Representational picture of a Kotak Mahindra Bank department in New Delhi
| Photo Credit: Reuters
The Reserve Bank of India (RBI) on Wednesday directed Kotak Mahindra Bank Ltd. (Kotak Bank) to stop and desist, with instant impact, from onboarding of new customers by its online and cell banking channels and issuing contemporary credit playing cards.
Kotak Bank is nonetheless allowed to proceed to supply companies to its present customers, together with its credit card customers.
“These actions are necessitated based on significant concerns arising out of Reserve Bank’s IT examination of the bank for the years 2022 and 2023 and the continued failure on the part of the bank to address these concerns in a comprehensive and timely manner,” the central financial institution mentioned in its directive.
ALSO READ | Uday Kotak resigns as Kotak bank MD and CEO 4 months ahead of end of tenure
“Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc.,” it mentioned.
“For two consecutive years, the bank was assessed to be deficient in its IT risk and information security governance, contrary to requirements under regulatory guidelines,” the RBI added.
The banking regulator mentioned in the course of the subsequent assessments, Kotak Bank was discovered to be “significantly non-compliant” with the corrective motion plans issued by the Reserve Bank for the years 2022 and 2023, because the compliances submitted by the financial institution had been discovered to be both “inadequate, incorrect or not sustained.”
In the absence of a sturdy IT infrastructure and IT threat administration framework, the financial institution’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and vital outages within the final two years, the latest one being a service disruption on April 15, 2024, leading to critical buyer inconveniences, it added.
“The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth,” the regulator noticed.
‘Far from satisfactory’
The RBI mentioned up to now two years it had been in steady high-level engagement with the financial institution on all these issues with a view to strengthening its IT resilience, however the outcomes had been far from passable.
“It is also observed that, of late, there has been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which is building further load on the IT systems,” the RBI mentioned.
Therefore, the RBI determined to put sure enterprise restrictions on Kotak Bank within the curiosity of customers and to forestall any doable extended outage which could significantly influence not solely the financial institution’s skill to render environment friendly customer support but additionally the monetary ecosystem of digital banking and cost programs.
Kotak Bank by an exterior company in a press release mentioned, “The bank has taken measures for adoption of new technologies to strengthen its IT systems and will continue to work with the RBI to swiftly resolve balance issues at the earliest.”
“We want to reassure our existing customers of uninterrupted services, including credit card, mobile and net banking. Our branches continue to welcome and onboard new customers, providing them with all the services, apart from issuance of new credit cards.”