The Reserve Bank of India’s directive to Kotak Mahindra Bank, asking it to not sign up customers digitally and stop issuing credit cards, might seem harsh. But it was a required step. As banking becomes more technology-driven, the risks are rising disproportionately; consequently, the regulator has little choice but to be more vigilant and act if it believes not everything is kosher. If Kotak Bank has failed to fix its IT systems even after having been reminded for two years, tough curbs are called for. The charges are serious: the RBI has said the lender has not built in adequate operational resilience in its IT systems and controls to match the growth in the business. In fact, the regulator believes Kotak Bank’s systems are “materially deficient” and has highlighted the areas that the lender needs to work on. These include IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity, and disaster recovery rigour and drill.
Breaching or ignoring regulatory guidelines is unacceptable. What is surprising is that the lender doesn’t seem to have taken the regulator’s corrective action plans for 2022 and 2023 seriously enough. The RBI doesn’t mince its words when it says the bank was found to be “significantly non-compliant” with these plans. Moreover, it has also pointed out that the compliance measures which Kotak Bank undertook have been either “inadequate, incorrect or not sustained”. The RBI points out that the less-than-robust infrastructure has resulted in frequent and significant outages over the last two years.
There are some who would attribute Wednesday’s action to the run-ins that Kotak Bank’s founder Uday Kotak has had with the regulator on his stake in the bank. The regulator was earlier forced to give in to the promoter’s demand on his stake in the lender. But that would be an unfair assumption and an injustice to the RBI. The fact is that the regulator has been working overtime to spot potential systemic risks and red-flag them. In any case, Kotak is only the latest addition to the list of financial service entities that have been reprimanded for multiple shortcomings. There are indications that more entities may face penalties for their negligence, especially if they have ignored warnings and red flags. They include HDFC Bank, Bank of Baroda, Paytm, JM Financial, and IIFL. If it appears that the regulator is paranoid and is perhaps overdoing the punishment, that perception is also misplaced. In this age of rapidly rising electronic transactions, the inter-linkages between banks are strong. A problem with one lender can potentially disrupt a large part of the system inconveniencing large numbers of customers. Indeed, the regulator would face enormous criticism if there is a breakdown.
Also Read A case for higher RBI penalties Looming mineral supply squeeze and global market response: Mineral Supply Chains and the Coming AI Surge Understanding the four Vs of operations management – volume, variety, variation and visibility The burden of legacy
It is a fact that while banks are investing heavily in technology, including artificial intelligence, they seem to be not paying adequate attention to beefing up their basic IT infrastructure, as brought by successive RBI observations. It wouldn’t be surprising if more lenders are pulled up for lapses. In their rush to fulfil their ambitious targets and gain market share, banks seem to be forgetting basic hygiene. Kotak Bank sources a very high share of assets and liabilities digitally and a high number of savings accounts are opened via its 811 account. As such, while growth is bound to be impacted, Kotak Bank must take the punishment in its stride and move on.
The Reserve Bank of India’s directive to Kotak Mahindra Bank, asking it to not sign up customers digitally and stop issuing credit cards, might seem harsh. But it was a required step. As banking becomes more technology-driven, the risks are rising disproportionately; consequently, the regulator has little choice but to be more vigilant and act if it believes not everything is kosher. If Kotak Bank has failed to fix its IT systems even after having been reminded for two years, tough curbs are called for. The charges are serious: the RBI has said the lender has not built in adequate operational resilience in its IT systems and controls to match the growth in the business. In fact, the regulator believes Kotak Bank’s systems are “materially deficient” and has highlighted the areas that the lender needs to work on. These include IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity, and disaster recovery rigour and drill.
Breaching or ignoring regulatory guidelines is unacceptable. What is surprising is that the lender doesn’t seem to have taken the regulator’s corrective action plans for 2022 and 2023 seriously enough. The RBI doesn’t mince its words when it says the bank was found to be “significantly non-compliant” with these plans. Moreover, it has also pointed out that the compliance measures which Kotak Bank undertook have been either “inadequate, incorrect or not sustained”. The RBI points out that the less-than-robust infrastructure has resulted in frequent and significant outages over the last two years.
