The RBI on Wednesday prohibited Kotak Mahindra Bank from issuing new credit cards and accepting new clients via its mobile and online banking platforms, effective immediately, due to the lender's inadequate IT risk management.
The Reserve Bank of India's IT assessment of the bank for the years 2022 and 2023 raised serious problems, which the bank has been unable to adequately or promptly resolve. As a result, the RBI indicated that following steps have become necessary.
The Reserve Bank of India said in a statement that serious flaws and violations were found in the areas of vendor risk management, user access management, patch and change management, data security and leak prevention strategy, business continuity and disaster recovery rigor and drill, etc.
According to regulatory rules, the bank was found to have inadequate information security governance and IT risk management for two years in a row, the statement continued.
With immediate effect, Kotak Mahindra Bank has been instructed "to cease and desist" from onboarding new clients through its online and mobile banking platforms and from providing new credit cards. Nonetheless, the bank will keep offering its current clientele, which includes credit card holders, its services.
