India’s RBI orders Kotak Mahindra Bank to cease onboarding new customers digitally
The Reserve Bank of India (RBI) has ordered Kotak Mahindra Bank to “cease and desist” the onboarding of new customers via its online and mobile banking channels and to stop the issuance of new credit cards, effective immediately.
Kotak Mahindra Bank barred from onboarding new customers online by RBI
Kotak Mahindra Bank, India’s fourth largest private lender, will continue providing services to its existing customers, including credit card customers.
The central bank says its actions are “necessitated based on significant concerns arising out of Reserve Bank’s IT Examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner”.
The RBI claims its examination found “serious deficiencies and non-compliances” in the areas of data security and data leak prevention strategy, business continuity and disaster recovery rigour, IT inventory management, patch and change management, user access management, and vendor risk management.
The central bank writes: “In the absence of a robust IT infrastructure and IT risk management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences. The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth.”
Despite what it calls “continuous high-level engagement” with Kotak Mahindra Bank to address the aforementioned concerns, the central bank claims that “the outcomes have been far from satisfactory”.
“The Reserve Bank, therefore, has decided to place certain business restrictions on the bank as mentioned above, in the interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems,” the RBI says.
“The restrictions now being imposed will be reviewed upon completion of a comprehensive external audit to be commissioned by the bank with the prior approval of RBI, and remediation of all deficiencies that may be pointed out in the external audit as well as the observations contained in the RBI Inspections, to the satisfaction of the Reserve Bank,” it adds.
Established in 1985, Kotak Mahindra Bank obtained its banking licence from the RBI in 2003. It provides a range of financial services including stock broking, commercial and investment banking, mutual funds, and life insurance.
