• The Reserve Bank of India, in exercise of its powers under Section 35A of the Banking Regulation Act, 1949, has barred Kotak Mahindra Bank from onboarding of new customers through its online and mobile banking channels and issuing fresh credit cards. 

• The bank shall, however, continue to provide services to its existing customers, including its credit card customers.

• These actions are necessitated based on significant concerns arising out of Reserve Bank’s IT examination of the bank for the years 2022 and 2023 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner. 

• Meanwhile, Kotak Mahindra Bank said that it has taken measures for adoption of new technologies to strengthen its IT systems and will continue to work with RBI to swiftly resolve balance issues at the earliest.

• In an almost similar action, the RBI in December 2020 had barred HDFC Bank from issuing new cards and launching new digital initiatives after repeated instances of technological outages at the lender. The restrictions were later lifted in March 2022.

Why RBI took this action?

• Serious deficiencies and non-compliances were observed in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc. 

• For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance, contrary to requirements under regulatory guidelines. 

• During the subsequent assessments, the bank was found to be significantly non-compliant with the Corrective Action Plans issued by the Reserve Bank for the years 2022 and 2023, as the compliances submitted by the bank were found to be either inadequate, incorrect or not sustained.

• In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences. 

• The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth.

• In the past two years, the Reserve Bank has been in continuous high-level engagement with the bank on all these concerns with a view to strengthening its IT resilience, but the outcomes have been far from satisfactory. 

• It is also observed that, of late, there has been rapid growth in the volume of the bank’s digital transactions, including transactions pertaining to credit cards, which is building further load on the IT systems.

• The Reserve Bank, therefore, has decided to place certain business restrictions on the bank in the interest of customers and to prevent any possible prolonged outage which may seriously impact not only the bank’s ability to render efficient customer service but also the financial ecosystem of digital banking and payment systems.

• The restrictions now being imposed will be reviewed upon completion of a comprehensive external audit to be commissioned by the bank with the prior approval of RBI, and remediation of all deficiencies that may be pointed out in the external audit as well as the observations contained in the RBI inspections, to the satisfaction of the Reserve Bank. 

Reserve Bank of India

• The Reserve Bank of India (RBI) is India’s central banking institution, which controls the monetary policy.

• It commenced its operations on April 1, 1935 in accordance with the Reserve Bank of India Act, 1934.

• Following India’s Independence, the RBI was nationalised on January 1, 1949.

• The RBI has four zonal offices at Chennai, New Delhi, Kolkata and Mumbai. It has offices at 33 locations across India.

• As the central bank of India, RBI is an independent apex monetary authority which regulates banks and provides important financial services like storing of foreign exchange reserves, control of inflation, monetary policy report.

• A central bank is a vital financial apex institution of an economy and the key objectives of central banks may differ from country to country. Still, they perform activities and functions with the goal of maintaining economic stability and growth of an economy.

• The RBI plays an important part in the development strategy of the country. 

• The general superintendence and direction of the RBI is entrusted with the 21-member central board of directors. 

• It consists of the governor, four deputy governors, two finance ministry representatives, 10 government-nominated directors to represent important elements of India’s economy, and four directors to represent local boards headquartered at Mumbai, Kolkata, Chennai and New Delhi.

Powers of the RBI

• The RBI regulates and supervises public sector and private sector banks. 

• The powers of RBI are wide-ranging and comprehensive to deal with various situations that may emerge in all banks.

Under the provisions of the Banking Regulation Act, 1949, it can:

i) Inspect the bank and its books and accounts.

ii) Examine on oath any director or other officer of the bank.

iii) Cause a scrutiny to be made of the affairs of the bank.

iv) Give directions to secure the proper management of the bank.

v) Call for any information of account details.

vi) Determine the policy in relation to advances by the bank.

vii) Direct special audit of the bank.

viii) Direct the bank to initiate insolvency resolution process in respect of a default, under the provisions of Insolvency and Bankruptcy Code, 2016.

ix) Issue directions to banks for resolution of stressed assets.

x) Direct changes in management of the bank.

xi) Caution or prohibit banks in particular against entering into any particular transaction or class of transactions, and generally give advice to any bank.

xii) Give assistance to any bank by means of the grant of a loan or advance.

xiii) Direct banks to call a meeting of its directors for the purpose of considering any matter relating to or arising out of the affairs of the bank, or require an officer of the bank to discuss any such matter with an officer of the RBI.

xiv) Appoint one or more of its officers to observe the manner in which the affairs of the bank or of its offices or branches are being conducted and make a report thereon.

• RBI also maintains the Central Repository of Information on Large Credits (CRILC) on aggregate fund-based and non-fund-based exposures of Rs 5 crore and above of all banks. 

• RBI maintains the Central Fraud Registry and banks report all frauds involving amounts above Rs 1 lakh to RBI.

• In addition, RBI’s Master Directions on Frauds lay out guidelines on categorisation, reporting and review of frauds, along with norms for consequent provisioning.

Manorama Yearbook app is now available on Google Play Store and iOS App Store