Get full access to one story every week, and to summaries of all other stories. Just create a free account

What do India’s largest private bank HDFC Bank, cards network Mastercard, and Paytm* Payments Bank have in common? They’ve all been caught in the audit crosshairs of India’s banking regulator, thanks to their various IT lapses.

In its latest series of sanctions, the Reserve Bank of India (RBI) stopped stopped Economic Times RBI directs Paytm Payments Bank to stop onboarding new customers Read more Paytm Payments Bank from on-boarding new customers after it found “material supervisory concerns”. “‘Material supervisory concerns’ can include a range of transgressions from how data is stored and who has access, how its systems operate, to transaction processing, customer on-boarding, merchant on-boarding, cyber security issues,” said an expert with knowledge of the matter. The RBI has now asked the bank to conduct a system-wide IT audit using an RBI-approved external auditor.

Neither the bank nor the regulator has disclosed the exact nature of the risks, but those in the industry say it could take a while for Paytm Payments Bank to get back to business as usual. “The audit may go on for over six months, and then it may take three or four months [for Paytm] to comply and then submit the compliance report. The regulator may send its own team and examine the compliance status,” says the expert, adding that it could take around one and half years for these matters to be sorted out.

The other two have experienced this. After the RBI found HDFC Bank plagued plagued The Ken Sorry for the inconvenience: Why your bank’s systems keep failing Read more with outages, it took the regulator 15 months to completely lift lift Economic Times RBI lifts all restrictions on HDFC Bank's business-generating activities Read more the sanctions from the bank acquiring new credit card customers. Mastercard, which reportedly got tagged for its non-compliance with data laws in July 2021, is still unable to issue new cards in India.

This is far from the RBI that one was generally familiar with. An RBI that would, at best, conduct once-a-year audits at large banks. The RBI of today that HDFC Bank, Mastercard, and Paytm Payments Bank have to contend with is one that is “smarter”, “micro-dictatorial”, “very detail oriented”, and “more insistent” according to three different bankers The Ken spoke to. Few bankers wanted to talk about the RBI and those that did requested anonymity in exchange for their candour.

The number of banks penalised has risen sharply, from 14 in 2018 to 54 in 2021. R Gandhi, the RBI’s former deputy governor, who is also an adviser to Paytm Payments Bank, tells The Ken that this increase in frequency and depth of audits is a natural consequence of increasing digitisation of banking books and operations.


Arundhati Ramanathan

Arundhati is interested in how people use money in the digital age and how new economies will take shape based on that interaction. She writes the newsletter Ka-Ching! every Monday. She lives in Bengaluru and has spent over 12 years reporting and writing on various subjects.

View Full Profile

Enter your email address to read this story

To read this, you’ll need to register for a free account which will also give you access to our stories and newsletters

Or use your email ID