RBI bars Kotak Mahindra Bank from onboarding new customers online, issuing fresh credit cards
3 min readThe Reserve Bank of India (RBI) on Wednesday directed Kotak Mahindra Bank Limited to cease onboarding of new customers via its on-line and cellular banking with rapid impact and in addition barred the financial institution from issuing fresh credit cards.
The financial institution shall, nonetheless, proceed to offer companies to its present customers, together with its credit card customers, the RBI mentioned.
“In the absence of a strong IT infrastructure and IT Risk Management framework, the financial institution’s Core Banking System (CBS) and its on-line and digital banking channels have suffered frequent and important outages within the final two years, the current one being a service disruption on April 15, 2024, leading to critical buyer inconveniences. The financial institution is discovered to be materially poor in constructing needed operational resilience on account of its failure to construct IT methods and controls commensurate with its progress,” the RBI order states.
The enterprise restrictions on Kotak Mahindra Bank have been imposed within the curiosity of customers and to stop any potential extended outage which can critically impression not solely the financial institution’s capability to render environment friendly customer support but additionally the monetary ecosystem of digital banking and fee methods, based on the RBI order.
The RBI mentioned Kotak Mahindra Bank was assessed to be poor in its IT Risk and Information Security Governance for 2 consecutive years, opposite to necessities beneath Regulatory pointers. During the next assessments, the financial institution was discovered to be considerably non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023, because the compliances submitted by the financial institution had been discovered to be both insufficient, incorrect or not sustained.
These actions are necessitated based mostly on important issues arising out of the Reserve Bank’s IT Examination of the financial institution for the years 2022 and 2023 and the continued failure on the a part of the financial institution to handle these issues in a complete and well timed method. Serious deficiencies and non-compliances had been noticed within the areas of IT stock administration, patch and alter administration, consumer entry administration, vendor danger administration, information safety and information leak prevention technique, enterprise continuity and catastrophe restoration rigour and drill, and many others.
In the previous two years, the Reserve Bank has been in steady high-level engagement with the financial institution on all these issues with a view to strengthening its IT resilience, however the outcomes have been far from passable. It can be noticed that, of late, there was fast progress within the quantity of the financial institution’s digital transactions, together with transactions pertaining to credit cards, which is constructing additional load on the IT methods.
The restrictions now being imposed will likely be reviewed upon completion of a complete exterior audit to be commissioned by the financial institution with the prior approval of RBI, and remediation of all deficiencies that could be identified within the exterior audit in addition to the observations contained within the RBI Inspections, to the satisfaction of the Reserve Bank. Further, these restrictions are with out prejudice to every other regulatory, supervisory or enforcement motion that could be initiated towards the financial institution by the Reserve Bank.
(With inputs from IANS)