Opinion
Kotak must act fast to escape RBI’s cyber-risk clamps
Summary
- RBI has barred Kotak Mahindra Bank from issuing new credit cards and enlisting new customers through its website and app because of tech compliance failures. The private lender should get its house in order quickly.
The Reserve Bank of India (RBI) has barred Kotak Mahindra Bank from issuing new credit cards and enlisting new customers through its two online channels of a website and app. The action follows the bank’s alleged failure to address significant technology concerns that RBI scrutiny in 2022 and 2023 revealed.
Among cyber-weaknesses, the lender’s IT risk and information security governance was found to be deficiently compliant with regulatory guidelines. The bank reportedly fell short on a corrective action plan that it had been directed to implement. For a bank that built a reputation for sound banking practices, this is a reputational blow. To soften the impact on its expansion plans, Kotak Mahindra Bank must act swiftly to get its house in order.
No bank can afford to compromise customer safety at a time of increasingly ingenious devices for online and credit-card fraud. Lenders focused on the retail segment have been using convenience as a selling point to outdo each other, with safety left mostly to the regulator, it seems. That’s short-sighted. In essence, this is a business of trust. No allowance should be made by banks for any laxity that may leave their trusting customers vulnerable.
