Kotak Mahindra Bank has also been asked to stop issuing fresh credit cards
The RBI cited the private sector lender’s “continued” failure to address the central bank’s concerns following its IT audit as the reason for the move
The RBI said that the bank will continue to provide services to its existing customers, including its credit card customers
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
The Reserve Bank of India (RBI) has barred Kotak Mahindra Bank from onboarding new customers through its online and mobile banking channels.
In a statement issued on Wednesday (April 24), the central bank said, “The Reserve Bank of India has today, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards.”
However, the RBI said that the bank will continue to provide services to its existing customers, including its credit card customers.
The central bank said that it took the steps based on concerns following its IT examination of the bank and the latter’s “continued” failure to address these concerns in a comprehensive and timely manner.
“Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill,” the RBI said.
The central bank said that for two consecutive years – 2022 and 2023 – the bank was assessed to be deficient in its IT risk and information security governance.
Kotak Mahindra Bank was found to be non-compliant with taking the corrective action plans issued by the RBI, as the compliances it submitted to the central bank were found to be either inadequate, incorrect or not sustained, the RBI noted.
It is pertinent to note that this is not the first time the central bank has taken such a measure. In 2020, the RBI notified similar restrictions on HDFC Bank, barring the latter from launching its forthcoming digital business-generating activities and from sourcing new credit card customers.
The restrictions on HDFC Bank were lifted almost two years later in 2022.
In its notification today, the RBI claimed that it was in continuous engagement with Kotak Mahindra Bank to strengthen its IT resilience, but the outcomes have been far from satisfactory.
The RBI explained that of late, there has also been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which was building further load on Kotak Mahindra Bank’s IT systems.
Hence, the central bank decided on the restrictions in the interest of customers and to prevent any possible prolonged outage, which might adversely impact the bank’s ability to render efficient customer service and the financial ecosystem of digital banking and payment systems.
“The restrictions now being imposed will be reviewed upon completion of a comprehensive external audit to be commissioned by the bank with the prior approval of RBI, and remediation of all deficiencies that may be pointed out in the external audit as well as the observations contained in the RBI Inspections, to the satisfaction of the Reserve Bank,” it added.
The RBI has taken a number of steps in recent years to better regulate the fast-growing digital banking and lending space. The central bank’s actions included coming out with digital lending guidelines and formulating a framework for payment aggregators.
Earlier this year, the RBI also took action against Paytm Payments Bank, restricting it from undertaking multiple business activities. However, the action against the payments bank was due to “persistent non-compliances and continued material supervisory concerns”.
Last year, the RBI also ordered Bank of Baroda to suspend onboarding customers on its ‘bob World’ mobile application.
{{#name}}{{name}}{{/name}}{{^name}}-{{/name}}
{{#description}}{{description}}...{{/description}}{{^description}}-{{/description}}
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.