- The RBI has taken decisive action against Kotak Mahindra Bank, barring the institution from onboarding new customers online and issuing fresh credit cards, effective immediately.
- The decision comes on the heels of significant concerns arising from the RBI’s IT examinations of the bank for the years 2022 and 2023, exacerbated by the bank’s perceived failure to adequately address these issues in a timely manner.
- According to the RBI’s release, Kotak Mahindra Bank exhibited notable deficiencies in IT inventory management, patch and change management, user access management, vendor risk management, data security, and disaster recovery protocols.
- Kotak Mahindra Bank, founded in 1985 as Kotak Capital Management Finance, evolved into a full-fledged bank in 2003, offering a spectrum of financial services.
In a move driven by data security apprehensions and infrastructural inadequacies, the Reserve Bank of India (RBI) has taken decisive action against Kotak Mahindra Bank, barring the institution from onboarding new customers online and issuing fresh credit cards, effective immediately. Despite this measure, existing clientele, including credit card holders, will continue to be served.
Citing authority under Section 35A of the Banking Regulation Act, 1949, the RBI directed Kotak Mahindra Bank to halt the onboarding of new customers via online and mobile banking platforms and cease issuing new credit cards. The decision comes on the heels of significant concerns arising from the RBI’s IT examinations of the bank for the years 2022 and 2023, exacerbated by the bank’s perceived failure to adequately address these issues in a timely manner.
According to the RBI’s release, Kotak Mahindra Bank exhibited notable deficiencies in IT inventory management, patch and change management, user access management, vendor risk management, data security, and disaster recovery protocols. The bank’s persistent non-compliance with regulatory guidelines and corrective action plans over two consecutive years further exacerbated these concerns.
The RBI underscored the detrimental impact of the bank’s deficient IT infrastructure on digital banking channels, citing frequent outages that have inconvenienced customers, with the most recent disruption occurring on April 15, 2024. This lack of operational resilience, compounded by the bank’s failure to scale IT systems commensurate with its growth, has prompted regulatory intervention.
Despite sustained engagement between the RBI and Kotak Mahindra Bank aimed at rectifying these issues, the outcomes have fallen short of expectations. With the bank’s digital transactions witnessing rapid growth, including credit card transactions, the RBI deemed it imperative to safeguard customer interests and the stability of the financial ecosystem by imposing necessary restrictions.
The imposed restrictions will undergo review following a comprehensive external audit commissioned by the bank, subject to RBI approval. Remediation of identified deficiencies, alongside addressing RBI inspection observations, is essential for the restrictions to be lifted. Moreover, the RBI clarified that these measures are not exclusive and do not preclude additional regulatory or enforcement actions against the bank.
Kotak Mahindra Bank, founded in 1985 as Kotak Capital Management Finance, evolved into a full-fledged bank in 2003, offering a spectrum of financial services. As of December 31 last year, the bank boosted 4.8 crore customers, 1,869 branches, and 3,239 ATMs, reflecting its substantial footprint in the Indian banking landscape.
(With inputs from agencies)
