The Reserve Bank of India has taken stringent action against Kotak Mahindra Bank, instructing the BANK to halt the onboarding of new customers via its online and mobile banking platforms, as well as suspending the issuance of fresh credit cards. However, existing customers, including credit card holders, will continue to receive services, as confirmed by the RBI.
This move comes in response to grave concerns raised by the RBI's IT examination of the bank for the years 2022 and 2023, with ongoing issues remaining unaddressed by Kotak Mahindra Bank in a timely and comprehensive manner, according to the RBI's statement.
The RBI's examination revealed serious deficiencies and non-compliances in various crucial areas, including IT inventory management, patch and change management, user access management, vendor risk management, data security, and disaster recovery protocols. Moreover, for two consecutive years, the bank failed to meet the requirements outlined in regulatory guidelines for IT risk and information security governance.
Despite corrective action plans issued by the RBI in previous years, Kotak Mahindra Bank was found to be significantly non-compliant, with submissions either inadequate, incorrect, or unsustainable. The lack of a robust IT infrastructure and risk management framework has resulted in frequent and significant outages in the bank's core banking system and digital channels, with a notable disruption occurring as recently as April 15, 2024, causing substantial inconvenience to customers.
The RBI emphasizes the bank's material deficiency in establishing operational resilience, attributing this failure to its inability to develop IT systems and controls commensurate with its growth trajectory. This regulatory action underscores the critical importance of maintaining robust IT infrastructure and adherence to regulatory guidelines in ensuring the stability and reliability of banking services for customers.