You're mixing two separate things. Mobikwik breach is separate thing and laxity of banks in complying with already issued orders is separate thing. The laxity of banks needs to be punished and for this RBI can act in any manner available within it's domain.
This is no existing Data regulation (both sensitive and non sensitve) in our country, the Govt needs to work with various stakeholders involved[For eg: SEBI, RBI, UIDAI, MoH]. We cannot simply blame RBI alone for inaction, what is Govt doing ? or what has been Meity or ministry doing?. Plus there is also CertIn organization for cybercrimes, what has been its response till date ?
The regulation is not quite clear in these things so better work with our parliamentarians in providing us with a clear data regulation on the lines of GDPR of EU. The last I read was it was work in progress and Raisina Dialogue for this is year is scheduled inviting the promoters of EU's GDPR. Further, we might not know what Govt and RBI is doing behind closed doors.