Sunday , December 29 2024

RBI bans issuance of new credit cards by Kotak Mahindra Bank

Why did RBI have to impose a ban?

RBI had been drawing the bank's attention to the serious flaws found in the IT systems of Kotak Mahindra Bank for the last two years and was continuously monitoring the bank to remove these flaws. However, the central bank was not satisfied with the efforts made by the bank to address these shortcomings. As mentioned in the RBI order, ultimately, the volume of online transactions, including bank credit card related transactions, has increased rapidly. Due to this, the load on the bank's IT system also increased manifold. Therefore such a ban was inevitable.

RBI will review the approval decision after completion of the audit.

RBI said in its order that after the ban, Kotak Mahindra Bank will complete the process of comprehensive external audit with the prior approval of RBI and address all the deficiencies pointed out in the external audit.

If flaws are not rectified, bank's IT system may be disrupted: RBI

Explaining the logic behind the ban, RBI said that the ban has been imposed on the bank only in the interest of the customers. The objective behind this restriction is to prevent a possible situation where customers may not be able to avail the bank's services for a long time if the IT system fails. If this happens, it will not only adversely impact the bank's ability to provide effective services to customers, but will also have a serious impact on the financial ecosystem of digital banking and payment systems. Apart from the existing ban, RBI also said in the order that if necessary, RBI can take further regulatory steps against the bank.

In an important order, the Reserve Bank of India (RBI) has banned Kotak Mahindra Bank from acquiring new customers through online or mobile banking and issuing new credit cards. RBI has said that in the order dated April 24, this restriction has been imposed due to several flaws in the technology platform of this bank. The central bank has also said that these shortcomings have come to light during the audit of the bank's IT system in the last two years. The RBI order also said that the restriction will not apply to existing customers of the bank and Kotak Mahindra Bank can continue to provide various services to its existing customers, including credit cardholders. This restriction by RBI may have a significant adverse impact on the bank's customer acquisition activity as currently a large portion of new account openings come through mobile banking and online banking channels. Additionally, restrictions on issuance of new credit cards may adversely impact the bank's credit card business, especially co-branded credit card deals. RBI said in its order that during the year 2022 and 2023, many worrying issues have come to light in the audit of Kotak Mahindra Bank's IT system. The Bank has failed to remedy these deficiencies comprehensively and within the stipulated time frame, necessitating this step. Giving further details about its measures, RBI said that for two consecutive years, Kotak Mahindra Bank has lagged behind on the IT risk and information security governance front, which is in complete contradiction to the regulatory provisions.

HDFC Bank was also banned in 2020

Earlier in 2020, RBI had also imposed such restrictions on HDFC Bank. At the time, the launch of all new digital products or services was banned by the largest private sector bank until some technical glitches were ironed out. The ban on the bank launching new digital products-services or issuing new credit cards was imposed as a punishment for repeated outages in the bank's IT system. Then in August, 2021, RBI partially removed this restriction and the bank was allowed to issue new credit cards. After this, the ban on launching new digital products in March 2022 was also lifted. At that time, there were frequent incidents of outage in the data center of HDFC Bank, that is, online services were getting disrupted. Therefore, restrictions were imposed on HDFC Bank also for the same reasons mentioned in the case of Kotak Mahindra Bank. In the restriction order, RBI said the bank should investigate the reasons for the outage and determine who is responsible for it. After this the bank audited its system and submitted a plan to RBI to remove these flaws.

Many flaws came to light in the bank's IT system

As stated in the RBI order, serious deficiencies and irregularities were found in the IT system of Kotak Mahindra Bank in the following respects:

IT Inventory Management

Patch and Change Management

user access management

vendor risk management

Data Security and Data Leak Prevention Strategy

Business Continuity and Disaster Recovery Rigor and Practices