Published on: April 26, 10:12 IST
Reserve Bank of India (RBI) has taken action against Kotak Mahindra Bank, barring it from onboarding new customers through online and mobile banking channels, as well as issuing fresh credit cards. The decision, announced on Wednesday, comes amid mounting concerns over the bank’s IT infrastructure and its failure to address issues highlighted during RBI’s examinations in 2022 and 2023.
According to the RBI statement issued on April 24, the bank will continue to serve existing customers, including those with credit cards. However, the regulatory authority expressed deep-seated worries about Kotak Mahindra Bank’s consistent shortcomings in IT Risk and Information Security Governance for two consecutive years, contrary to regulatory guidelines.
The restrictions are imposed in the interest of customers and to avert potential prolonged outages that could severely disrupt not only the bank’s customer service but also the broader digital banking and payment ecosystem.
Details of RBI’s Action:
The RBI highlighted the bank’s deficient IT infrastructure and risk management framework, which has led to frequent and significant outages in its core banking system (CBS) and digital channels over the past two years. The most recent disruption occurred on April 15, 2024, causing substantial inconvenience to customers.
The central bank noted that Kotak Mahindra Bank’s operational resilience remains inadequate due to its failure to develop IT systems and controls commensurate with its growth trajectory. Despite ongoing engagement between the RBI and the bank to address these concerns, the outcomes have been unsatisfactory.
Furthermore, the surge in the volume of the bank’s digital transactions, including credit card transactions, has added strain to its IT systems, exacerbating the situation.
The RBI’s intervention underscores the critical need for banks to maintain robust IT infrastructure and risk management practices, especially in the rapidly evolving digital landscape. It serves as a reminder to financial institutions of their responsibility to ensure uninterrupted and secure services for customers, while also upholding regulatory standards.
