New Delhi: The Reserve Bank of India (RBI) has taken a strong stance against Kotak Mahindra Bank, a leading private bank in India. In a move aimed at bolstering compliance and risk management practices, the RBI has directed the bank to cease issuing new credit cards and onboarding new customers through its mobile banking platform. This directive, effective immediately, comes after concerns were raised during the central banks IT examinations conducted in 2022 and 2023.Why the clampdown Persistent IT risk and information security concernsThe RBIs action stems from its observations during its IT audits of Kotak Mahindra Bank over the past two years. These audits revealed persistent shortcomings in the banks IT Risk Management and Information Security Governance frameworks. These deficiencies, the RBI noted, were in contravention of established regulatory requirements.Despite issuing corrective action plans for the bank in both 2022 and 2023, subsequent assessments revealed a lack of significant progress. The RBI deemed the banks compliance efforts inadequate, inaccurate, or unsustainable.The central bank elaborated on the specific areas of concern: Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc.Existing customers unaffected, focus on addressing shortcomingsWhile the RBIs directive restricts new credit card issuance and mobile onboarding, it is important to note that existing Kotak Mahindra Bank customers will continue to receive uninterrupted service, including credit card support.The central banks primary objective is for Kotak Mahindra Bank to address the identified IT risk and information security concerns effectively. The banks ability to resume new credit card issuance and mobile onboarding will depend on demonstrating significant progress in achieving full compliance with regulatory requirements.
