<!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-QCXBYX5C31"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-QCXBYX5C31'); </script>

Navigation

  • Skip to Content
BNM Logo BNM Logo
  • About Us
      Our Roles Board of Directors Governor Management Committee Senior Officers of BNM Organisation Structure Statutory Committees
  • Topics
  • News & Events
      Press Releases Public Notices Speeches Calendar of Events Events at BNM Procurement
  • Rates & Statistics
  • Publications
  • Regulations
      Legislation Standards & Guidelines FSP Directory Enforcement Actions
  • Careers
      Join Us Job Vacancies Kijang Graduate Programme Internships Scholarships
  • Contact Us
      Contact Us BNM Offices Whistleblowing Policy
Search

Language Selector

melayu

Breadcrumb

  1. Home
  2. News & Events
  3. Press Releases
  4. BNM has imposed an Administrative Monetary Penalty on Bank Islam Malaysia Berhad for non-compliance with the Islamic Financial Services Act 2013, Risk Management in Technology Policy Document, and Anti-Money Laundering, Countering Financing of Terrorism, and Targeted Financial Sanctions for Financial Institutions Policy Document

Asset Publisher

null BNM has imposed an Administrative Monetary Penalty on Bank Islam Malaysia Berhad for non-compliance with the Islamic Financial Services Act 2013, Risk Management in Technology Policy Document, and Anti-Money Laundering, Countering Financing of Terrorism, and Targeted Financial Sanctions for Financial Institutions Policy Document

BNM has imposed an Administrative Monetary Penalty on Bank Islam Malaysia Berhad for non-compliance with the Islamic Financial Services Act 2013, Risk Management in Technology Policy Document, and Anti-Money Laundering, Countering Financing of Terrorism, and Targeted Financial Sanctions for Financial Institutions Policy Document

Embargo : For immediate release Not for publication or broadcast before 0238 on Thursday, 31 July 2025
31 Jul 2025

Bank Negara Malaysia has imposed an Administrative Monetary Penalty (AMP) on Bank Islam Malaysia Berhad (BIMB) for non-compliance with the Islamic Financial Services Act 2013 (IFSA), Risk Management in Technology Policy Document (RMiT PD) and Anti-Money Laundering Countering Financing of Terrorism and Targeted Financial Sanctions for Financial Institutions Policy Document (AML/CFT and TFS for FIs PD).

This AMP amounts to RM3,445,000 for the following non-compliances in relation to prolonged service disruption and sanctions screening requirements:

A. Non-compliance in relation to prolonged service disruption

On 16 June 2025, BNM imposed an AMP[1] of RM1,745,000 on BIMB for its non-compliance with section 58(1)(a) of the IFSA, read together with paragraph 10.32 of the RMiT PD, which came into effect on 1 June 2023.

Under paragraph 10.32 of the RMiT PD, financial institutions must ensure their relevant critical systems are designed for high availability. This means a:

a) cumulative unplanned downtime that affects user interface of not more than four hours on a rolling 12-month basis; and

b) maximum tolerable downtime of 120 minutes per incident.

Between 1 June 2023 and 31 December 2024, BIMB experienced multiple unplanned downtimes that caused prolonged disruptions to its banking services, such as e-banking channels, debit card system and online payment transactions. The duration of the disruptions breached the thresholds specified in paragraph 10.32 of the RMiT PD. BIMB’s non-compliance resulted from lapses in executing the response and recovery process to restore the disrupted systems promptly. This has impacted the availability of essential banking services for its customers and counterparties.

BIMB has since then taken the necessary actions to enhance its recovery capabilities and strengthen its IT infrastructure as part of its multi-year technology infrastructure investment plan to prevent future non-compliance.

In determining the imposition of the AMP, BNM considered the relevant aggravating and mitigating factors, including:

  1. BIMB’s failure to take reasonable steps to mitigate the downtime incidents, which resulted in the non-compliance;
  2. the severity of the non-compliance, including the impact of the service disruption on customers and counterparties;
  3. BIMB’s past compliance record and history of formal enforcement actions; and
  4. effectiveness of remedial actions to prevent recurrence of breaches.

BNM expects all financial institutions to maintain a high level of technology resilience against operational disruptions to ensure the continuous availability of essential financial services.

B. Non-compliances in relation to the sanctions screening requirement

On 27 May 2025, BNM imposed an AMP of RM1,700,000 on BIMB for the following non-compliances:

a) Non-Compliance 1: Section 58(1)(a) of the IFSA, read together with paragraphs 27.4.2 and 28.3.2 of the AML/CFT and TFS for FIs PD[2]; and

b) Non-Compliance 2: Section 58(1)(a) of the IFSA, read together with paragraphs 27.4.1, 27.4.2 and 27.7.1 of the AML/CFT and TFS for FIs PD.

