Promoting Financial Stability
A core part of Bank Negara Malaysia’s (BNM) mandate is to promote a stable financial system to serve as a foundation for sustainable economic growth. This means financial institutions are able to absorb shocks and continue providing essential financial services to households and businesses at all times. It safeguards Malaysians’ continued access to savings, financing, insurance/takaful protection and payment services even during times of economic stress. To this end, BNM regulates and supervises financial institutions to keep the financial system strong
Financial Stability Priorities in 2025
A resilient financial system ensures the continuity of financial intermediation and services during periods of stress and uncertainty. This sustains public confidence, thereby supporting economic stability and growth. In the face of global uncertainties, including global trade and geopolitical tensions, Malaysia’s financial system remained resilient in 2025 amid a prudent and robust regulatory environment.
Against this backdrop, BNM continued to anchor our regulatory and supervisory priorities in 2025 on safeguarding the resilience of the financial system. Our efforts focused on four key areas:
- Aligning Malaysia’s regulatory framework with global standards while adapting them to local needs.
- Strengthening financial institutions’ ability to manage operational disruptions in an increasingly digitised and interconnected environment.
- Enhancing risk management practices to build resilience against emerging risks such as fraud, cyber threats and climate change.
- Fostering responsible practices and high standards of business conduct for fair outcomes for consumers.
Regulatory Priorities
In line with the priority areas, BNM issued nine key prudential, market conduct and payment system policies (Diagram 1).
Adoption of global regulatory standards
We continued efforts to align our regulatory framework with the Basel III standards. The aim is for financial institutions to stay strong and well-prepared to withstand shocks. In turn, this protects depositors and supports confidence in the financial system. In 2025, we issued three Exposure Drafts, namely the Capital Adequacy Framework (Internal Ratings-Based Approach for Credit Risk) (IRB), Capital Adequacy Framework (Counterparty Credit Risk) (CCR) and Interest Rate Risk in the Banking Book (IRRBB).
These policies improve how banks measure and manage risks. The revised IRB reduces undue differences in model-based risk estimates,[1] thus contributing to more credible and comparable capital ratios for banks. Meanwhile, the new CCR methodology will enable banks to allocate capital more efficiently, especially for derivative transactions, supported by strong risk management practices. The IRRBB standard sets clearer expectations on how banks manage the risk from movements in interest or profit rates. In practice, this means banks must have strong oversight, proper controls and enough capital to withstand these movements. Managing this risk well helps ensure banks stay resilient through different interest rate environments.
Strengthening standards on risk management and operational resilience
Greater use of digital technology and shared systems has made the financial system more efficient and led to better outcomes for consumers. However, it also increases the risk of disruptions from cyber incidents and technical failures. In line with these heightened risks, BNM updated the Risk Management in Technology (RMiT) requirements. The aim is to strengthen IT security and resilience against evolving cyber threats, outages and data breaches. We also issued a Discussion Paper on Operational Resilience to invite industry-wide feedback on how financial institutions should prepare for and respond to severe disruptions. This aims to ensure they can continue delivering critical services even amid severe operational disruptions.
Ensuring responsible lending and fair outcomes to consumers
For a financial system to function efficiently, there needs to be trust between financial service providers and consumers. This trust – built on accountability, fairness and transparency – gives consumers the confidence to participate in the financial system.
During the year, we intensified efforts to strengthen this trust. With the revised policy, financial service providers can no longer use flat rate[2] and/or Rule of 78 method[3] for calculating interest or profit for personal financing. This means consumers pay interest or profit only on the amount they still owe and are not subject to excess charges for making early repayments. Additionally, financial service providers must ensure that consumers complete a financial education module, delivered either by the financial service provider or Agensi Kaunseling dan Pengurusan Kredit (AKPK), before applying for any new personal financing product exceeding RM100,000. Similar restrictions on the use of flat rate and/or Rule of 78 method will also apply to hire-purchase financing, once the recently enacted Hire-Purchase (Amendment) Act 2026 takes effect on 1 June 2026.
Financial service providers must now also adopt more holistic affordability assessments. This goes beyond assessing whether a borrower’s income can cover existing debt obligations. They must also ensure that the borrower has sufficient income left for essential living expenses after taking on new personal financing. These enhanced requirements promote more prudent, responsible and transparent financing practices. They can also help borrowers make better-informed financing decisions and avoid taking on debt beyond what they can afford.
In the digital payments space, we updated the payment card rules so that cardholders have more control over their own payment card security. Key changes include stronger authentication methods and new self-service security toggles, which allow cardholders to customise the safety features of their payment card. This includes the choice to turn off features such as card-not-present (CNP)[4] for overseas transactions through their banking application. Looking ahead, we also plan to set stronger rules on how financial institutions respond to fraud, focusing on proper communication with account holders. These steps will help improve coordination and speed up action across the industry. Together, they will promote user confidence and drive greater fairness and transparency in how financial institutions respond to fraud.
