India’s central bank on Wednesday ordered Kotak Mahindra Bank to immediately cease onboarding new customers via its online and mobile banking channels and to stop issuing fresh credit cards, citing serious deficiencies in the bank’s IT systems and risk management practices.
Kotak Mahindra Bank is India’s fourth most valuable bank. It’s also one of the key partners for many fintech startups — including KredX and Rupeek — in the country. The lender, also an investor in many startups, additionally works with many fintech firms to extend credit to SMEs and MSMEs and to issue co-branded credit cards.
The lender operates Kotak811, a digital offering that has emerged as its strongest customer acquisition tool in recent years. Kotak811, which allows onboarding of customers digitally and within “three minutes” without paperwork, serves nearly 20 million customers.
The Reserve Bank of India (RBI) said it was imposing the restrictions on Kotak Mahindra Bank because of significant concerns stemming from its IT examinations of the bank for the years 2022 and 2023. The central bank found serious deficiencies and noncompliance in areas such as IT inventory management, patch and change management, user access management, vendor risk management, data security, and business continuity planning, it said.
Existing customers aren’t impacted by the restrictions.
The new restrictions could “severely impact the new retail customer additions for the bank given its smaller branch network vs. peers and higher reliance on digital channels,” analysts at Bernstein noted. The inability to issue fresh cards could impact the bank’s planned shift toward a higher share of unsecured loans “given the important role played by credit cards in achieving that target,” the analysts added.
Despite being under close scrutiny and engaging in high-level discussions with the RBI over the past two years, Kotak Mahindra Bank failed to adequately address these issues and implement satisfactory corrective measures, the central bank said. The bank’s core banking system and digital channels have experienced frequent and significant outages, with the most recent disruption occurring on April 15, 2024, causing severe inconvenience to customers, the RBI added.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
The RBI stated that the rapid growth of digital transactions at the bank, including credit card transactions, has put additional strain on the lender’s already weak IT systems. Without a robust IT infrastructure and risk management framework, prolonged outages could seriously impact the bank’s ability to provide efficient customer service, and potentially harm the broader digital banking and payment ecosystem, the central bank cautioned.
The restrictions imposed on Kotak Mahindra Bank will be reviewed upon completion of a comprehensive external audit, commissioned by the bank with prior RBI approval, and the satisfactory remediation of all identified deficiencies, the RBI said.
