The Reserve Bank of India (RBI) has directed the Kotak Mahindra bank to stop onboarding new customers through its online and mobile banking channels. The RBI has also ordered Kotak Mahindra Bank to stop issuing new credit cards to customers.

However, the Kotak Mahindra Bank can continue offering the above services to its existing customers, including its credit card users.

“The Reserve Bank of India has today, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited (hereinafter referred to as ‘the bank’) to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards. The bank shall, however, continue to provide services to its existing customers, including its credit card customers,” RBI said in a statement today (April 24, 2024).

What Kotak Mahindra Bank can’t do now

As per RBI order, the Kotak Mahindra Bank,

• Can’t Issue New Credit Cards
• Can’t Add Mobile Banking Customers
• Can’t Add Online/Net Banking customers

Also Read: RBI Key Facts Statement Format, Validity, Features, Benefits, Rules – Explained

Why this action

RBI has taken the above action against Kotak Mahindra Bank following its IT examination for the years 2022 and 2023.

The RBI noted continued failure on part of the bank to address these concerns in a comprehensive and timely manner.

“Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc,” RBI said.

The central bank further said that for two consecutive years, the bank was assessed to be “deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines.”

“During the subsequent assessments, the bank was found to be significantly non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023, as the compliances submitted by the bank were found to be either inadequate, incorrect or not sustained,” RBI said.

Also Read : Kotak Bank Sees Rs. 300-500 Crore Hit to Profit After RBI Curbs

According to RBI’s statement, Kotak Mahindra Bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years due to the absence of a robust IT infrastructure and IT Risk Management framework.

The recent outage was on April 15, 2024 that resulted in “serious” inconveniences to customers.

“The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth,” RBI said.

The central bank further said it has placed restrictions on the bank “in the interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems.”

The RBI will next review the above restrictions after completion of a comprehensive external audit to be commissioned by the bank with the prior approval of RBI.

Want to learn the art and science of managing your money? The 1% Club can help. Details here