New Delhi, Sept. 11 -- Kotak Mahindra Bank is one of the largest private lenders in the country with a market capitalisation of about $50 billion. Established in 1985, Kotak provides a wide range of financial solutions across customer and geographic segments within India.

Technology is central to Kotak's strategy to build and scale its entire range of financial services and products. In terms of its overall technology expenditure, the bank spent over Rs.1,700 crore in the year ended March 31, more than 30% higher than the previous year, amounting to about 10% of operating expenses.

The hike in investment spending follows an RBI restriction placed on the bank that prevented it from onboarding new customers digitally and issuing new credit cards. To be sure, the central bank imposed supervisory restrictions in April 2024 due to issues like business outages and disruptions to its digital platforms. In February, the Reserve Bank of India lifted the supervisory restrictions on Kotak Mahindra Bank after the latter rectified deficiencies in its IT infrastructure.

"The RBI's recent restrictions, though challenging, actually gave us the opportunity to clear a lot of legacy tech debt. The embargo allowed the entire bank, from control to support to technology, to focus on raising our standards. Our technology investment over the last two years is in line with industry benchmarks, and that level of focus will continue," Nilesh Chaudhari, Head of Technology of Corporate, Commercial, and Functions at Kotak, told TechCircle in an earlier interview.

In FY25, Kotak said that it has made several upgrades to its core banking solution (CBS) that resulted in load reduction, improvement in monitoring, and little to no unplanned downtime of critical systems.

Data and analytics strategy

Kotak has built a cloud-native data platform, called Data EXchange (DEX), that processes and analyses vast volumes of data in real time, enabling hyper-personalised services as well as intelligent risk management. By consolidating structured and unstructured data from across business lines, DEX replaces legacy silos with a single, trusted platform. The bank says the platform provides a 360-degree view of customers, helping it respond faster and engage more proactively. DEX leverages analytics for real-time fraud detection, personalised product recommendations, and automated credit risk scoring. This cloud-based platform supports personalisation and compliance with the Digital Personal Data Protection (DPDP) Act. Further, the lender has expanded its capabilities in predictive analytics and behaviour modelling, embedding AI and machine learning across backend automation as well as customer-facing applications. These tools, the bank says, are helping generate actionable insights to guide business decisions and support scalable growth. As part of this effort, Kotak is developing a proprietary generative AI platform, branded Kotak AI. Its architecture starts with a model layer of 12 large language models (LLMs) from multiple providers. A router layer sits above, selecting the most suitable model for a given task. On top of that, Kotak builds specialised AI "skills," which can then be orchestrated by agents to complete end-to-end tasks. "Kotak AI is already in use for credit analysis, where analysts can process vast amounts of data faster while staying in the loop, for customer-facing staff who can now query internal processes in natural language, and even for coding assistance used by our developers," Chaudhari (quoted above) had earlier said. Cybersecurity and governance mechanisms

Kotak has formulated the IT Risk and Information Security Committee (IRISC), which oversees the lender's overall security posture under a board-approved framework that is reviewed annually. The committee ensures that Kotak is in compliance with Indian regulatory standards, including the RBI's Cybersecurity Framework, the IT Act 2000, and others.

The bank has stepped up its data protection framework with stricter safeguards for personally identifiable information (PII), advanced encryption protocols, and tighter user access controls. Further, Kotak operates on-site Security Operations Centre (SOC), which keeps constant watch against breaches and cyberattacks. The bank also runs frequent scenario-based tests to sharpen its response playbook.

Engineering talent

Kotak's technology team has over 2,000 full-time employees, supported by another 2,000 through partners. The team was largely concentrated at the Mumbai headquarters, but over the last three to four years, the team has spread across Gurgaon, Bengaluru, and Hyderabad. As part of the transformation, the bank has set up hubs in Bengaluru and Hyderabad to tap into engineering talent. The bank is investing heavily in hiring core engineering talent as it shifts away from heavy dependence on vendors and off-the-shelf products. While partnerships will always play a role, the focus now is on building in-house capabilities that give us long-term differentiation, a company executive has said. As per media reports from 2024, the company onboarded 500 engineers in the previous two years, from firms like Google, Amazon, Paytm, and PhonePe. The company also announced at the time that it would be adding 400 more to its tech team.

Published by HT Digital Content Services with permission from TechCircle.