The payments bank failed to adhere to certain provisions of the licensing guidelines, delayed in reporting of unusual cyber security incidents, and failed to secure mobile banking applications including UPI ecosystem, the regulator said Thursday.
“This action is based on the deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the bank with its customers,’ RBI said.
It conducted a special scrutiny from the Know Your Customer (KYC) perspective of the bank. Auditors identified by RBI also did a comprehensive system audit of the bank.
The examination of the special scrutiny report, comprehensive system audit report and related correspondence pertaining to the same revealed non-compliance, RBI said.
The bank failed to identify beneficial owners in respect of entities onboarded by it for providing payout services, while it did not monitor payout transactions and carry out risk profiling of entities availing payout services.It also breached the regulatory ceiling of end of the day balance in certain customer advance accounts availing payout services. It failed to implement device binding control measures related to ‘SMS delivery receipt check’ while its video based customer identification process (V-CIP) infrastructure failed to prevent connections from IP addresses outside India.Before levying the penalty, RBI had sent a show cause notice to the bank.
“After considering the bank’s reply to the notice and oral submissions made during the personal hearing, RBI came to the conclusion that the charge of non-compliance with the aforesaid RBI directions was substantiated and warranted imposition of monetary penalty on the bank,” the regulator said.