Kotak Mahindra Bank cannot add new customers online or through mobile banking or issue fresh credit cards after the Reserve Bank’s directive. What exactly has the RBI said?
The RBI directed Kotak Mahindra Bank to “cease and desist”, with immediate effect, from “onboarding of new customers through its online and mobile banking channels” and “issuing fresh credit cards”. This was done under Section 35A of the Banking Regulation Act, 1949, which gives the RBI the power to direct banks “to prevent the affairs of any banking company being conducted in a manner detrimental to the interests of the depositors or in a manner prejudicial to the interests of the banking company”.
The ban will not impact existing customers and Kotak Mahindra Bank can continue to provide services to them, the RBI added.
The banking regulator had found serious deficiencies and non-compliance in areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill among others.
WHAT LED TO RBI TAKING THE ACTION?
The central bank said Kotak Mahindra Bank was found to be non-compliant with the corrective action plans issued by the RBI for 2022-23. “In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences,” the RBI said.
The RBI found during the investigations that Kotak Mahindra Bank is deficient in building operational resilience on account of its failure to build IT systems.
The RBI had held high-level engagement with the bank in the past two years with the view of strengthening its IT resilience, but the “outcomes were far from satisfactory”.
The central bank also observed that “of late there has been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which is building further load on the IT systems”
RBI ACTION ON OTHER BANKS IN THE PAST
HDFC Bank faced a similar action by the RBI when it was asked to put all new digital launches on hold till its technical issues are resolved. HDFC had to stop launching new digital products and services, and was barred from issuing credit cards as part of the penalty. Later, in August 2021, the RBI partially revoked the ban on the bank allowing it to issue new credit cards. Later in March, 2022, the bank informed the exchanges that the RBI has lifted the restrictions that were placed on the fresh digital launches of HDFC Bank.
Paytm Payments Bank (PPBL) also faced RBI’s heat when restrictions were imposed on it on January 31 over repeated violations of norms and non-compliance with rules. PPBL was barred from accepting fresh deposits and doing credit transactions after February 29. No further deposits or credit transactions shall be allowed in any customer accounts, prepaid instruments, wallets, FASTags, and National Common Mobility Cards (NCMC) after February 29, except for interest, cashbacks, or refunds. However, customers can withdraw or use their balance without restrictions till exhausted.