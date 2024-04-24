National

RBI's Embargo On Kotak Mahindra Bank: Onboarding New Customers Online, Issuing Fresh Credit Cards Banned

According to the Reserve Bank of India, these decisions came into effect following significant concerns arising out of the Reserve Bank's IT examination of the Kotak Mahindra Bank for two consecutive years, 2022 and 2023. As per the audit reports, Kotak Mahindra Bank reportedly failed to address IT risk management concerns in a comprehensive and timely manner.

PTI
Reserve Bank of India (RBI) Photo: PTI
Citing deficiency in its IT risk management, the Reserve Bak of India (RBI) on Wednesday barred Kotak Mahindra Bank from onboarding new customers through its online and mobile banking channels. An embergo has been imposed on issuing fresh credit cards as well with immediate effect.

As per the official statement issued by the RBI, the Kotak Mahindra Bank has been directed "to cease and desist", with immediate effect, from onboarding of new customers through its online and mobile banking channels and issuing fresh credit cards. The bank shall, however, continue to provide services to its existing customers, including its credit card users.

IT risks not addressed for two consecutive years, says RBI

According to the apex bank, these decisions came into effect following significant concerns arising out of the Reserve Bank's IT examination of the bank for the years 2022 and 2023. As per the audit reports, the Kotak Mahindra Bank reportedly failed to address these concerns in a comprehensive and timely manner.

"Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc," the RBI's statement said.

For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under Regulatory guidelines, it added.