There are some who would attribute Wednesday’s action to the run-ins that Kotak Bank’s founder Uday Kotak has had with the regulator on his stake in the bank. The regulator was earlier forced to give in to the promoter’s demand on his stake in the lender. But that would be an unfair assumption and an injustice to the RBI. The fact is that the regulator has been working overtime to spot potential systemic risks and red-flag them. In any case, Kotak is only the latest addition to the list of financial service entities that have been reprimanded for multiple shortcomings. There are indications that more entities may face penalties for their negligence, especially if they have ignored warnings and red flags. They include HDFC Bank, Bank of Baroda, Paytm, JM Financial, and IIFL. If it appears that the regulator is paranoid and is perhaps overdoing the punishment, that perception is also misplaced. In this age of rapidly rising electronic transactions, the inter-linkages between banks are strong. A problem with one lender can potentially disrupt a large part of the system inconveniencing large numbers of customers. Indeed, the regulator would face enormous criticism if there is a breakdown.
It is a fact that while banks are investing heavily in technology, including artificial intelligence, they seem to be not paying adequate attention to beefing up their basic IT infrastructure, as brought by successive RBI observations. It wouldn’t be surprising if more lenders are pulled up for lapses. In their rush to fulfil their ambitious targets and gain market share, banks seem to be forgetting basic hygiene. Kotak Bank sources a very high share of assets and liabilities digitally and a high number of savings accounts are opened via its 811 account. As such, while growth is bound to be impacted, Kotak Bank must take the punishment in its stride and move on.
Get live Share Market updates, Stock Market Quotes, and the latest India News and business news on Financial Express. Download the Financial Express App for the latest finance news.
IndiGo’s first-ever order for wide-body aircraft marks its strategic expansion into the international travel market, aiming to compete with major Gulf airlines. The order includes 30 A350-900 planes with the option for an extra 70, amounting to over $9 billion.
A stitch in time
15
7
27.04.2024
The Reserve Bank of India’s directive to Kotak Mahindra Bank, asking it to not sign up customers digitally and stop issuing credit cards, might seem harsh. But it was a required step. As banking becomes more technology-driven, the risks are rising disproportionately; consequently, the regulator has little choice but to be more vigilant and act if it believes not everything is kosher. If Kotak Bank has failed to fix its IT systems even after having been reminded for two years, tough curbs are called for. The charges are serious: the RBI has said the lender has not built in adequate operational resilience in its IT systems and controls to match the growth in the business. In fact, the regulator believes Kotak Bank’s systems are “materially deficient” and has highlighted the areas that the lender needs to work on. These include IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity, and disaster recovery rigour and drill.
Breaching or ignoring regulatory guidelines is unacceptable. What is surprising is that the lender doesn’t seem to have taken the regulator’s corrective action plans for 2022 and 2023 seriously enough. The RBI doesn’t mince its words when it says the bank was found to be “significantly non-compliant” with these plans. Moreover, it has also pointed out that the compliance measures which Kotak Bank undertook have been either “inadequate, incorrect or not sustained”. The RBI points out that the less-than-robust infrastructure has resulted in frequent and significant outages over the last two years.
There are some who would attribute Wednesday’s action to the run-ins that Kotak Bank’s founder Uday Kotak has had with the regulator on his stake in the bank. The regulator was earlier forced to give in to the promoter’s demand on his stake in the lender. But that would be an unfair assumption and an injustice to the RBI. The fact is........
© The Financial Express
visit website
login
who are we?
contact us
qosheapp
Toi Staff
Gideon Levy
Belen Fernandez
Rami G Khouri
Mort Laitner
Donald Low
Ali Fathollah-Nejad
Nikkei Editorial
