Indian bank’s IT is so shabby it’s been banned from opening new accounts
- Reference: 1714026552
- News link: https://www.theregister.co.uk/2024/04/25/rbi_india_kotak_mahindra_bank/
- Source link:
The ban came after what the Reserve Bank of India described as “Serious deficiencies and non-compliances … in the areas of IT inventory management, patch and change management, user access management, vendor risk management, data security and data leak prevention strategy, business continuity and disaster recovery rigour and drill, etc.”
Kotak Mahindra Bank has over 41 million customers and more than $500 billion in assets under management. The Bank’s FY 22/23 [1]annual report [PDF] states that it emphasized “strengthening our security measures” during the year.
[2]
The Reserve Bank of India took a dim view of those efforts.
[3]
[4]
“For two consecutive years, the bank was assessed to be deficient in its IT Risk and Information Security Governance,” the central bank [5]found . Worse still, Kotak Mahindra’s efforts to follow a corrective action plan failed.
“Compliances submitted by the bank were found to be either inadequate, incorrect or not sustained,” according to the Reserve Bank.
[6]
Kotak Mahindra’s woes didn’t just annoy the Reserve Bank: customers have been impacted by outages.
The central bank has therefore assessed Kotak Mahindra as “materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth.”
And that growth is rapid: Kotak Mahindra won three million new customers for a single credit card product in FY 22/23, and its annual report is replete with mentions of new products and services.
[7]
India’s Reserve Bank yesterday decided Kotak Mahindra poses a risk to customers and to “the financial ecosystem of digital banking and payment systems.”
Preventing it from signing new customers so that it can focus on tech improvements was therefore felt necessary.
[8]India effectively kills e-wallet used by over 300 million
[9]India builds massive tech infrastructure to support finance sector
[10]India bans 232 Chinese lending and betting apps
[11]Use of India's CBDC declines, but central bank presses ahead
If Kotak Mahindra can survive an external audit of its systems, the Reserve Bank will consider lifting restrictions.
In a [12]stock market filing Kotak Mahindra bank acknowledged the Reserve Bank’s actions, and promised it has “taken concrete steps to adopt new technologies to strengthen its IT systems and will continue to work with RBI to swiftly resolve balance issues at the earliest.”
The filing also states: “The Bank believes that these directions will not materially impact its overall business.” Investors appear to have liked that - the bank's share price rose around 1.65 percent yesterday.
The Register has spotted other eyebrow-raising FinTech in India, such as the bank that operated [13]without intrusion detection or prevention systems or a licensed firewall, and another that was censured for [14]failing its obligations to prevent money laundering.
And who could forget that in neighbouring Pakistan, the Federal Board of Revenue [15]admitted it ran on pirated software? ®
Get our [16]Tech Resources
[1] https://www.Kotak.com/content/dam/Kotak/investor-relation/Financial-Result/Annual-Reports/FY-2023/Kotak-mahindra-bank/Kotak-mahindra-bank-limited-FY22-23.pdf
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Ziopwetn1MSZuumYkyxg2AAAAMQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Ziopwetn1MSZuumYkyxg2AAAAMQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Ziopwetn1MSZuumYkyxg2AAAAMQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=57769
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Ziopwetn1MSZuumYkyxg2AAAAMQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Ziopwetn1MSZuumYkyxg2AAAAMQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2024/02/19/paytm_rbi_advice/
[9] https://www.theregister.com/2023/12/20/india_financial_services_infrastructure_build/
[10] https://www.theregister.com/2023/02/07/india_bans_232_chinese_lending/
[11] https://www.theregister.com/2024/04/08/india_cbdc_decline/
[12] https://nsearchives.nseindia.com/corporate/KOTAKBANK_24042024204758_SEIntimation24042024.pdf
[13] https://www.theregister.com/2022/04/05/mahesh_bank_no_firewall_attack/
[14] https://www.theregister.com/2024/02/19/paytm_rbi_advice/
[15] https://www.theregister.com/2021/08/26/pakistan_federal_board_of_revenue_software_licensing_snafus/
[16] https://whitepapers.theregister.com/
Re: The next superpower ?
There are a lot of very competent people in India but the country seems rife with these kinds of problems.
Is the country rife with these kind of problems, or is it growing up in a time with globalised 24/7 media?
There are a lot of very competent people in most countries. Most countries are rife with corruption when you scratch the surface, it's just done in a way that the citizens of that country tolerate. (e.g. I'd argue 'political lobbying' in the US essentially allows the buying of favourable legislation; the UK has a definite 'boys club' when it comes to government, and so on...).
It's hard to believe that it will ever be a superpower, either through corruption or just the inability to be serious on certain issues.
You're suggesting it's not yet corrupt enough? The current superpower is looking like it'll have it's first president with an ankle tag in 6 months. ;)
In all seriousness, I'd argue this is what happens when growth occurs in a country with a population measured in billions. In somewhere like the UK the customer numbers involved would've been smaller, and you could argue that a more mature industry would be more in tune to these kind of [1]issues. It sounds like the grown ups have stepped in though, so I'm sure it'll be fine.
[1] https://www.datacenterdynamics.com/en/news/major-tsb-banking-outage-be-blamed-failure-test-data-center-ahead-it-migration/
I can't imagine the state of their IT
For a bank to be forbidden from adding new accounts, that is just . . mind boggling.
I've seen some bank departments where some people were seriously out of touch, but that was just the one person here or there. For the entire bank to not know what it's doing with 40+ million customers ?
How can that happen ?
Yeah, I know, India. But this is a bank . We're not talking some online store, this is supposed to be men in suits with serious boardroom power.
I just cannot fathom what the hell is going on over there.
Re: I can't imagine the state of their IT
What about those unfortunate enough to already be their customers? What redress do they have, I doubt current account switching is easy.
The next superpower ?
There are a lot of very competent people in India but the country seems rife with these kinds of problems.
It's hard to believe that it will ever be a superpower, either through corruption or just the inability to be serious on certain issues.