Under the AML/CFT and TFS for FIs PD, reporting institutions (RIs) are required to conduct sanctions screening on existing, potential or new customers against the Domestic List[3] and United Nations Security Council Resolutions (UNSCR) List[4] as part of the customer due diligence and ongoing due diligence processes. RIs must screen their entire customer database to identify any positive matches immediately after the relevant authorities publish the respective lists. Subsequently, RIs must immediately report to BNM and Polis Diraja Malaysia (PDRM) upon determination that they are in possession or in control of funds or properties of any specified entity[5] and/or related party. This is essential to protect RIs and the broader financial system from being abused to raise, move and utilise funds by terrorists, terrorist organisations and terrorist financiers.

Below are the two instances of non-compliance with the sanctions screening requirements:

A. Non-Compliance 1

BNM identified the breach during an on-site examination, which revealed gaps in BIMB’s sanctions screening process and system. These gaps delayed the performance of sanctions screening on its non-customer beneficial owners against the Domestic List and UNSCR List. Nonetheless, no specified entities were onboarded, nor were any transactions of specified entities conducted arising from this breach.

B. Non-Compliance 2

BIMB failed to conduct timely sanctions screening against its entire customer database against the Domestic List upon publication of the Federal Gazette[6] in 2022 and 2023. This led to a delay in identifying and confirming a positive name match for three specified entities. In addition, BIMB delayed submitting the report upon notifying BNM that it was in possession of or in control of funds or properties of one specified entity. 

BNM discovered that the breach occurred due to gaps in BIMB’s sanctions screening process and procedures, including ineffective sanctions management, inadequate training and employee oversight of compliance obligations. BNM takes the breach seriously, as transactions were facilitated for the specified entities during the period before the identification and confirmation of positive name matches against the Domestic List.

BIMB has since strengthened its sanctions screening process by enhancing its systems, including the core banking system, front-end system and the AML screening system to ensure prompt sanctions screening. BIMB has also improved its sanctions screening management, including revising standard operating procedures and enhancing employee training.

In deciding the imposition of the AMP, BNM considered the relevant aggravating and mitigating factors, including:

a) inadequate controls taken by BIMB in mitigating the risk of the occurrence of the breaches;

b) BIMB’s past compliance record and history of formal enforcement actions imposed; and

c) effectiveness of remedial actions taken to prevent recurrence of breaches.

BNM will not hesitate to take appropriate supervisory and enforcement actions when financial institutions fall short of regulatory expectations.

BIMB paid RM1,700,000 for the AMP imposed on 29 May 2025 for sanction screening breaches and RM1,745,000 for the AMP imposed on 30 June 2025 for prolonged service disruptions.

The enforcement actions taken against BIMB were carried out in line with the approach and processes outlined in the Enforcement Approach.


[1] BNM imposed the AMP pursuant to section 245(3)(b)(i) of the IFSA.

[2] The AML/CFT and TFS for FIs PD was in effect from 1 January 2020 to 5 February 2024 and has since been superseded by the Anti-Money Laundering, Countering Financing of Terrorism, Countering Proliferation Financing and Targeted Financial Sanctions for Financial Institutions Policy Document (AML/CFT/CPF and TFS for FIs PD), which took effect on 6 February 2024. These requirements are preserved under paragraphs 27.4.1, 27.4.4, 27.7.1 and 28.3.4 of the AML/CFT/CPF and TFS for FIs PD.

[3] Domestic List is a list of names and particulars of specified entities declared by the Minister of Home Affairs under the relevant subsidiary legislation made under section 66B(1) of the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA).

[4] UNSCR List is a list of names and particulars of persons as designated by the United Nations Security Council (UNSC) or its relevant Sanctions Committee pursuant to the relevant UNSCR and are deemed as:

  1. specified entities by virtue of section 66C(2) of the AMLA for Targeted Financial Sanctions on Terrorism Financing, and
  2. designated persons under the relevant Strategic Trade Act 2010 (STA) subsidiary legislation for Targeted Financial Sanctions on Proliferation Financing.

[5] Individuals or entities listed in the Domestic List and UNSCR List.

[6] P.U. (A) 127/2022 effective 25 April 2022 and P.U. (A) 42/2023 effective 15 February 2023.

Bank Negara Malaysia
31 July 2025

© Bank Negara Malaysia, 2025. All rights reserved.

Follow us
  • facebook social icon
  • twitter social icon
  • instagram social icon
  • youtube social icon
  • medium social icon
  • telegram icon
  • tiktok icon
Website Tools
  • Search
  • Email Alert
  • Contact Us
  • Download Forms
Legal Notices
  • Terms of Use for BNM Website
  • Terms of Use for BNM Datasets
  • Disclaimer
  • Privacy & Cookie Policy
BNMLINK Contact Centre
  • call-1 icon
    1-300-88-5465 Monday - Friday 9am - 5pm
  • decoration
    e-LINK Form
  • BNM General Line
  • call-1 icon +603 2784 8888
© Bank Negara Malaysia. All rights reserved.
arrow-up icon