“RBI Bars Kotak Mahindra Bank from Acquiring New Customers Online, Halts Fresh Credit Card Issuance”

In Short

• RBI directs Kotak Mahindra Bank to halt onboarding of new customers
• Ban also includes issuing of fresh credit cards
• Existing customers and credit cards services to continue

In a significant move, the Reserve Bank of India (RBI) has instructed Kotak Mahindra Bank to cease onboarding new customers via its online and mobile banking platforms.

Additionally, the central bank has prohibited the issuance of fresh credit cards by the bank. This directive, issued under Section 35A of the Banking Regulation Act, 1949, comes into effect immediately, as stated by the RBI in its official statement.

While the RBI’s directive impacts the bank’s ability to expand its customer base through digital channels and extend credit card services to new applicants, it assures continuity of services for existing customers, including those holding Kotak Mahindra Bank credit cards.

The regulatory action by the RBI stems from concerns raised during the central bank’s IT examinations conducted in 2022 and 2023.

These examinations unearthed significant deficiencies and instances of non-compliance in various critical areas of IT governance and security within Kotak Mahindra Bank’s operations.

Specifically, the RBI identified shortcomings in IT inventory management, patch and change management, user access management, vendor risk management, data security, data leak prevention strategy, business continuity, and disaster recovery protocols.

These deficiencies persisted despite the issuance of corrective action plans by the RBI following assessments in both 2022 and 2023.

Despite receiving these corrective directives, subsequent evaluations revealed ongoing non-compliance by Kotak Mahindra Bank. The bank’s efforts to address the identified deficiencies were deemed inadequate, inaccurate, or unsustainable by the RBI.

The RBI’s decision to impose restrictions on Kotak Mahindra Bank’s operations underscores the regulator’s commitment to upholding stringent standards of governance, risk management, and compliance within the banking sector.

It serves as a reminder to financial institutions of the imperative to maintain robust IT infrastructure and adherence to regulatory guidelines to ensure the integrity and security of banking services provided to customers.