In the financial landscape of India, regulatory oversight plays a crucial role in maintaining stability and safeguarding consumer interests. Recent moves by the Reserve Bank of India (RBI), particularly targeting prominent financial institutions like Paytm Payments Bank, IIFL Finance, and now Kotak Mahindra Bank, underscore the focus of the regulator on transparency and compliance across the financial sector.
The latest directive issued from the RBI prohibits Kotak Mahindra Bank from onboarding new customers via its online and mobile channels and issuing fresh credit cards. This decision, stemming from concerns raised during the bank’s IT examination, highlights the pivotal role of robust IT infrastructure and risk management frameworks in ensuring the smooth functioning of banking operations. However, existing customers and credit card services will remain unaffected by this directive.
It’s evident that the RBI, wary of past NBFC failures threatening India’s financial stability, is swiftly addressing emerging concerns. Last month, the regulator directed IIFL Finance to immediately halt its gold loan operations for new customers, which account for a third of its business, due to major lapses in loan handling. An inspection into the company’s finances as of March 31, 2023, revealed several lapses, including inadequate checks on gold purity and weight, breaches of statutory limits on cash loans, deviations from standard auction processes, and lack of transparency in customer account charges.
Similarly, RBI imposed restrictions on Paytm Payments Bank (PPBL) on January 31st due to prolonged non-compliance issues. The RBI’s actions prohibited PPBL from accepting additional deposits and top-ups, as well as conducting credit transactions in customer accounts, among other restrictions. Customers were given time until March 15th to transfer their accounts and wallets to other banks.
Given the recent red flags raised by RBI, the recent surge in retail loans post-Covid-19 seems to have prompted the regulator to take proactive measures, including increasing risk weights on unsecured personal loans and credit cards. Consider this: there has been a significant rise in the number of active credit cards in the country – from 5.5 crore (5,53,32,847) as of December 2019 to almost 10 crore (9,95,00,257) as of January 2024.
Taking the case of Kotak Mahindra Bank, the RBI’s decision has come after noting the bank’s rapidly increasing digital transaction volume, including credit card transactions, which further load on the IT systems. This decision by the RBI followed grave concerns identified during the IT examination of the bank for 2022 and 2023 and the bank’s persistent failure to address these issues promptly and comprehensively. Serious non-compliances and deficiencies in IT inventory management, user access management, data security, patch and change management, vendor risk management, and data leak prevention strategies were discovered, as per RBI circular. The bank also failed to effectively comply with the Corrective Action Plans issued by the RBI for these years.
Implications on customers
Existing customers of Kotak Mahindra Bank can breathe a sigh of relief as the regulatory measures do not impact the services provided to them. However, potential new customers will face temporary limitations on opening accounts through digital channels and obtaining new credit cards.
Business Impact
Kotak Mahindra Bank has a significant portion of business facilitated through digital channels. However, the regulatory restrictions are likely to impede its business operations, particularly in the retail segment, which was anticipated to be a key growth driver.
Looking Ahead
This is not the first instance of the RBI intervening in a leading Indian bank’s operations due to IT-related issues. In the past, HDFC Bank faced similar restrictions, which were partially lifted after remedial measures were implemented. The recovery process for Kotak Mahindra Bank may be protracted, akin to previous instances where banks faced similar regulatory actions. However, with the completion of a comprehensive external audit and remediation of identified deficiencies, the bank can regain regulatory trust and resume normal operations.
“In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences.
The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth,” stated RBI circular. The current restrictions will be reconsidered after the bank conducts a thorough external audit, approved by the RBI, and addresses any deficiencies found.
Source: BT
