Bank Negara Malaysia imposes Administrative Monetary Penalty on Malayan Banking Berhad and Maybank Islamic Berhad for non-compliance with the Financial Services Act 2013 and Islamic Financial Services Act 2013
Embargo :15 Aug 2024
<!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-QCXBYX5C31"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-QCXBYX5C31'); </script>
Bank Negara Malaysia (BNM) had on 29 July 2024, imposed an Administrative Monetary Penalty (AMP)[1] of RM4,320,000 on Malayan Banking Berhad and Maybank Islamic Berhad (collectively referred to as Maybank) for non-compliance with paragraph 48(1)(a) of the Financial Services Act 2013 (FSA) and paragraph 58(1)(a) of Islamic Financial Services Act 2013 (IFSA) read together with paragraph 10.32 of the Risk Management in Technology (RMiT) Policy Document.
Under paragraph 10.32 of the RMiT Policy Document, financial institutions must ensure their relevant critical systems are designed for high availability, specifically:
(a) cumulative unplanned downtime that affects user interface must not be more than four hours on a rolling 12-month basis; and
(b) maximum tolerable downtime of 120 minutes per incident.
Between 1 June 2023 and 31 May 2024, Maybank’s Regional Mobile Banking Platform (RMBP) and MAE applications experienced multiple unplanned downtime that caused prolonged disruptions in several banking services interface with customers and counterparties. The duration of the disruption breached the thresholds specified in paragraph 10.32 of the RMiT Policy Document. Upon investigation into the root cause leading to the incidents, it was found that Maybank’s non-compliance resulted from its inability to recover effectively and promptly from the unexpected system disruptions, which severely impacted the interface experience of online banking services for its customers and counterparties. Measures by Maybank to further strengthen its application and infrastructure resiliency as required by BNM were also incomplete at the time of the incidents which impeded recovery effects.
Maybank has taken the necessary actions to close these gaps as part of its multi-year infrastructure investments to prevent future non-compliance.
Aggravating and Mitigating Factors
In deciding to impose the AMP, BNM has considered the relevant aggravating and mitigating factors, which include:
BNM expects all financial institutions to maintain a high level of their technology resilience against operational disruptions to ensure the continuous availability of essential financial services. BNM will not hesitate to take appropriate supervisory and enforcement actions when financial institutions fall short of regulatory expectations.
Maybank paid a total of RM4,320,000 for the AMP imposed by BNM on 8 August 2024.
The enforcement action taken is in line with the approach and processes outlined in the published Enforcement Approach document. For more information, please visit Enforcement Approach.
[1] BNM imposed the AMP pursuant to subsection 234(3)(b)(i) of the FSA and subsection 245(3)(b)(i) of the IFSA.
Bank Negara Malaysia
15 August 2024
© Bank Negara Malaysia, 2024. All rights reserved.