The last week has been symbolically eventful for the BFSI sector. The first news that caught attention was RBI’s direction to Kotak Bank to stop on boarding new customers through its online and mobile banking channels and also stop issuing fresh credit cards. The bank can continue servicing existing customers acquired thru the online and mobile channels / existing customers of the bank’s credit card.

The concerns stemmed from examination of the affairs in the Bank by RBI since 2022 and the continued failure on part of the bank to address these concerns in a comprehensive and timely manner.

As per the news item in Deccan Herald dated April 25, 2024 “The RBI also pointed out that due to lack of strong IT systems the bank has had many problems with it’s online and digital banking systems over the past couple of years. The most recent issue was on April 15, 2024, which resulted in serious inconveniences for customers.”

“The bank is found to be materially deficient in building necessary operational resilience on account of its failure to build IT systems and controls commensurate with its growth,” the central bank said.

In a similar action, in December 2020, RBI had directed HDFC Bank to stop launches of its upcoming digital business-generating activities and sourcing of new credit card customers. The curb was lifted after 8 months and with penalty imposed on the lender.  

On 26th April 2024 another news item caught attention which said that ICICI bank had blocked 17,000 Credit Cards due to data breach concerns. This was after customers reported that they could see the credit card details of other customers on the iMobile app. This included the unknown card holders name, entire credit card number, expiry date and even CVV as reported by Outlook money. One could change the transaction settings of such compromised cards and conduct international transactions where OTP is not required. The question that was left unanswered is whether the cards were also mapped to the wrong mobile number on which OTPs for fraudulent transactions could be sent thus leading to possibilities of major credit card fraud with a severe cascading fiduciary impact on the genuine credit card holders and the bank. Mobile apps are usually downloaded on the phone which holds the SIM of the number linked to the card.

I have personally received bills on email, for a co-branded credit card I never possessed or ever applied for, from a PSB. Repeated complaint to the customer service team of the bank  had no impact or a cogent response with a reason as to why this had happened. The bank was oblivious to to risk and harassment that it caused to a customer.

Such instances tend to indicate that scale and scope of operational risk management and IT security practices/ compliance have not kept pace with the growth in retail lending and credit card business. Managing growth is far more important in this digital era than AUM growth per se, especially in a   under penetrated retail credit market like India.  

Further, most of the digital action has happened in the customer acquisition and payment space with not much noticeable investment in managing operational risk and in improving after sales customer service or grievance management area. The focus seems to have been driven by consistent demand for growth not much on the planning and scaling up of the back end and customer service processes required in managing such high growth. The recent PayTM Payments Bank  fiasco is also an indicator of the risks that we are running in the financial system. That all these have happened in rapid sequence over the past couple of years along with rapid growth in the retail lending space is an indicator that growth needs to be better managed through self-governance and compliance rather than regulatory enforcement. #TheReservebankofIndia has done a remarkable job in regulating the rapidly growing financial markets in India with proliferation of Fintechs given a robust digital payment infrastructure/India stack. As one of the fastest growing economy where banking and finance plays a crucial role , it would be unfair to expect #RBI to keep a hawk eye on  growth management practices of individual financial entities.

Financial inclusion can be better achieved through better operations and customer service management practices. Customer interest protection and customer servicing/prompt and fair customer complaint resolution remains a crying need especially in the BFSI space. Whilst digitalization has helped to penetrate unserved markets servicing and customer interest protection services has lagged far behind. This is likely to hinder deeper penetration and inclusion. The bottom of the pyramid still fears institutional finance which seems to have lost the personal touch so much required to address the fears of the underserved.

Sharing is caring!