Additionally, the passing of the Consumer Credit Act 2025 (CCA)[5] marks a key legislative reform aimed at strengthening consumer protection and harmonising consumer credit regulation. The CCA provides an overarching framework applicable to all authorities[6] with oversight of consumer credit, including BNM. This promotes consistency by ensuring that regulatory standards issued by the authorities meet the minimum consumer protection expectations set out under the CCA. Through this coordinated approach, consumers can benefit from effective and similar protection across the entire credit industry.
Beyond policy reforms, we also engaged the public as part of our broader commitment to building a fair, transparent and inclusive financial system for all Malaysians. For example, BNM held outreach sessions, including media workshops, to explain what fair treatment means in practice and how it applies to a customer’s interactions with financial service providers. Alongside this, we also rolled out initiatives to ensure that consumers, especially those in the unserved and underserved segments, have access to essential banking services at minimal cost.[7]

Supervisory Priorities and Approaches
BNM adopts a risk-based and forward-looking supervisory approach. Supervisory activities are prioritised based on material risks that could affect financial stability. Through on-site reviews and off-site monitoring, we get a holistic view of how financial institutions are managing these risks. This allows us to intervene early when needed. Additionally, we also conduct thematic reviews to assess how individual institutions compare with their peers in managing broader, system-wide risks. After our review, we communicate our findings and recommendations to financial institutions. The aim is for financial institutions to take action to protect customers and maintain financial stability. Importantly, our supervisory activities also align with our regulatory priorities for the year.
Sound management of third-party service providers (TPSPs)
To deliver their services more efficiently, financial institutions use TPSPs for a wide range of services, including critical services such as IT operations and data centre management. However, dependence on TPSPs can create risks, particularly if a disruption at the TPSP affects a financial institution’s ability to maintain continuity of its services. If not properly managed, such dependencies could have severe impacts on the financial system, thereby affecting overall public trust. Hence, financial institutions must have a strong governance and risk management framework to uphold accountability and ensure operational resilience.
In 2025, BNM assessed banks’ risk management practices against the principles of sound management of third-party risk (Diagram 2) adopted from Basel Committee on Banking Supervision (BCBS). The review found that banks are generally able to manage risks associated with TPSPs, although not all systemic risks can be eliminated. To this end, we require banks to continue enhancing their visibility over key nth party[8] dependencies, manage concentration risks among a few critical providers and conduct more robust continuity plans and exit strategies. Ongoing efforts to strengthen these areas help ensure that essential services – such as access to ATMs, account balances and payment services – remain secure and uninterrupted, even during unexpected disruptions.

Inculcating stronger Shariah operational practices
Takaful is a Shariah-based protection that is based on the principles of mutual assistance, fairness and risk-sharing. During the year, we reviewed how takaful operators apply Shariah principles in their business operations. Central to this process are the Shariah Committees, who are accountable for providing objective and sound advice to Islamic financial institutions in ensuring Shariah principles are upheld across all aspects of the institution’s operations and affairs. It is therefore important that assessments presented to the Shariah Committees are rigorous to support robust deliberation and decision-making on Shariah matters. Such decisions should also be revisited periodically to ensure they remain appropriate as circumstances evolve.
The outcomes and expectations from the review were reinforced through engagements with Shariah Committee members and Shariah heads. Importantly, these efforts help to preserve public confidence that takaful products remain Shariah-compliant throughout their lifecycle.
Ensuring crisis preparedness
Building on work that started in 2024, BNM reviewed the remaining banks’ recovery plans to assess their readiness to manage periods of financial stress. The review found that banks have considered a range of recovery options, supported by clear governance arrangements and early warning triggers to enable swift crisis response. However, there are also areas for improvement. Banks need to conduct a deeper analysis of the practicality of their recovery options and more detailed scenario planning to reflect real-world stress events. This includes refining timelines and conducting thorough back-testing to ensure recovery plans work well under stress.
Recovery planning is a cornerstone of institutional resilience. As banks’ business models, risk profiles and operating environment continue to evolve, recovery plans must be regularly reviewed and strengthened to remain effective.
Advancing climate resilience
Extreme weather events such as floods and prolonged droughts continue to affect communities and businesses across Malaysia. These disruptions highlight the need for financial institutions to prepare for the growing impact of climate risk events. In 2025, we focused on enhancing technical expertise within financial institutions to measure and manage climate-related risks (Diagram 3). This includes building skills through specialised training in transition planning, risk modelling and scenario-based stress testing techniques. Strong climate preparedness helps maintain financial stability by ensuring households and businesses can continue accessing financial services, including protection, during climate-related disruptions.

