In a recent directive, the Reserve Bank of India (RBI) has mandated Kotak Mahindra Bank to halt the onboarding of new customers through its online and mobile banking platforms, effective immediately. Additionally, the RBI has prohibited the bank from issuing fresh credit cards.
According to the RBI statement, issued under the authority of Section 35A of the Banking Regulation Act, 1949, “The Reserve Bank of India has today, in exercise of its powers… directed Kotak Mahindra Bank Limited… to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards.”
The regulatory body has also imposed restrictions on Kotak Mahindra Bank regarding the issuance of new credit cards. However, existing customers and credit card holders will continue to receive services without disruption.
RBI emphasized, “The bank shall, however, continue to provide services to its existing customers, including its credit card customers.”
These stringent measures by the RBI stem from concerns raised during the central bank’s IT examinations conducted in 2022 and 2023. The examinations revealed significant deficiencies and non-compliances in various areas including IT inventory management, patch and change management, user access management, vendor risk management, data security, and data leak prevention strategy, among others.
In its statement, the RBI highlighted, “Serious deficiencies and non-compliances were observed… For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines.”
Despite receiving corrective action plans from the RBI for both 2022 and 2023, Kotak Mahindra Bank failed to demonstrate compliance during subsequent evaluations. The submissions made by the bank regarding compliance were deemed insufficient, inaccurate, or unsustainable.
The RBI’s actions underscore its commitment to maintaining robust governance and risk management standards within the banking sector, ensuring the safety and security of customer data and financial transactions.