The RBI stated that these actions are necessitated due to significant concerns identified during the bank's IT examinations for 2022 and 2023, as well as the bank's failure to address them adequately.
Reserve Bank of India (iStock)
The Reserve Bank of India (RBI) on Wednesday, 24 April, barred Kotak Mahindra Bank from onboarding new customers through its online and mobile banking channels and issuing fresh credit cards with immediate effect as the lender found deficient in its IT risk management.
These actions, the RBI said, are necessitated based on significant concerns arising out of Reserve Bank’s IT examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner.
“Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc,” the RBI said in its statement.
For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines, it said.
In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on 15 April, resulting in serious customer inconveniences, the statement said.
The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth, it further said.
The RBI, therefore, has decided to place certain business restrictions on the bank, in the interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems, it added.
Kotak Mahindra Bank has been directed “to cease and desist”, with immediate effect, from onboarding of new customers through its online and mobile banking channels and issuing fresh credit cards.
The bank shall, however, continue to provide services to its existing customers, including its credit card users, the statement said.
(With PTI inputs)
(Edited by Shauqueen Mizaj)
