India’s central bank on Wednesday ordered Kotak Mahindra Bank to immediately stop onboarding new customers through its online and mobile banking channels and stop issuing new credit cards, citing serious deficiencies in the bank’s IT systems and risk management practices.
Kotak Mahindra Bank is India’s fourth most valuable bank. It is also one of the key partners for several fintech startups — including KredX and Rupeek — in the country. The lender, also an investor in several startups, additionally works with several fintech companies to provide credit to SMEs and SMEs and to issue co-branded credit cards.
The lender operates Kotak811, a digital offering that has emerged as the strongest customer acquisition tool in recent years. Kotak811, which enables customer onboarding digitally and within ‘three minutes’ paperless, serves nearly 20 million customers.
The Reserve Bank of India (RBI) he said he imposed the restrictions to Kotak Mahindra Bank due to significant concerns arising from the bank’s IT examinations for the years 2022 and 2023. The central bank found serious deficiencies and non-compliance in areas such as IT inventory management, patch and change management, user access management, vendor risk management, data security and business continuity planning, he said.
Existing customers are not affected by the restrictions.
The new restrictions could “severely impact new retail customer additions for the bank, given its smaller branch network compared to peers and greater reliance on digital channels,” Bernstein analysts noted. The inability to issue new cards could affect the bank’s planned shift to a higher share of unsecured loans “given the important role credit cards play in achieving this goal,” the analysts added.
Despite being under close scrutiny and engaged in high-level discussions with the RBI over the past two years, Kotak Mahindra Bank has failed to adequately address these issues and implement satisfactory remedial measures, the central bank said. The bank’s core banking system and digital channels experienced frequent and significant outages, with the most recent outage occurring on April 15, 2024, causing severe inconvenience to customers, RBI added.
The RBI said the rapid growth of digital transactions at the bank, including credit card transactions, has put additional pressure on the lender’s already weak IT systems. Without a strong IT infrastructure and risk management framework, prolonged outages could seriously impact the bank’s ability to provide effective customer service and potentially harm the wider digital banking and payments ecosystem, the central bank warned.
The restrictions imposed on Kotak Mahindra Bank will be reviewed after completion of a comprehensive external audit, commissioned by the bank with prior approval of the RBI, and satisfactory remediation of all identified deficiencies, the RBI said.
