RBI directs Kotak Mahindra Bank to halt new credit card issuance, customer onboarding
PTC Web Desk: In a significant move, the Reserve Bank of India (RBI) has instructed Kotak Mahindra Bank to cease issuing new credit cards and onboarding new customers through its online and mobile banking channels. This directive, issued on Wednesday, is part of regulatory actions taken by the RBI in response to concerns regarding compliance and risk management at the bank.
The RBI, exercising its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited to "cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards." However, the RBI said the bank should continue to provide services to its existing customers, including those with credit cards.
The central bank's decision to halt new credit card issuance and customer onboarding comes after detailed examinations of the bank's IT systems for the years 2022 and 2023. The RBI noted significant concerns and continued shortcomings in the bank's IT Risk and Information Security Governance, which were found to be in contravention of regulatory requirements.
According to the RBI, despite corrective action plans being issued to Kotak Mahindra Bank for the years 2022 and 2023, subsequent assessments revealed that the bank had not adequately addressed these concerns. The compliances submitted by the bank were deemed insufficient, inaccurate, or unsustainable, indicating a failure to promptly and comprehensively address the issues raised.
"Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security, and data leak prevention strategy, business continuity, and disaster recovery rigour and drill, etc.," stated the RBI in its assessment.
The RBI's findings highlighted a significant lack of adherence to IT Risk and Information Security Governance requirements for two consecutive years. The bank's deficiencies in these crucial areas, as per regulatory guidelines, raised concerns about the robustness of its IT infrastructure and data security measures.
In response to these findings, the RBI directed Kotak Mahindra Bank to immediately halt the issuance of fresh credit cards and the onboarding of new customers through its online and mobile banking channels. This measure is aimed at ensuring that the bank addresses the identified deficiencies and strengthens its IT and risk management practices.
- With inputs from agencies
