RBI bans Kotak Mahindra Bank from onboarding new customers
What's the story
The Reserve Bank of India (RBI) has imposed restrictions on Kotak Mahindra Bank (KMB), barring it from acquiring new customers through its digital platforms and issuing new credit cards.
The decision, announced today, was driven by supervisory concerns.
Despite the constraints, the RBI confirmed that KMB can continue to serve its existing customers, including credit card holders.
Supervisory concerns
RBI identified serious deficiencies in KMB's IT inventory management
The RBI's intervention was triggered by "significant concerns arising out of Reserve Bank's IT Examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner."
The central bank identified serious deficiencies and non-compliances in KMB's IT inventory management, patch and change management, user access management, vendor risk management, data security, data leak prevention strategy, business continuity, and disaster recovery rigor.
Regulatory breach
KMB failed to comply with RBI's corrective action plans
KMB was found to be deficient in its IT Risk and Information Security Governance for two consecutive years, constituting a breach of regulatory guidelines.
The bank also failed to comply substantially with the Corrective Action Plans issued by the RBI for 2022 and 2023.
The central bank noted that KMB's compliance submissions were either insufficient, incorrect or not sustained, indicating serious governance issues.
System disruptions
KMB's CBS, digital banking platforms experienced significant disruptions: RBI
The RBI underscored that due to an inadequate IT infrastructure and IT Risk Management framework, KMB's Core Banking System (CBS) and its digital banking platforms have experienced regular and significant disruptions over the past two years.
The most recent service disruption occurred on April 15, 2024, causing considerable inconvenience to customers.
The central bank stated that KMB is materially deficient in building necessary operational resilience due to its failure to develop IT systems and controls commensurate with its growth.