Reserve Bank of India (RBI) has restricted the private sector Kotak Mahindra bank from onboarding new customers through digital channels and issuing fresh credit cards. The supervisory actions taken against the Bank under Section 35A of the Banking Regulation Act, 1949 were necessitated based on significant concerns arising out of Reserve Bank’s IT Examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner. 

The RBI directed the lender “to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards. The bank shall, however, continue to provide services to its existing customers, including its credit card customers”.

 
As per RBI, Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc. The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth.

Click the icon for more information-