The Reserve Bank of India (RBI) has directed Kotak Mahindra Bank to stop onboarding new customers through its online and mobile banking channels on Wednesday.
"The Reserve Bank of India has today, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited (hereinafter referred to as ‘the bank’) to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards," said RBI in its statement.
RBI has also restricted the Kotak Mahindra Bank from issuing new credit cards. However, service for the existing customers and credit cards will continue.
"The bank shall, however, continue to provide services to its existing customers, including its credit card customers," said RBI.
The Reserve Bank of India (RBI) has taken these measures against the bank due to concerns raised during the central bank's IT examinations in 2022 and 2023.
"Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc. For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines," said RBI.
Despite receiving corrective action plans from the RBI for both 2022 and 2023, subsequent evaluations revealed non-compliance by Kotak Mahindra Bank. The bank's submissions regarding compliance were deemed insufficient, inaccurate, or unsustainable.
