The Reserve Bank of India (RBI) has restricted Kotak Mahindra Bank from onboarding new customers through its online and mobile channels and issuing fresh cards. According to a press release by RBI, the decision followed an IT (information technology) Examination of the bank that RBI conducted in 2022 and 2023. The examination revealed that Kotak Mahindra had failed to address deficiencies in its IT risk and Information Security Governance, contrary to requirements under Regulatory guidelines.

RBI pointed out that without a robust IT infrastructure and IT risk management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the past two years. More recently, the bank also underwent such disruption on April 15, 2024, resulting in serious customer inconveniences.

The restrictions will be reviewed after Kotak Mahindra undergoes a comprehensive external audit and remedies all the deficiencies revealed by the audit, as well as the ones highlighted by RBI’s examination to the regulator’s satisfaction. Despite the restriction, the bank will be allowed to continue its services for existing customers including credit card services.

Some context:

This is notably not the first time that RBI has imposed such restrictions on a bank. In 2021, RBI imposed sanctions on HDFC Bank, instructing it to examine the lapses, fix accountability, and stop any further business in credit cards and digital banking products. These sanctions were finally removed in 2022.

In October 2023, RBI restricted the Bank of Baroda from onboarding customers via its BOB World app. This restriction was based on, “certain material supervisory concerns observed in the manner of onboarding of their customers onto this mobile application,” RBI had noted at the time. While the bank says that it has provided all required compliance to the regulator during its earnings call in January this year, there has been no update on the restriction being lifted.

More recently, RBI also restricted Paytm Payments Bank Limited (PPBL) from providing a range of services including accepting deposits, facilitating credit transactions, and wallet top-ups. PPBL had been barred from onboarding new customers in March 2022. Following this, multiple audits by external auditors revealed persistent non-compliance and continued material supervisory concerns in the bank, warranting the additional restrictions.

How will this restriction impact Kotak Mahindra?

The restriction will likely affect the bank’s ability to acquire new customers. The bank operates the Kotak 811 app, which offers an “instant and paperless account opening journey,” and functions as an autonomous digital bank within Kotak Mahindra. As per the bank’s annual report for 2022-23 (the same period as the RBI investigation), 72% of the bank’s new savings accounts are sourced through Kotak 811. Further, in its most recent earnings call in January 2024, the bank mentioned that 99% of all investment accounts opened by Kotak Mahindra were opened on digital channels.

The bank’s co-branded credit cards could also be negatively impacted by the restriction. The bank provides four co-branded cards in partnership with Indigo, PVR Cinemas, IndianOil Corporation, Flipkart Wholesale, and Metro Cash and Carry. With the bank no longer being able to offer credit cards, its deals with these businesses could fall through.

Kotak Mahindra’s response to the situation:

“The Bank has taken concrete steps to adopt new technologies to strengthen its IT systems and will continue to work with RBI to swiftly resolve balance issues at the earliest,” Kotak Mahindra said in a stock exchange filing . It believes that these directions will not materially impact its overall business.

