RBI Imposes Restrictions on Kotak Mahindra Bank Over IT and Risk Management Lapses


New Delhi: The Reserve Bank of India (RBI) has issued a stringent directive to Kotak Mahindra Bank, ordering an immediate halt to the onboarding of new customers via its online and mobile banking platforms. Additionally, the bank has been instructed to stop the issuance of new credit cards. This decisive action comes in the wake of the RBI’s IT Examination of Kotak Mahindra Bank for the fiscal years 2022 and 2023, which raised significant concerns.

The central bank’s examination revealed serious deficiencies in the bank’s IT systems, including lapses in IT inventory management, patch and change management, user access management, vendor risk management, data security, and data leak prevention strategy. Furthermore, the bank’s business continuity and disaster recovery measures were found to be lacking in rigor and execution.

Despite continuous high-level engagement and the issuance of Corrective Action Plans by the RBI over the past two years, Kotak Mahindra Bank has failed to address these issues adequately. The bank’s submissions in response to the RBI’s concerns were deemed either insufficient, incorrect, or unsustainable.

The RBI’s directive underscores the importance of robust IT infrastructure and risk management frameworks within banks. Kotak Mahindra Bank’s Core Banking System (CBS) and digital banking channels have experienced frequent and significant outages, including a notable service disruption on April 15, 2024, leading to considerable customer inconvenience.


The RBI’s move to bar Kotak Mahindra Bank from adding new customers reflects the regulator’s commitment to ensuring the safety and reliability of the banking system. Existing customers, including credit card holders, will continue to receive services from the bank. However, the bank is now under scrutiny to build operational resilience and enhance its IT systems and controls to match its growth trajectory.