There have been several instances recently where IT systems of banks have been shown up as not meeting data security or basic consumer safety criteria. As banks move quickly down the digitisation road, they are expected to develop a secure back-end IT system with strong risk management processes to secure clients’ assets and data.

The Reserve Bank of India’s (RBI) stringent action against Kotak Mahindra Bank (KMB) shows that the central bank is cognizant of this need. The central bank’s action asking KMB to stop onboarding new customers through its online and mobile banking channels and issuing new credit cards, sends a signal to other banks and NBFCs to get their IT infrastructure in order. The action is likely to impact KMB’s business. It has been depending on the digital channel to drive growth in the recent past. Around 95 per cent of new personal loans were being disbursed through the digital channel, and 99 per cent of credit cards were sold digitally in the last fiscal year. New clients sourced online increased 5.8 times. The RBI is right in asking KMB to address gaps in its IT system given its focus on digital banking. Its audit of KMB’s IT systems in 2022 and 2023 found serious non-compliance in the management of IT inventory, user access, vendor risk, data security and data leak prevention. These gaps not only raise governance concerns, but also inconvenience clients and endanger their data. The bank has apparently not heeded the RBI’s corrective plan issued after the audits in the last two years.

The absence of a strong IT backbone has resulted in KMB suffering frequent and significant outages in the recent past. This is becoming endemic among Indian banks. HDFC Bank, SBI and Bank of Baroda have experienced similar technical glitches in recent years. This week, ICICI Bank revealed that 17,000 new credit cards were erroneously mapped in the digital channel to wrong users. At the heart of these issues is banks’ reluctance to invest in their IT infrastructure. A report by S&P Global revealed that Indian lenders spent 1.5-2 per cent of their revenue on technology, compared with the average of 7-10 per cent for global banks. Most of the ongoing investments by banks are focused on consumer facing solutions and improving user experience in a bid to get more clients.

With indications of over 70 per cent of all payment transactions going digital by 2025, there is an urgent need for banks to set aside funds to overhaul their back-end infrastructure. Piecemeal upgradation of legacy systems over the years may have compounded the problem. But banks appear to be more focused on short-term profitability, thereby cutting back on IT infra outlays. According to Gartner, IT spends of the BFSI sector in India grew at just 2.5 per cent in 2023, compared with 4.5 per cent in 2022. The RBI needs to keep a close watch on other banks which have been reluctant to spend on IT even as they urge existing customers to move to mobile or internet banking. This is a curious contradiction.