Agency(Mumbai, India): On Wednesday, the Reserve Bank of India (RBI) announced significant restrictions on Kotak Mahindra Bank, India’s fourth-largest private lender, due to persistent issues with its information technology systems. The central bank’s decision prohibits the bank from registering new customers through its online and mobile platforms and from issuing new credit cards until further notice.
This action follows a detailed examination of Kotak Mahindra’s IT infrastructure in 2022 and 2023, which revealed significant deficiencies in IT Risk and Information Security Governance. The RBI’s assessment concluded that the bank had not developed IT systems and controls in line with its business growth, thereby lacking necessary operational resilience.
Despite these restrictions, Kotak Mahindra assured that the RBI’s directive would not significantly impact its overall business operations. The bank stated that existing customers would continue to receive all services without interruption, including credit cards and online banking. New customers can still open accounts and access services through physical branches, though they will not be able to obtain new credit cards.
This regulatory move is part of a broader trend where the RBI has increasingly intervened in the operations of non-compliant financial entities. A similar action was taken against HDFC Bank in December 2020, which was also barred from acquiring new credit card customers following a digital payment disruption due to a power failure. That ban was subsequently lifted in August 2021.
Analysts see the RBI’s decision as a significant step, especially as Kotak was intensifying its digital banking efforts. The bank reported that 95% of its new personal loans and 99% of new credit cards were processed digitally in the last quarter of the previous year. The restriction could notably affect the bank’s strategy to increase its market share in unsecured loans and its ability to compete effectively using its digital platforms.
The RBI has mandated a comprehensive external audit of Kotak Mahindra’s IT practices, to be conducted with its approval, before considering lifting the restrictions. This audit will assess whether the bank has adequately addressed the deficiencies noted by the regulators.