The Reserve Bank of India (RBI) ordered Kotak Mahindra Bank to stop onboarding new customers through its online and mobile banking channels and from issuing fresh credit cards as well. The bank can, however, provide services to its existing customers, including its credit card customers, the RBI said in its order.
The RBI said, “These actions are necessitated based on significant concerns arising out of Reserve Bank’s IT Examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner.”
The RBI directed Kotak Mahindra Bank to stop issuance of fresh credit cards and the onboarding of new customers via mobile banking.
The RBI said that serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc, in the bank.
The bank was assessed to be deficient in its IT Risk and Information Security Governance for two consecutive years, the central bank said.
“In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences,” the RBI said.