Share
The Reserve Bank of India (RBI) has directed Kotak Mahindra Bank Limited to immediately cease onboarding new customers through its online and mobile banking channels and halt the issuance of fresh credit cards. The bank will continue to serve its existing customers, including credit card holders.
This action follows RBI’s IT examinations of the bank for 2022 and 2023, which revealed serious deficiencies in IT inventory management, patch and change management, user access controls, vendor risk management, data security, business continuity, and disaster recovery. The bank was found repeatedly non-compliant with corrective action plans issued by RBI, with submitted compliances deemed inadequate, incorrect, or unsustained.
RBI highlighted that the bank’s Core Banking System and digital channels have experienced frequent outages over the past two years, including a major service disruption on April 15, 2024, causing significant customer inconvenience. The bank’s IT systems and controls have not kept pace with its rapid digital growth, raising concerns about operational resilience.
The restrictions will remain in place until Kotak Mahindra Bank commissions a comprehensive external IT audit, remediates identified deficiencies, and satisfactorily addresses all RBI observations. RBI noted that these measures are taken in the interest of customers and to safeguard the digital banking and payments ecosystem. The central bank also clarified that these restrictions do not prevent further regulatory, supervisory, or enforcement actions.
[RBI]