Fostering fair, responsible and professional business conduct practices
BNM recognises the importance of financial service providers acting responsibly and upholding fair business practices for consumers to have confidence in the financial system. As such, we directed our market conduct supervision initiatives to reinforce these expectations and ensure that the players continue to deliver outcomes that safeguard consumer interest.
First, we reviewed complaints handling practices relating to unauthorised e-banking transactions. We found that the reviewed banks have well-coordinated fraud management approaches. These are supported by accessible reporting channels, timely case handling and a robust assessment framework. However, we also identified areas where fraud complaints can be handled better, including on the clarity of decision letters to consumers, thoroughness of investigation and timeliness of fund recovery.
Second, we reviewed practices by bancassurance/bancatakaful (banca) providers – a key distribution channel that allows consumers to purchase insurance and takaful products through their banks. This was initiated by our observation of poor persistency rates[9] within this channel, which could be a sign of mis-selling or product unsuitability arising from weaknesses in incentive structure and oversight arrangements. Given that this could lead to financial strains for consumers, we reviewed the level of oversight exercised by the board and senior management in mitigating the risk of mis-selling or product mismatch. These include aligning incentives with fair consumer outcomes and ensuring accountability for product design and sales practices. The review surfaced several areas for improvement. Among others, banca providers should enhance customer profiling to better match product offering to the different customer segments. Another area is for stronger controls at point-of-sale to support more robust suitability and affordability assessments, and better telemarketing practices to prevent undue pressure on consumers to purchase unsuitable products.
Third, we also focused on adjusters − professionals that have a key role in ensuring effective service delivery and claims processing in the motor insurance industry. Given their role in the industry, it is important that adjusters conduct their business professionally. Poor professionalism can cause conflicts of interests that lead to biased decisions.[10] Our review surfaced issues such as lack of validation on employees’ minimum qualifications, inadequate conduct of regular background checks on shareholders, CEOs and directors, as well as insufficient due diligence to identify and prevent conflict of interest.
Overall, our supervisory activities have enabled early detection of key conduct risk such as weaknesses in governance, controls and professional standards. The findings from our reviews above were communicated to industry players, prompting timely remediation by financial service providers. Where significant breaches were identified, we took firmer actions – including the de-registration of one adjuster – to protect consumers and uphold professional standards in the industry.
Supervisory and Enforcement Actions
BNM uses a range of supervisory and enforcement actions to uphold financial stability and the integrity of our financial system. Guided by BNM’s Enforcement Approach framework, we undertake actions that are consistent, transparent and proportionate. These actions reinforce BNM’s zero-tolerance stance against financial crimes and our commitment to protecting consumers, maintaining trust and upholding integrity in Malaysia’s financial system.
Supervisory actions – such as warning letters, reprimands and enforceable undertakings – serve as preventive and corrective tools. They ensure institutions rectify compliance gaps, improve governance and strengthen internal controls. Enforcement actions, such as administrative monetary penalties and compounds, are imposed for material regulatory breaches to reinforce accountability and deter misconduct.
In 2025, BNM undertook 284 supervisory and enforcement actions (Chart 1), including imposing monetary penalties totalling RM15.9 million. Offences were mainly related to anti-money laundering,[11] technology risk management, prudential standards and foreign exchange policies (Chart 2).


A notable area for enforcement and supervisory action in 2025 was on unplanned system downtime that disrupted essential banking services. We acted against nine banks that failed to meet the regulatory expectations we set, including imposing a total penalty of RM5.6 million.
In addition, BNM deployed 'disrupt and dismantle actions' as well as 'combative actions' (Diagram 4) against financial crimes such as illegal deposit-taking (IDT), illegal money services business (MSB) and money laundering. These actions aim to safeguard financial integrity, protect public interest and ensure reporting institutions fulfil their responsibilities in preventing the financial system from being exploited by criminals.

Consistent with BNM’s Enforcement Approach, we continue to uphold transparency through the publication of enforcement actions on our website to deter future misconduct. This also demonstrates our zero-tolerance for serious non-compliances.
Building Resilience Through Local and Global Partnerships
In a highly interconnected global financial system, close engagements with industry players, government agencies and regulators are vital to share knowledge, strengthen supervisory capability and uphold global standards. In turn, such engagements strengthen financial stability, crisis prevention and crisis management.
