April 25, 2024

||Black and White Digital News||

In a swift and decisive move, the Reserve Bank of India (RBI) has ordered Kotak Mahindra Bank to halt the onboarding of new customers through its online and mobile banking channels, as well as cease the issuance of fresh credit cards effective immediately. The central bank cited “serious deficiencies” and “non-compliance” related to IT risk management and information security governance at the private lender during the years 2022 and 2023.

Confirming the directive, Kotak Mahindra Bank released a statement acknowledging receipt of the RBI’s order. The bank emphasized its commitment to resolving the identified issues promptly, stressing that measures are underway to fortify its IT systems and regain compliance. Despite these restrictions, the bank reassured existing customers of uninterrupted service delivery, including credit card facilities and access to mobile and net banking.

The RBI’s decision follows an in-depth examination highlighting significant concerns regarding the bank’s IT infrastructure and risk management protocols. Specifically, deficiencies were noted in IT inventory management, patch and change management, user access control, vendor risk assessment, data security, and disaster recovery preparedness.

The repercussions of these inadequacies were evident in recurring service disruptions over the past two years, with the most recent outage occurring on April 15, 2024, leading to substantial inconveniences for customers relying on the bank’s Core Banking System (CBS) and digital banking platforms.

Citing Section 35A of the Banking Regulation Act, 1949, the RBI invoked its authority to issue directives aimed at safeguarding depositors’ interests and preventing adverse impacts on the banking company. The regulator found Kotak Mahindra Bank to be “materially deficient” in establishing operational resilience, primarily due to its failure to scale IT infrastructure in tandem with its business growth.

The central bank disclosed a history of ongoing engagement with the bank to address these concerns, yet the outcomes fell short of expectations, culminating in the recent enforcement action.

This development bears resemblance to similar actions taken against other Indian banks in recent years. Last year, Bank of Baroda faced similar restrictions following allegations of employees engaging in fraudulent customer onboarding via its mobile banking application. In 2020, HDFC Bank was also directed by the RBI to suspend certain digital initiatives and credit card sourcing due to recurring outages in its online platforms.

The RBI’s intervention underscores the critical importance of robust IT governance and risk management frameworks within the banking sector. As Kotak Mahindra Bank navigates this regulatory setback, the industry’s collective focus remains on enhancing operational resilience and ensuring uninterrupted services for all customers.