In the financial landscape of India, regulatory oversight plays a crucial role in maintaining stability and safeguarding consumer interests. Recent moves by the Reserve Bank of India (RBI), particularly targeting prominent financial institutions like Paytm Payments Bank, IIFL Finance, and now Kotak Mahindra Bank, underscore the focus of the regulator on transparency and compliance across the financial sector.
The latest directive issued from the RBI prohibits Kotak Mahindra Bank from onboarding new customers via its online and mobile channels and issuing fresh credit cards. This decision, stemming from concerns raised during the bank’s IT examination, highlights the pivotal role of robust IT infrastructure and risk management frameworks in ensuring the smooth functioning of banking operations. However, existing customers and credit card services will remain unaffected by this directive.
It’s evident that the RBI, wary of past NBFC failures threatening India’s financial stability, is swiftly addressing emerging concerns. Last month, the regulator directed IIFL Finance to immediately halt its gold loan operations for new customers, which account for a third of its business, due to major lapses in loan handling. An inspection into the company’s finances as of March 31, 2023, revealed several lapses, including inadequate checks on gold purity and weight, breaches of statutory limits on cash loans, deviations from standard auction processes, and lack of transparency in customer account charges.
Similarly, RBI imposed restrictions on Paytm Payments Bank (PPBL) on January 31st due to prolonged non-compliance issues. The RBI’s actions prohibited PPBL from accepting additional deposits and top-ups, as well as conducting credit transactions in customer accounts, among other restrictions. Customers were given time until March 15th to transfer their accounts and wallets to other banks.
Given the recent red flags raised by RBI, the recent surge in retail loans post-Covid-19 seems to have prompted the regulator to take proactive measures, including increasing risk weights on unsecured personal loans and credit cards. Consider this: there has been a significant rise in the number of active credit cards in the country – from 5.5 crore (5,53,32,847) as of December 2019 to almost 10 crore (9,95,00,257) as of January 2024.
Taking the case of Kotak Mahindra Bank, the RBI’s decision has come after noting the bank’s rapidly increasing digital transaction volume, including credit card transactions, which further load on the IT systems. This decision by the RBI followed grave concerns identified during the IT examination of the bank for 2022 and 2023 and the bank’s persistent failure to address these issues promptly and comprehensively. Serious non-compliances and deficiencies in IT inventory management, user access management, data security, patch and change management, vendor risk management, and data leak prevention strategies were discovered, as per RBI circular. The bank also failed to effectively comply with the Corrective Action Plans issued by the RBI for these years.
“In the absence of a robust IT infrastructure and IT Risk Management framework, the bank’s Core Banking System (CBS) and its online and digital banking channels have suffered frequent and significant outages in the last two years, the recent one being a service disruption on April 15, 2024, resulting in serious customer inconveniences. The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth,” stated RBI circular. The current restrictions will be reconsidered after the bank conducts a thorough external audit, approved by the RBI, and addresses any deficiencies found.