RBI takes significant measures against Kotak Mahindra Bank!
Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc, the RBI said.
In a significant setback for Kotak Mahindra Bank, the Reserve Bank of India (RBI) has imposed restrictions on the private sector bank. The RBI prohibits the bank from digitally onboarding new customers and issuing fresh credit cards, as stated in a press release issued by the apex bank on Wednesday.
The supervisory action against Kotak Mahindra Bank has been taken under Section 35A of the Banking Regulation Act, 1949, according to the release. It further explains that these actions were prompted by substantial concerns arising from the Reserve Bank’s IT Examination of the bank for the years 2022 and 2023. Additionally, the bank’s continued failure to comprehensively and promptly address these concerns has led to these measures.
As per the release, the RBI instructed the bank to halt immediately: (i) the onboarding of new customers through its online and mobile banking channels, and (ii) the issuance of new credit cards. However, the bank is required to maintain its services for existing customers, including those with credit cards.
The release stated, “For two consecutive years, the bank was found to be lacking in its IT Risk and Information Security Governance, which goes against regulatory guidelines. In subsequent assessments, the bank was discovered to be substantially non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023. The bank’s compliance submissions were deemed either insufficient, inaccurate, or not upheld.”
According to the RBI, due to the lack of a robust IT infrastructure and IT Risk Management framework, Kotak Mahindra Bank has experienced frequent and significant outages in its Core Banking System (CBS) and its online and digital banking channels over the past two years. The most recent incident occurred on April 15, 2024, resulting in considerable inconvenience for customers. The bank has been found to be substantially deficient in establishing necessary operational resilience due to its failure to develop IT systems and controls that align with its growth trajectory.
In an official statement, Kotak Mahindra Bank mentioned, “The Bank has implemented measures to adopt new technologies to enhance its IT systems and is committed to collaborating with the RBI to promptly address any outstanding issues. We assure our existing customers of uninterrupted services, including credit card, mobile, and net banking. Our branches continue to welcome and serve new customers, offering them access to all the Bank’s services except for the issuance of new credit cards.”
