Kotak Mahindra Bank, barring it from onboarding new customers through online and mobile banking channels. The regulator also directed the bank to stop issuing new credit cards. This action stems from concerns identified by the RBI.
In a press release dated April 24, 2024, the regulator stated,"...Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch, and change management, user access management, vendor risk management, data security, and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc. For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines. During the subsequent assessments, the bank was found to be significantly non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023, as the compliances submitted by the bank were found to be either inadequate, incorrect or not sustained."
«In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences,» the regulator mentioned.