Shares of Kotak Mahindra Bank Ltd will be in focus on Thursday morning after the Reserve Bank of India (RBI), exercising its powers under Section 35A of the Banking Regulation Act, 1949, asked the private lender to cease and desist, with immediate effect, from onboarding of new customers through its online and mobile banking channels and issuing fresh credit cards.
Kotak Mahindra Bank may, however, continue to provide services to its existing customers, including its credit card customers, the RBI said. The central bank said restrictions would be reviewed upon completion of a comprehensive external audit to be commissioned by the bank with the prior approval of RBI, and remediation of all deficiencies that may be pointed out in the external audit as well as the observations contained in the RBI Inspections, to the satisfaction of the apex bank.
"Further, these restrictions are without prejudice to any other regulatory, supervisory or enforcement action that may be initiated against the bank by the Reserve Bank," the central bank said.
These actions, the RBI said, are necessitated based on significant concerns arising out of Reserve Bank’s IT Examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner.
"Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc. For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines," RBI said.
During the subsequent assessments, the bank was found to be significantly non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023, as the compliances submitted by the bank were found to be either inadequate, incorrect or not sustained, the apex bank said.
"The Reserve Bank, therefore, has decided to place certain business restrictions on the bank as mentioned above, in the interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems," RBI said