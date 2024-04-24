The Reserve Bank of India (RBI) on Wednesday directed private sector lender Kotak Mahindra Bank to stop onboarding new customers through its online portal and mobile app, and cease issuing fresh credit cards due to “serious deficiencies" in the bank's IT system in 2022 and 2023. {{^adFree}} {{/adFree}}

“The bank shall, however, continue to provide services to its existing customers, including its credit card customers," it said.

RBI said it found “serious deficiencies and non-compliances" in IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill. {{^adFree}} {{/adFree}}

“For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under regulatory guidelines," it said.

During the subsequent assessments, the regulator said, the bank was “significantly non-compliant" with the corrective action plans for 2022 and 2023, as the compliances submitted by the bank were found to be either “inadequate, incorrect or not sustained".

Also read: How a recent RBI proposal on KYC has got payment aggregators on the backfoot RBI said that in the absence of a robust IT infrastructure and IT risk management framework, the bank’s core banking system (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on 15 April. {{^adFree}} {{/adFree}}

"The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth," it said.

According to the regulator, in the past two years, it has been in continuous high-level engagement with the bank on all these concerns to strengthen its IT resilience, but the outcomes have been “far from satisfactory".

“It is also observed that, of late, there has been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which is building further load on the IT systems," it said. {{^adFree}} {{/adFree}}

RBI had earlier imposed similar restrictions on HDFC Bank, which it has now lifted. After facing technology troubles in 2018 and 2019, RBI in December 2020 curbed fresh digital launches and ordered it to halt issuing new credit cards. These were finally lifted in March 2022, allowing the bank to roll out products under its ‘Digital 2.0’ plan.

