RBI restrictions on Kotak Mahindra emphasise IT infrastructure gaps

The Reserve Bank of India (RBI) has imposed curbs on Kotak Mahindra Bank Limited as part of its efforts to safeguard the financial system’s stability. The bank is barred from onboarding new online and mobile banking customers and issuing new credit cards.

This action follows concerns identified during the RBI’s IT examinations of Kotak Bank in 2022 and 2023. The examinations revealed shortcomings in the bank’s IT infrastructure and risk management practices.


Source: PTI

In the exercise of its authority under Section 35A of the Banking Regulation Act, 1949, the Reserve Bank of India on April 24, 2024, ordered Kotak Mahindra Bank Limited to immediately stop onboarding new customers through its online and mobile banking channels and issuing new credit cards. Nonetheless, the bank will keep offering its current clientele, including those who use credit cards, services.

These steps are required due to serious issues raised by the Reserve Bank’s IT examination of the bank for the years 2022 and 2023, as well as the bank’s ongoing inability to adequately and promptly address these issues.

RBI’s Concerns and decision

The RBI’s IT examinations of Kotak Mahindra Bank Limited uncovered serious deficiencies in various areas, leading to the decision to impose business restrictions. The bank was found to be lacking in its IT risk and information security governance for two consecutive years, despite regulatory guidelines mandating otherwise.

Additionally, the bank was unable to comply with Corrective Action Plans issued by the RBI for the years 2022 and 2023, with submitted compliances being deemed inadequate, incorrect, or not sustained.

The business restrictions imposed by the RBI will have a significant impact on both the bank and its customers. The bank is now prohibited from onboarding new customers through its online and mobile banking channels and issuing fresh credit cards. However, the bank can continue to provide services to its existing customers, including those with credit cards.

These restrictions aim to prevent prolonged outages that could severely impact the bank’s ability to provide efficient customer service and the financial ecosystem of digital banking and payment systems. The RBI’s decision underscores the importance of robust IT infrastructure and IT Risk Management frameworks in ensuring the smooth functioning of banking services.

The restrictions that are currently in place will be reviewed following the completion of a comprehensive external audit, which will be commissioned by the bank with the prior approval of the RBI, and the remediation of all deficiencies identified in the external audit as well as the observations contained in the RBI inspections, to the satisfaction of the Reserve Bank.

Furthermore, these restrictions are not in conflict with any other regulatory, supervisory, or enforcement action that the Reserve Bank may take against the bank.

Addressing the Issues

To have the business restrictions lifted, Kotak Bank must address the deficiencies highlighted by the RBI. The bank is mandated to commission a comprehensive external audit with prior approval from the RBI, remediate all identified deficiencies, and address the observations contained in the RBI inspections.

Kotak Bank must prioritise the development of a robust IT infrastructure and IT risk management framework to prevent frequent outages and ensure efficient service delivery. This includes addressing concerns in areas such as IT inventory management, patch and change management, user access management, vendor risk management, data security, and business continuity.

Furthermore, Kotak Bank must ensure that its growth in digital transactions is supported by adequate IT systems and controls. This will necessitate investments in IT infrastructure and the implementation of robust risk management practices to ensure the bank’s digital channels can handle the increasing volume of transactions.

In an email to his employees, Kotak Mahindra Bank’s CEO Ashok Vaswani admitted that the explosive growth in business through digital channels has increased the need for a completely different level of technology infrastructure. At the same time, he assured that the bank will resolve issues raised by the RBI in “short order”.

Leave a comment

Subscribe To Newsletter

Stay ahead in the dynamic world of trade and commerce with India Business & Trade's weekly newsletter.