighted that the global economy has remained remarkably resilient despite recent shocks, with inflation falling faster than expected in most regions. The committee emphasized the goal of a "soft landing," where inflation returns to target without a major recession. This requires careful calibration of monetary policy as central banks pivot from tightening to potential easing.

Divergent Growth Paths While the global outlook is stabilizing, a significant outcome was the recognition of growing divergence between countries. Some advanced economies and emerging markets are seeing robust growth, while many low-income countries are falling further behind. The meetings prioritized policies to prevent this gap from widening through targeted investment and structural reforms.

Fiscal Buffer Restoration A key directive from the IMF was the urgent need for "fiscal consolidation." After years of high spending due to the pandemic and energy crises, member countries were urged to rebuild fiscal buffers. This involves credible medium-term plans to reduce debt levels while protecting the most vulnerable segments of the population.

Monetary Policy Vigilance The meetings concluded that while the "inflation fight" is entering its final stage, central banks must remain data-dependent. The IMF warned against premature easing of interest rates, as service-sector inflation remains sticky. Ensuring price stability remains the primary mandate to foster long-term economic confidence and investment.

Addressing Global Imbalances The IMF committed to enhancing its "External Balance Assessment" methodology to better understand and address global trade and capital imbalances. This includes analysing the drivers of current account surpluses and deficits to ensure they do not lead to systemic instability. The goal is to promote a more balanced and fair global trade environment.

World Bank Evolution & Development

The "World Bank Playbook" Implementation The World Bank Group presented progress on its "Evolution Roadmap," aimed at making the bank "better, faster, and bigger." The outcome included a commitment to streamlined processes to reduce project approval times. This shift focuses on high-impact outcomes rather than just the volume of lending provided to countries.

Mission 300: Energy Access in Africa A major outcome was the launch of "Mission 300," a partnership between the World Bank and the African Development Bank. The goal is to provide 300 million people in Africa with access to electricity by 2030. This initiative recognizes that energy is a fundamental prerequisite for health, education, and economic growth.

Global Health Coverage Expansion The World Bank committed to a new target: providing quality, affordable health services to 1.5 billion people by 2030. This shift moves away from specific disease-focused funding toward strengthening primary healthcare systems. The strategy aims to make health systems more resilient to future pandemics and climate-related health shocks.

Agribusiness and Food Security The "AgriConnect" initiative was spotlighted to help 300 million farmers move up the value chain by 2030. This involves providing better technology, storage, and market access to smallholder farmers. The outcome is intended to enhance global food security and reduce poverty in rural areas significantly.

Empowering Women through Capital The meetings reinforced the goal of providing 80 million more women and women-led businesses with access to capital. Recognizing that gender gaps in finance hinder global GDP growth, the World Bank is scaling up its gender-lens investing. This includes technical assistance to help financial institutions better serve female entrepreneurs.

Debt & Financial Architecture

Global Sovereign Debt Roundtable (GSDR) Progress was made at the GSDR to accelerate debt restructuring for countries in distress. The meetings focused on improving the "Common Framework" to make it more predictable and timely for debtor nations. This includes better coordination between traditional "Paris Club" creditors and new lenders like China.

IMF Quota Increase Completion The IMFC welcomed the progress on the 16th General Review of Quotas, which includes a 50% increase in quota resources. This ensures the IMF remains a quota-based institution with sufficient "firepower" to handle global crises. The increase is a vital step in maintaining the IMF's role at the centre of the global financial safety net.

Third Chair for Sub-Saharan Africa A significant governance outcome was the progress toward creating a 25th seat on the IMF Executive Board for Sub-Saharan Africa. This move is designed to improve the representation and voice of African nations in global economic decision-making. It reflects a commitment to making the IMF more inclusive and representative of its membership.

Resilience and Sustainability Trust (RST) The meetings highlighted the success of the RST, which provides long-term affordable financing for climate and pandemic preparedness. Over 18 countries have already benefited from this tool since its inception. The outcome included calls for further voluntary contributions from wealthy nations to keep the trust adequately funded.

Poverty Reduction and Growth Trust (PRGT) Members pledged to ensure the long-term financial sustainability of the PRGT, which provides zero-interest loans to the world’s poorest countries. Given the high interest rate environment, the IMF emphasized that this trust is more critical than ever. Efforts are underway to bridge the funding gap through internal resources and donor contributions.

Climate, Digital, & Future Risks

Climate Change Mainstreaming Both institutions agreed to further integrate climate risks into their regular "Article IV" economic surveillance. This means the IMF will now routinely evaluate how a country's climate policies impact its fiscal and financial stability. The World Bank also committed to increasing its "Climate Change Action Plan" spending to 45% of total annual financing.

Domestic Resource Mobilization The World Bank and IMF launched a joint initiative to help countries improve their tax collection systems. By improving "Domestic Resource Mobilization," developing countries can reduce their reliance on foreign debt and fund their own development. This includes tackling tax evasion and modernizing digital tax administration tools.

Artificial Intelligence (AI) Oversight The IMF committed to monitoring the systemic risks posed by the rapid adoption of Artificial Intelligence in the financial sector. While acknowledging AI’s potential to boost productivity, the meetings warned of risks to financial stability and labour markets. The Fund will provide policy advice to help members navigate the "AI transition" safely.

Digital Assets and Cross-Border Payments The meetings addressed the need for better regulation of digital assets and the improvement of cross-border payment systems. The goal is to make international transfers faster, cheaper, and more transparent while mitigating money laundering risks. This includes ongoing work on Central Bank Digital Currencies (CBDCs) and their potential global impact.

Strengthening Financial Sector Surveillance The IMFC called for a review of the "Financial Sector Assessment Program" (FSAP) to make it more risk-based and cost-effective. This involves deeper scrutiny of "Non-Bank Financial Institutions" (NBFIs), which now hold a large share of global assets. Ensuring these entities are resilient to market shocks was a high priority for the committee.

Global Cooperation & Institutional Governance

Support for Fragile and Conflict-Affected States The meetings resulted in an increased commitment to "Fragile and Conflict-Affected States" (FCS), which are home to a growing share of the world's poor. The World Bank is deploying more staff to these high-risk areas to ensure aid reaches those in need. This includes specialized financing for countries hosting large numbers of refugees.

Capacity Development Strategy Review The IMF finalized its 2024 Capacity Development (CD) Strategy Review, aiming to integrate technical assistance more closely with policy advice. This ensures that when the IMF recommends a policy, it also provides the training and tools for the country to implement it. CD remains a core pillar, accounting for nearly one-third of the IMF's work.

Addressing Global Fragmentation A recurring theme was the danger of "geoeconomic fragmentation" and its potential to reduce global GDP by up to 7%. Leaders committed to maintaining a rules-based multilateral trading system to prevent the world from splitting into rival blocs. This involves keeping communication lines open even during periods of high geopolitical tension.

Reappointment of the Managing Director During the lead-up to the meetings, Kristalina Georgieva was reappointed for a second five-year term as Managing Director of the IMF. This provides institutional continuity as the Fund navigates the complex global economic landscape. Her leadership will focus on "Rebuilding, Reviving, and Renewing" the global economy through 2029.

Conclusion

The 2024 Spring Meetings have provided the blueprint for a "shared resilience." We have a reappointed leader in Kristalina Georgieva at the IMF, a revamped mission for the World Bank under Ajay Banga, and a 50% increase in IMF quota resources to act as a global safety net.

The global economy has proven its resilience to shocks. Now, it must prove its capacity for justice. We have the tools and the targets; we now need the sustained political will to ensure that the "soft landing" for the few does not become a hard fall for the many.