RBI bars Kotak Mahindra Bank from onboarding fresh customers via online, mobile banking; asks it to stop issuing fresh credit cards

The Reserve Bank of India (RBI) has instructed Kotak Mahindra Bank to immediately stop onboarding new customers through its online and mobile banking channels and cease issuing new credit cards. This regulatory action was taken due to concerns about the bank’s compliance and risk management practices.
However, RBI has directed Kotak Mahindra Bank to continue providing services to its existing customers, including its credit card customers.
“The Reserve Bank of India has today, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited (hereinafter referred to as ‘the bank’) to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards. The bank shall, however, continue to provide services to its existing customers, including its credit card customers,” the RBI statement read.
The RBI’s decision was triggered by significant deficiencies and non-compliances observed during the central bank’s IT examination of Kotak Mahindra Bank for two consecutive years, 2022 and 2023. The bank consistently failed to address these concerns in a comprehensive and timely manner.
The RBI noted serious shortcomings in areas such as IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, among others.
Despite the RBI issuing corrective action plans for both years, subsequent assessments revealed that the bank remained significantly non-compliant, with inadequate, incorrect, or unsustainable compliances submitted by the bank.
“In the past two years, the Reserve Bank has been in continuous high-level engagement with the bank on all these concerns with a view to strengthening its IT resilience, but the outcomes have been far from satisfactory. It is also observed that, of late, there has been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which is building further load on the IT systems,” RBI noted.
The Reserve Bank of India has mandated that the current limitations will undergo a thorough assessment following the conclusion of an extensive independent audit. This audit will be initiated by the bank, subject to prior authorization from the RBI. Furthermore, all shortcomings identified during the external audit, as well as the findings outlined in the RBI Inspections, must be adequately addressed and rectified to the satisfaction of the Reserve Bank before the restrictions can be lifted, the central bank has said.

Leave a Comment

Your email address will not be published. Required fields are marked *