The Reserve Bank of India (RBI) on Wednesday has issued a directive to Kotak Mahindra Bank, instructing it to stop the onboarding of new customers through its online and mobile banking channels.
“The Reserve Bank of India has today, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, directed Kotak Mahindra Bank Limited (hereinafter referred to as ‘the bank’) to cease and desist, with immediate effect, from (i) onboarding of new customers through its online and mobile banking channels and (ii) issuing fresh credit cards,” stated the RBI in its official announcement.
Additionally, the RBI has imposed restrictions on Kotak Mahindra Bank from issuing new credit cards. However, services for existing customers and credit cards will remain uninterrupted.
“Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc. For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines,” said RBI.
Despite receiving corrective action plans from the RBI for both 2022 and 2023, Kotak Mahindra Bank was found to be non-compliant in subsequent evaluations. The bank’s submissions regarding compliance were deemed inadequate, inaccurate, or unsustainable.