New Delhi: In a major development, the Reserve Bank of India (RBI) on Wednesday ordered Kotak Mahindra Bank to stop onboarding new customers through online and mobile banking channels, and also barred it from issuing fresh credit cards with immediate effect, citing supervisory concerns.
“These actions are necessitated based on significant concerns arising out of Reserve Bank’s IT examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner,” the banking regulator said in a statement.
Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc, it added.
However, there is no need for concern for existing customers, the RBI clarified. The bank shall continue to provide services to its existing customers, including its credit card customers. The orders do not prevent the bank from onboarding new customers through its branches or to issue new debit cards.
Reacting on the development, Kotak Mahindra Bank said in a statement: “The bank has taken measures for adoption of new technologies to strengthen its IT systems and will continue to work with RBI to swiftly resolve balance issues at the earliest.”
“We want to reassure our existing customers of uninterrupted services, including credit card, mobile and net banking. Our branches continue to welcome and onboard new customers, providing them with all the bank’s services, apart from issuance of new credit cards,” Kotak Mahindra Bank said in a statement released after the RBI’s directive.
In its ‘supervisory action against Kotak Mahindra Bank Limited under Section 35A of the Banking Regulation Act, 1949’, the RBI noted that the private sector lender was found to be significantly non-compliant with the corrective action plans issued by the central bank for the years 2022 and 2023. “The compliances submitted by the bank were found to be either inadequate, incorrect or not sustained.”
The RBI further noted that in the absence of a robust IT infrastructure, the bank’s core banking system and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences.
“The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth,” the central bank said.
The RBI noted that it has imposed certain business restrictions on Kotak Mahindra Bank in the “interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems.”
But why the action? Serious deficiencies, non-compliances observed in IT inventory management, data security among others, RBI says, has affected Kotak's core banking system and its online, digital banking channels have suffered frequent outages.
Restrictions have been imposed in “interest of customers and to prevent any possible prolonged outage". But services to its existing customers, including its credit card customers, will continue uninterrupted.