India’s central bank cracks down on Kotak Mahindra Bank over IT, risk management lapses

India’s central bank ordered Kotak Mahindra Bank to immediately cease onboarding new customers through its online and mobile banking channels and to stop issuing fresh credit cards, citing serious deficiencies in the bank’s IT systems and risk management practices.

Kotak Mahindra Bank is one of the largest private banks in India. It’s also one of the key partners for many fintech startups in India, including KredX and Rupeek. The lender, also an investor in many startups, additionally works with many fintech firms to extend credit to SMEs and MSMEs as well as in issuing co-branded credit cards.

The Reserve Bank of India said Wednesday it was imposing the restrictions on Kotak Mahindra Bank because of significant concerns stemming from its IT examinations of the bank for the years 2022 and 2023. The central bank found serious deficiencies and non-compliance in areas such as IT inventory management, patch and change management, user access management, vendor risk management, data security, and business continuity planning, it said.

Despite being under close scrutiny and engaging in high-level discussions with the RBI over the past two years, Kotak Mahindra Bank failed to adequately address these issues and implement satisfactory corrective measures, the central bank said. The bank’s core banking system and digital channels have experienced frequent and significant outages, with the most recent disruption occurring on April 15, 2024, causing severe inconvenience to customers, the RBI added.

The RBI stated that the bank’s fast growth in digital transactions, including credit card transactions, has put additional strain on the lender’s already weak IT systems. Without a robust IT infrastructure and risk management framework, prolonged outages could seriously impact the bank’s ability to provide efficient customer service and potentially harm the broader digital banking and payment ecosystem, the central bank cautioned.

The restrictions imposed on Kotak Mahindra Bank will be reviewed upon completion of a comprehensive external audit, commissioned by the bank with prior RBI approval, and the satisfactory remediation of all identified deficiencies, the RBI said.

This is a developing story. More to follow.


Leave a Reply

Your email address will not be published. Required fields are marked *