RBI prohibits Kotak Bank from providing new credit cards and digital customer onboarding. The Indian central bank issued an order on Wednesday, citing significant flaws in Kotak Mahindra Bank’s IT infrastructure and risk management procedures, directing the firm to immediately stop accepting new clients through its online and mobile banking channels as well as to stop extending new credit cards.
Why RBI prohibits Kotak Bank.
The fourth-most valuable bank in India is Kotak Mahindra Bank. Additionally, it is a major supporter of other fintech firms in the nation, such as KredX and Rupeek. The lender, who also invests in numerous startups, collaborates with numerous fintech companies to provide co-branded credit cards and credit to SMEs and MSMEs.
In recent years, the lender’s internet product, Kotak811, has become its most effective method for acquiring new customers. Kotak811, which enables digital and in-person client onboarding approximately 20 million consumers are served in “three minutes” with no documentation.
Significant concerns arising from its IT inspections of Kotak Mahindra Bank for the years 2022 and 2023 led the Reserve Bank of India (RBI) to announce that it was placing the limits on the bank. In areas including data security, vendor risk management, user access control, patch and change management, IT inventory management, and business continuity planning, the central bank discovered significant flaws and non-compliance, it claimed.
The RBI claimed that despite being closely watched and having high-level talks with it over the previous two years, Kotak Mahindra Bank has not sufficiently addressed these problems or put in place appropriate corrective measures. The bank’s digital channels and core banking system have frequently and significantly disruptions, the most recent of which happened on April 15, 2024, severely inconveniencing consumers, the RBI continued.
The RBI claimed that the bank’s already inadequate IT infrastructure have been further taxed by the quick expansion of digital operations, especially credit card transactions. The central bank issued a warning that extended outages might negatively affect the bank’s capacity to deliver effective customer service and could even jeopardize the larger digital banking and payment ecosystem in the absence of a strong IT infrastructure and risk management system.
According to the RBI, Kotak Mahindra Bank’s limits will be reviewed after a thorough external audit that was commissioned by the bank with prior RBI clearance is finished and all shortcomings have been satisfactorily fixed.
Despite being under close scrutiny and engaging in high-level discussions with the RBI over the past two years, Kotak Mahindra Bank failed to adequately address these issues and implement satisfactory corrective measures, the central bank said. The bankβs core banking system and digital channels have experienced frequent and significant outages, with the most recent disruption occurring on April 15, 2024, causing severe inconvenience to customers, the RBI added.
The Reserve Bank of India (RBI)Β saidΒ it was imposing the restrictions on Kotak Mahindra Bank because of significant concerns stemming from its IT examinations of the bank for the years 2022 and 2023. The RBI stated that the rapid growth of digital transactions at the bank, including credit card transactions, has put additional strain on the lenderβs already weak IT systems. Without a robust IT infrastructure and risk management framework, prolonged outages could seriously impact the bankβs ability to provide efficient customer service, and potentially harm the broader digital banking and payment ecosystem, the central bank cautioned.
The restrictions imposed on Kotak Mahindra Bank will be reviewed upon completion of a comprehensive external audit, commissioned by the bank with prior RBI approval, and the satisfactory remediation of all identified deficiencies, the RBI said.
The central bank found serious deficiencies and non-compliance in areas such as IT inventory management, patch and change management, user access management, vendor risk management, data security, and business continuity planning.