The Reserve Bank of India (RBI) on Wednesday, 24 April said the Kotak Mahindra bank to stop from issuing new credit card, onboarding new customer through online and mobile banking channel immediately. The action was taken due to the discovery of “serious deficiencies and non-compliances” in certain areas of the bank’s operations.
The RBI issued the action in the interest of customer protection as part of its regulatory measures in response to concerns about compliance and risk management at the bank. However, the private lender is permitted to continue serving its existing customers, including those who already have credit cards.
In a statement, the RBI stated, “The Reserve Bank of India has today, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited (hereinafter referred to as โthe bankโ) to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards. The bank shall, however, continue to provide services to its existing customers, including its credit card customers.”
To read full statement by Kotak Mahindra than : CLICK
Why did RBI Restricts Kotak Mahindra Bank from Onboarding new customer and issuing new credit card?
According to the statement of RBI, โThese actions are necessitated based on significant concerns arising out of Reserve Bankโs IT Examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner. Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc.โ
โFor two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines. During the subsequent assessments, the bank was found to be significantly non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023, as the compliances submitted by the bank were found to be either inadequate, incorrect or not sustained.โ
They also added, โIn the absence of a robust IT infrastructure and IT Risk Management framework, the bankโs Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences. The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth.โ
What impact will fall to the existing customer?
Although Kotak Mahindra Bank is prohibited from onboarding new customers, the RBI’s action does not prevent the bank from providing services to its existing customers, including those with credit cards.
Therefore, if you are currently a customer of Kotak Mahindra Bank or a user of its credit cards, there will be no impact on the services you receive.
The RBI said that The restrictions will be reassessed after the completion of a thorough external audit commissioned by the bank with prior approval from the RBI. The bank must address all deficiencies identified in the external audit, as well as any observations from RBI inspections, to the satisfaction of the Reserve Bank. Additionally, these restrictions do not affect any other regulatory, supervisory, or enforcement actions that may be taken against the bank by the RBI.
