In a recent move, the Reserve Bank of India (RBI) has directed Kotak Mahindra Bank to stop enrolling new customers through its online and mobile banking platforms. In addition, the bank is prohibited from issuing new credit cards effective immediately.
IT risks and deficiencies in information security governance
The RBI move comes after identifying deficiencies in the IT risk and information security governance of Kotak Mahindra Bank for the years 2022 and 2023 respectively.
The RBI has highlighted significant concerns from the bank’s IT audit in these two years, noting that the bank failed to address these issues effectively and promptly. According to an RBI release, there have been ” serious deficiencies and non-compliance” in various sectors e.g. IT inventory management, Patch and change management, User Development Implementation, vendor risk management, Data security and data leak prevention, business continuity and disaster recovery planning, Failure to comply with maintenance procedures.
In the subsequent investigation, the RBI found that Kotak Mahindra Bank basically lacked disciplinary measures issued for 2022 and 2023. The bank’s information submitted in response to these measures was deemed inadequate, inaccurate or it cannot be sustained
Complex IT infrastructure and lack of risk management systems have led to frequent and severe disconnects between the bank’s core banking system (CBS) and digital banking channels over the past two years -Updated on April 15, 2024. It also affected interruptions, which left customers confused.
The RBI highlighted the financial institution’s failure to accurately bolster operational resilience due to insufficient IT systems and controls aligned with its boom trajectory.
Citing the surge in virtual transactions, in particular the ones related to credit playing cards, the RBI imposed commercial enterprise regulations on Kotak Mahindra Bank. This action ambitions to guard customer pursuits and prevent capability prolonged disruptions that could effect customer service and the wider virtual banking environment.
Despite the regulations, the RBI clarified that Kotak Mahindra Bank will preserve to offer offerings to its current customers, along with people with credit score cards.