In India's financial sector, regulatory monitoring is critical to ensuring stability and protecting consumer interests. Recent moves by the Reserve Bank of India (RBI), particularly against notable financial companies such as Paytm Payments Bank, IIFL Finance, and now Kotak Mahindra Bank, highlight the regulator's emphasis on transparency and compliance in the financial industry.
The RBI's newest decision prevents Kotak Mahindra Bank from onboarding new customers through its online and mobile platforms, as well as providing new credit cards. This decision, which stemmed from issues expressed during the bank's IT assessment, emphasizes the importance of strong IT infrastructure and risk management frameworks in guaranteeing the smooth running of banking activities. Existing clients and credit card services will be unaffected by this regulation.
It is clear that the RBI, fearful of prior NBFC failures jeopardizing India's financial stability, is responding quickly to mounting concerns. Last month, the regulator ordered IIFL Finance to immediately cease its gold loan operations for new customers, which represent for one-third of its business, due to serious loan handling errors. A review of the company's accounts as of March 31, 2023 identified various flaws, including insufficient checks on gold purity and weight, violations of statutory restrictions on cash loans, departures from regular auction processes, and a lack of transparency in client account costs.
Similarly, the RBI imposed limits on Paytm Payments Bank (PPBL) on January 31st due to ongoing non-compliance difficulties. The RBI's actions barred PPBL from accepting additional deposits and top-ups, as well as conducting credit transactions in client accounts, among other things. Customers were given till March 15th to transfer their accounts and wallets to different banks.
Given the recent red signs highlighted by the RBI, the recent spike in retail loans following Covid-19 appears to have spurred the regulator to take preventive measures, such as boosting risk weights on unsecured personal loans and credit cards. Consider this: the number of active credit cards in the country has increased significantly, from 5.5 crore (5,53,32,847) in December 2019 to nearly 10 crore (9,95,00,257) by January 2024.
In the case of Kotak Mahindra Bank, the RBI's judgment came after the bank's fast expanding digital transaction volume, particularly credit card transactions, which put additional strain on its IT systems. This decision was made by the RBI in response to serious concerns raised during the bank's IT inspection for 2022 and 2023, as well as the bank's repeated failure to address these issues immediately and fully. According to the RBI circular, significant non-compliances and shortcomings were detected in IT inventory management, user access management, data security, patch and change management, vendor risk management, and data leak prevention methods. In addition, the bank failed to adequately comply with the RBI's Corrective Action Plans for these years.
“In the absence of a strong IT infrastructure and an IT Risk Management framework, the bank's Core Banking System (CBS) and its online and digital banking channels have experienced frequent and significant outages in the last two years, with the most recent being a service disruption on April 15, 2024, causing significant customer inconvenience. The bank has been deemed to be substantially lacking in developing the essential operational resilience due to its failure to construct IT systems and controls in line with its development," according to the Reserve Bank of India circular. The present limits will be revisited once the bank has completed a thorough external audit approved by the RBI and addressed any flaws discovered.
