The RBI banned Kotak Mahindra Bank from issuing new credit cards and from obtaining clients online due to a finding of weakness in the bank’s computer systems. What it means for both new and current clients is as follows.
Due to “serious shortcomings” in the bank’s information technology (IT) infrastructure, the Reserve Bank of India (RBI) prohibited Kotak Mahindra Bank from issuing new credit cards and onboarding new customers through online and mobile banking channels on April 24. It is said that these caused frequent outages, one of which was a significant disruption on April 15, 2024.
In line with a press statement issued by the Reserve Bank of India, “the bank’s ongoing inability to adequately and promptly address the serious concerns raised by the Reserve Bank’s IT examination of the bank for 2022 and 2023 is the reason these actions are necessary.”
Indian researcher uses Chandrayaan-2 to find Japan’s Slim lander on the Moon
In other words, because of issues with the bank’s computer systems, the RBI has essentially suspended a portion of Kotak Mahindra Bank’s online operations. This is an explanation:
The issue: An RBI audit conducted over two years discovered that Kotak Mahindra Bank’s computer systems have been lacking for some time. Customers were inconvenienced by numerous outages as a result, one of which was significant and occurred on April 15.
What the RBI is doing: To protect customers and the overall banking system, the RBI has put in place some restrictions on Kotak Mahindra Bank. For now, the bank cannot do the following:
- Sign up new customers through online or mobile banking channels
- Issue new credit cards
If you currently have a bank account with Kotak Mahindra, you shouldn’t be impacted. Your current credit cards and accounts are still valid.
If you were considering registering for a new credit card or creating an online account with Kotak Mahindra Bank, you will need to wait until the bank repairs its computer systems and receives approval from the RBI before renewing these services. For the time being, nevertheless, you can open a new account by going to a Kotak Mahindra Bank branch.
What happens next: Kotak Mahindra Bank will need to hire an outside company to do a full check-up on its computer systems and fix everything that is deficient. Once that is done, and the regulator is happy with the improvements, the RBI can lift the restrictions.
Explained: Section 35A of the Banking ACT, under which the RBI took action:
The rule: A rule under Section 35A of the Banking Regulation Act allows the RBI to step in if something is going wrong at any bank.
Reasons to step in: There are three main reasons under which the RBI can step in:
- If it is in the best interests of the public (like protecting bank customers).
- If it is good for the overall banking system (like keeping digital transactions smooth).
- If a bank is doing something that hurts its depositors or itself (like having bad computer systems that cause outages).
Why the RBI behaved: It was discovered that Kotak Mahindra Bank’s computer systems were unstable and frequently experiencing outages, hence the RBI opted to use the rule to take action. Customers of the bank as well as the country’s entire digital banking system may have experienced issues as a result of this. “Prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems,” according to the RBI’s news statement, is the reason for the bank’s actions.
Since this is a “cease” order, the regulator will take severe legal action against any deviation or non-compliance. When the comprehensive external audit, which the bank will commission with the RBI’s prior approval, is completed and all deficiencies found in the external audit and the observations made during RBI inspections are fixed to the Reserve Bank’s satisfaction, the restrictions will be “reviewed.”
What did Kotak Mahindra Bank say? In a statement, the bank said it had taken measures for the adoption of new technologies to strengthen its IT systems and would continue to work with the RBI to swiftly resolve pending issues at the earliest.
“We want to reassure our existing customers of uninterrupted services, including credit card, mobile, and net banking. Our branches continue to welcome and onboard new customers, providing them with all the bank’s services, other than issuance of new credit cards,” Kotak Mahindra Bank said in a statement.
Some of the IT problems the RBI found with Kotak Mahindra Bank’s IT infrastructure:
- IT inventory management
- Patch and change management
- User access management
- Vendor risk management
Data security and data leak prevention: This refers to how the bank protects its customer information. The RBI found weaknesses in these areas.
Business continuity and disaster recovery: This refers to how the bank plans to keep operating in case of a major computer system outage. The RBI found problems with the bank’s plans, which could leave it unable to serve customers during an outage.
Repeated problems: These problems weren’t new. The RBI had found similar issues in its reviews for the previous two years. The bank also failed to properly fix the problems despite being told to do so.
Past cases
This is one of the instances this year when a financial institution has been restricted by the RBI. Kotak Mahindra Bank joins IIFL Finance JM Financial and Paytm Payments Bank, which faced restrictions earlier in 2024.
The restrictions on Kotak Mahindra Bank also follow similar past actions against HDFC Bank and Bank of Baroda. Those restrictions are still in place for Bank of Baroda’s mobile app, Bob World, and it took HDFC Bank almost two years to fix the problems the RBI pointed out in its systems.
