What do India’s largest private bank HDFC Bank, cards network Mastercard, and Paytm* Payments Bank have in common? They’ve all been caught in the audit crosshairs of India’s banking regulator, thanks to their various IT lapses.
In its latest series of sanctions, the Reserve Bank of India (RBI) stopped stopped Economic Times RBI directs Paytm Payments Bank to stop onboarding new customers Read more Paytm Payments Bank from on-boarding new customers after it found “material supervisory concerns”. “‘Material supervisory concerns’ can include a range of transgressions from how data is stored and who has access, how its systems operate, to transaction processing, customer on-boarding, merchant on-boarding, cyber security issues,” said an expert with knowledge of the matter. The RBI has now asked the bank to conduct a system-wide IT audit using an RBI-approved external auditor.
Neither the bank nor the regulator has disclosed the exact nature of the risks, but those in the industry say it could take a while for Paytm Payments Bank to get back to business as usual. “The audit may go on for over six months, and then it may take three or four months [for Paytm] to comply and then submit the compliance report. The regulator may send its own team and examine the compliance status,” says the expert, adding that it could take around one and half years for these matters to be sorted out.
The other two have experienced this. After the RBI found HDFC Bank plagued plagued The Ken Sorry for the inconvenience: Why your bank’s systems keep failing Read more with outages, it took the regulator 15 months to completely lift lift Economic Times RBI lifts all restrictions on HDFC Bank's business-generating activities Read more the sanctions from the bank acquiring new credit card customers. Mastercard, which reportedly got tagged for its non-compliance with data laws in July 2021, is still unable to issue new cards in India.
This is far from the RBI that one was generally familiar with. An RBI that would, at best, conduct once-a-year audits at large banks. The RBI of today that HDFC Bank, Mastercard, and Paytm Payments Bank have to contend with is one that is “smarter”, “micro-dictatorial”, “very detail oriented”, and “more insistent” according to three different bankers The Ken spoke to. Few bankers wanted to talk about the RBI and those that did requested anonymity in exchange for their candour.
The number of banks penalised has risen sharply, from 14 in 2018 to 54 in 2021. R Gandhi, the RBI’s former deputy governor, who is also an adviser to Paytm Payments Bank, tells The Ken that this increase in frequency and depth of audits is a natural consequence of increasing digitisation of banking books and operations.