At the global level, as part of the Mutual Evaluation by the Financial Action Task Force (FATF), we worked closely with international counterparts and domestic agencies to show Malaysia’s progress in strengthening our financial integrity framework.[12]
We also participated in supervisory colleges[13] where we exchanged views on oversight arrangements and shared best practices. This contributes towards the strengthening of the global financial system. At the regional level, we signed a Memorandum of Understanding (MoU) with the Bank of Thailand, which broadened our cyber-cooperation network with regional regulators. These initiatives further boost cyber resilience and protect against digital fraud across regional financial sectors.
On the domestic front, we collaborated on areas to build industry-wide cyber security resilience. We hosted an event to initiate the conversation on post-quantum cryptography strategies, supported by Society for Worldwide Interbank Financial Telecommunication (SWIFT), Payments Network Malaysia Sdn Bhd (PayNet) and Pusat Teknologi dan Pengurusan Kriptologi Malaysia (PTPKM). This encourages the financial sector to take initial steps to safeguard critical systems against quantum-related risks. It is also timely as advances in computing power, including the potential future use of quantum technology, may render today’s security tools less effective. Without proper preparation, financial institutions will be less able to manage cyber-attacks and data breaches, thus undermining overall financial stability. These partnerships reflect BNM’s strong commitment to strengthening financial integrity, safeguarding consumers and ensuring Malaysia’s financial system remains secure and trusted.
Going Forward
As the global financial landscape continues to evolve and become increasingly more complex, BNM remains focused on preserving financial stability. Looking ahead to 2026 and beyond, BNM will:
- continue to align prudential standards with global best practices, while tailoring them to Malaysia’s unique financial environment;
- ensure the financial system is better prepared to handle service disruptions, economic shocks and potential financial crises;
- encourage responsible innovation in the financial sector, while managing the risks that come with new technologies;
- factor climate-related risks into financial regulation, while supporting more sustainable practices and opportunities for green growth; and
- uphold high standards of integrity, transparency and accountability so that consumers are treated fairly and the financial system remains safe and trustworthy.
Together, these efforts reflect our commitment to building a financial system that is strong, secure, inclusive and future-ready. This serves to ensure the financial sector can play its role to facilitate economic growth and deliver meaningful outcomes for Malaysian households and businesses.
Notes
[1] Model-based risk estimates refer to measures such as the probability of default, loss given default and exposure at default, which banks derive using internal models to calculate risk-weighted assets under the IRB approach.
[2] ‘Flat rate’ refers to interest/profit rate that will remain at a specified rate for the whole tenure of the loan/financing, and the interest/profit is calculated based on the amount of the original loan/financing disbursed at the beginning of the loan/financing period.
[3] ‘Rule of 78 method’ refers to an interest/profit calculation method that charges consumers more at the beginning of the loan and less toward the end.
[4] CNP transactions refer to payment card transactions where the cardholder is not physically present (i.e., non-face-to-face) at the merchant when the payment is made. Examples include online transactions, mail order/telephone order transactions and recurring auto-debit transactions.
[5] For more information on the CCA, refer to the Consumer Credit Oversight Board Task Force (CCOBTF) website at (www.ccob.my).
[6] Authorities with oversight of consumer credit include the Securities Commission Malaysia, the Consumer Credit Commission, Malaysian Co-operatives Societies Commission, Ministry of Domestic Trade and Cost of Living, Ministry of Housing and Local Government and Ministry of Entrepreneur and Co-operatives Development.
[7] For more details on BNM’s regulatory initiatives, refer to the feature article ‘Bridging the Gap: Affordable and Accessible Basic Banking Services (BBS)’ in BNM Annual Report 2025.
[8] Key nth party is a service provider that is part of a TPSP’s supply chain and supports the ultimate delivery of a critical service by a TPSP to a bank or that has the ability to access sensitive or confidential bank information, as defined by BCBS on principles for the sound management of third-party risk.
[9] Persistency rate reflects customer retention. It measures the percentage of insurance policies/takaful certificates that remain in force, without lapsing.
[10] Example of conflict of interest is if an adjusting employee’s spouse owns a workshop that works with insurers and takaful operators to repair vehicles, the adjusting employee might favour that workshop when handling claims merely to support the business of his spouse, rather than being fair and unbiased to the claimants.
[11] Requirements prescribed under applicable Acts and BNM’s policy documents relating to Anti-Money Laundering, Combating the Financing of Terrorism and Counter-Proliferation Financing (AML, CFT, CPF).
[12] For more details on Malaysia’s AML/CFT/CPF initiatives, refer to chapter on ‘Maintaining Financial Integrity’ in BNM Annual Report 2025.
[13] Supervisory colleges is a platform that brings together groups of home-host supervisors, with the primary objective of exchanging information and establishing a dialogue to identify and address the key risks across a financial group.
CSS

