Insufficient security, RBI prevents Kotak Mahindra Bank from creating an online account

The Reserve Bank of India has instructed Kotak Mahindra Bank to refrain from issuing new credit cards and has prohibited it from accepting new clients via its online and mobile banking platforms after determining that the private sector lender has inadequate information security governance and IT risk management for two years running.

Since most onboardings take place online and via mobile banking channels, the move is anticipated to have an effect on the bank’s client acquisition ambitions. This might thus have an immediate impact on its growth. It will also affect the co-branded card offers made by the lender. The RBI did, however, clarify that the bank is permitted to provide its current clients services, including those pertaining to credit cards.

The RBI stated in a statement that the bank had neglected to close holes in its information and technology (IT) infrastructure, necessitating the move. Customers were inconvenienced by repeated breakdowns in the bank’s online channels and core banking system during the previous two years, the most recent of which occurred on April 15, according to the RBI.

“The RBI and the bank have been in constant communication over the last two years on all of these issues, but the results have been far from ideal. The amount of the bank’s digital transactions, especially those using credit cards, was also seen to have grown quickly recently, which is placing further strain on its IT system, according to the RBI.

Prior to that, on December 2, 2020, the RBI had prohibited HDFC Bank from initiating any digital projects and issuing credit cards. Once standards were met, the limitations were removed.