Site icon Revoi.in

Kotak Mahindra Bank Barred from Taking New Online Customers, Issuing New Credit Cards

Social Share

NEW DELHI, Apr 24: Citing data security concerns and deficient IT infrastructure, the Reserve Bank of India on Wednesday barred Kotak Mahindra Bank from enrolling new customers online and issuing new credit cards with immediate effect. The bank can, however, continue to serve its current customers, including those holding credit cards.

“The Reserve Bank of India has today, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited (hereinafter referred to as ‘the bank’) to cease and desist, with immediate effect, from (1) onboarding of new customers through its online and mobile banking channels and (II) issuing fresh credit cards. The bank shall, however, continue to provide services to its existing customers, including its credit card customers,” the central bank said in a release.

The RBI said the actions were based on “significant concerns arising out of Reserve Bank’s IT Examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner.”

Immediately afterwards Kotak Mahindra Bank in a release said it would welcome new customers at its branches and would also be provided with all services except issuing new credit cards. A statement from Kotak Mahindra Bank said it had taken “measures for adoption of new technologies to strengthen its IT systems” and that it would work with the RBI to “swiftly resolve balance issues at the earliest”.

“We have received an order from the RBI which directs us to temporarily pause onboarding of new customers though our online and mobile banking channels and issuance of fresh credit cards. The bank has taken measures for adoption of new technologies to strengthen its IT systems and will continue to work with RBI to swiftly resolve balance issues at the earliest,” Kotak Bank said.

“We want to reassure our existing customers of uninterrupted services, including credit card, mobile and net banking. Our branches continue to welcome and onboard new customers, providing them with all the Bank’s services, apart from issuance of new credit cards,” it said.

The RBI said there were “serious deficiencies” in the way Kotak Mahindra Bank manages its IT inventory and secures its data. “Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc. For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines,” the RBI said.

“During the subsequent assessments, the bank was found to be significantly non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023, as the compliances submitted by the bank were found to be either inadequate, incorrect or not sustained,” it added.

The RBI noted that due to the absence of a robust IT infrastructure, the bank’s digital banking channels have suffered frequent outages and inconvenienced customers. “In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences. The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth,” it said.

“In the past two years, the Reserve Bank has been in continuous high-level engagement with the bank on all these concerns with a view to strengthening its IT resilience, but the outcomes have been far from satisfactory. It is also observed that, of late, there has been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which is building further load on the IT systems,” the RBI said.

The central bank has said it has decided to place some curbs on the bank in the interest of the customers. “The Reserve Bank, therefore, has decided to place certain business restrictions on the bank as mentioned above, in the interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems,” the RBI said.

The curbs, the central bank said, will be review after an audit and corrective steps. “The restrictions now being imposed will be reviewed upon completion of a comprehensive external audit to be commissioned by the bank with the prior approval of RBI, and remediation of all deficiencies that may be pointed out in the external audit as well as the observations contained in the RBI Inspections, to the satisfaction of the Reserve Bank. Further, these restrictions are without prejudice to any other regulatory, supervisory or enforcement action that may be initiated against the bank by the Reserve Bank,” the RBI said.

Kotak Mahindra’s journey started in 1985 when Uday Kotak founded Kotak Capital Management Finance as an investment and financial services company. The next year, Anand Mahindra and his father Harish Mahindra invested in the company, and it was renamed Kotak Mahindra Finance.

In 2003, Kotak Mahindra Finance Ltd. received banking licence from the RBI and became the first non-banking finance company in India to convert into a bank. The bank currently offers services ranging from commercial banking to stock broking to mutual funds to insurance and investment banking.

As on December 31 last year, the bank has 4.8 crore customers, 1,869 branches and 3,239 ATMs.

(Manas Dasgupta)