RBI Halts New Credit Card Issuance by Kotak Mahindra Bank
The Reserve Bank of India (RBI) has directed Kotak Mahindra Bank, a prominent private sector lender, to cease issuing new credit cards and to stop onboarding new customers through its online and mobile banking platforms. This action comes as a result of significant concerns regarding the bank’s information and technology (IT) systems, which have experienced frequent outages in recent years, causing inconvenience to customers.
RBI’s intervention was deemed necessary due to the bank’s failure to address gaps in its IT infrastructure and its continued non-compliance with regulatory guidelines. The central bank highlighted serious deficiencies in various areas, including IT inventory management, patch and change management, user access management, vendor risk management, data security, and disaster recovery protocols.
According to RBI’s statement, Kotak Mahindra Bank was assessed to be deficient in its IT Risk and Information Security Governance for two consecutive years, despite corrective action plans issued by the regulator. The bank’s compliance submissions were deemed inadequate or incorrect, further exacerbating its non-compliance issues.
The recent service disruption on April 15, 2024, was cited as a significant incident, resulting in serious inconveniences for customers. RBI emphasized that the bank’s core banking system and digital channels have suffered frequent outages over the past two years due to the lack of a robust IT infrastructure and risk management framework.
RBI’s engagement with Kotak Mahindra Bank to address these concerns has been ongoing for the past two years. However, the outcomes have been unsatisfactory, with the bank failing to demonstrate significant improvements in its IT resilience.
While the directive prohibits the issuance of new credit cards and onboarding of new customers through online channels, Kotak Mahindra Bank is still allowed to provide services to its existing customers, including those with credit cards.
Uday Kotak, the bank’s executive, has emphasized the importance of operational resilience and regulatory compliance for sustainable business practices. However, the recent actions by RBI highlight the urgency for Kotak Mahindra Bank to address its IT system shortcomings to ensure seamless banking services and regulatory adherence.
In response to RBI’s directive, Kotak Mahindra Bank has assured its commitment to rectify the identified deficiencies promptly. The bank has stated its intention to work closely with the regulator to strengthen its IT infrastructure and ensure compliance with regulatory requirements.
The temporary suspension on new credit card issuance underscores the significance of robust IT systems and effective risk management in the banking sector. It serves as a reminder to financial institutions of the importance of maintaining operational resilience to safeguard customer interests and maintain regulatory trust.
