RBI bars Kotak Bank from digital onboarding of customers, fresh credit cards
India’s central bank on Wednesday ordered Kotak Mahindra Bank to immediately cease onboarding new customers via its online and mobile banking channels, and to stop issuing fresh credit cards, citing serious deficiencies in the bank’s IT systems and risk management practices.
Kotak Mahindra Bank is India’s fourth most valuable bank. It’s also one of the key partners for many fintech startups — including KredX and Rupeek — in the country. The lender, also an investor in many startups, additionally works with many fintech firms to extend credit to SMEs and MSMEs as well as to issue co-branded credit cards.
The lender operates Kotak811, a digital offering, that has emerged as its strongest customer acquisition tool in recent years. Kotak811, which allows onboarding of customers digitally and within “three minutes” without paperwork, serves nearly 20 million customers.
The Reserve Bank of India (RBI) said it was imposing the restrictions on Kotak Mahindra Bank because of significant concerns stemming from its IT examinations of the bank for the years 2022 and 2023. The central bank found serious deficiencies and non-compliance in areas such as IT inventory management, patch and change management, user access management, vendor risk management, data security, and business continuity planning, it said.
Despite being under close scrutiny and engaging in high-level discussions with the RBI over the past two years, Kotak Mahindra Bank failed to adequately address these issues and implement satisfactory corrective measures, the central bank said. The bank’s core banking system and digital channels have experienced frequent and significant outages, with the most recent disruption occurring on April 15, 2024, causing severe inconvenience to customers, the RBI added.
The RBI stated that the rapid growth of digital transactions at the bank, including credit card transactions, has put additional strain on the lender’s already weak IT systems. Without a robust IT infrastructure and risk management framework, prolonged outages could seriously impact the bank’s ability to provide efficient customer service, and potentially harm the broader digital banking and payment ecosystem, the central bank cautioned.
The restrictions imposed on Kotak Mahindra Bank will be reviewed upon completion of a comprehensive external audit, commissioned by the bank with prior RBI approval, and the satisfactory remediation of all identified deficiencies, the RBI said.