India’s central bank, the Reserve Bank of India (RBI), has taken a drastic step by ordering Kotak Mahindra Bank to halt onboarding new customers through its online and mobile banking channels, as well as to cease issuing fresh credit cards. This decision comes as a result of serious deficiencies in the bank’s IT systems and risk management practices, according to the RBI.
Kotak Mahindra Bank, one of the largest private banks in India and a key partner for many fintech startups in the country, has been under scrutiny by the RBI for its IT practices over the past two years. The central bank found significant concerns during its IT examinations of the bank for the years 2022 and 2023, including issues with IT inventory management, patch and change management, user access management, vendor risk management, data security, and business continuity planning.
Despite engaging in discussions with the RBI, Kotak Mahindra Bank failed to adequately address these issues and implement corrective measures. The bank’s core banking system and digital channels have experienced frequent outages, with a recent disruption on April 15, 2024, causing inconvenience to customers.
The RBI highlighted that the rapid growth of digital transactions at the bank has strained its weak IT systems. Prolonged outages could impact the bank’s ability to provide efficient customer service and harm the broader digital banking and payment ecosystem.
The restrictions imposed on Kotak Mahindra Bank will remain in place until a comprehensive external audit, approved by the RBI, is completed and all identified deficiencies are remediated. This is a developing story with more updates expected to follow.