<!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-QCXBYX5C31"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-QCXBYX5C31'); </script>

Navigation

  • Skip to Content
BNM Logo BNM Logo
  • About Us
      Our Roles Board of Directors Governor Management Committee Senior Officers of BNM Organisation Structure Statutory Committees
  • Topics
  • News & Events
      Press Releases Public Notices Speeches Calendar of Events Events at BNM Procurement
  • Rates & Statistics
  • Publications
  • Regulations
      Legislation Standards & Guidelines FSP Directory Enforcement Actions
  • Careers
      Join Us Job Vacancies Kijang Graduate Programme Internships Scholarships
  • Contact Us
      Contact Us BNM Offices Whistleblowing Policy
Search

Language Selector

melayu

Breadcrumb

  1. Home
  2. News & Events
  3. Press Releases
  4. Bank Negara Malaysia imposes Administrative Monetary Penalty on CIMB Bank Berhad and CIMB Islamic Bank Berhad for non-compliance with the Financial Services Act 2013 and Islamic Financial Services Act 2013

Asset Publisher

null Bank Negara Malaysia imposes Administrative Monetary Penalty on CIMB Bank Berhad and CIMB Islamic Bank Berhad for non-compliance with the Financial Services Act 2013 and Islamic Financial Services Act 2013

Bank Negara Malaysia imposes Administrative Monetary Penalty on CIMB Bank Berhad and CIMB Islamic Bank Berhad for non-compliance with the Financial Services Act 2013 and Islamic Financial Services Act 2013

Embargo : For immediate release Not for publication or broadcast before 0040 on Thursday, 15 August 2024
15 Aug 2024

Bank Negara Malaysia (BNM) had on 29 July 2024, imposed an Administrative Monetary Penalty (AMP)[1] of RM760,000 on CIMB Bank Berhad and CIMB Islamic Bank Berhad (collectively referred to as CIMB) for non-compliance with paragraph 48(1)(a) of the Financial Services Act 2013 (FSA) and paragraph 58(1)(a) of Islamic Financial Services Act 2013 (IFSA) read together with paragraph 10.32 of the Risk Management in Technology (RMiT) Policy Document.

Under paragraph 10.32 of the RMiT Policy Document, financial institutions must ensure their relevant critical systems are designed for high availability, specifically:

(a) cumulative unplanned downtime that affects user interface must not be more than four hours on a rolling 12-month basis; and

(b) maximum tolerable downtime of 120 minutes per incident.

On 8 and 9 April 2024, CIMB’s customers experienced prolonged service disruptions affecting e-banking channels, Automated Teller Machines (ATM), as well as debit cards and credit cards. The duration of these disruptions to CIMB’s services exceeded the thresholds specified by BNM. Upon investigation into the root cause leading to the incidents, it was found that CIMB’s non-compliance resulted from lapses in the execution of its response and recovery process to restore the disrupted systems promptly, which impacted the availability of essential banking services for its customers and counterparties.

CIMB has taken the necessary remediation actions, including enhancing its real-time IT infrastructure monitoring function to further improve its recovery capabilities and prevent future non-compliance.

Aggravating and Mitigating Factors

In deciding to impose the AMP, BNM has considered the relevant aggravating and mitigating factors, which include:

  1. failure to take reasonable steps to mitigate the downtime incidents and avoid non-compliance;
  2. severity of the non-compliance, including the impact of the service disruption on customers and counterparties;
  3. past compliance record and history of formal enforcement actions imposed; and
  4. effectiveness of remedial actions taken to prevent recurrence.

BNM expects all financial institutions to maintain a high level of technology resilience against operational disruptions to ensure the continuous availability of essential financial services. BNM will not hesitate to take appropriate supervisory and enforcement actions when financial institutions fall short of regulatory expectations. 

CIMB paid a total of RM760,000 for the AMP imposed by BNM on 12 August 2024.

The enforcement action taken is in line with the approach and processes outlined in the published Enforcement Approach document. For more information, please visit Enforcement Approach.

 


[1] BNM imposed the AMP pursuant to subsection 234(3)(b)(i) of the FSA and subsection 245(3)(b)(i) of the IFSA.

 

Bank Negara Malaysia
15 August 2024

© Bank Negara Malaysia, 2024. All rights reserved.

Follow us
  • facebook social icon
  • twitter social icon
  • instagram social icon
  • youtube social icon
  • medium social icon
  • telegram icon
  • tiktok icon
Website Tools
  • Search
  • Email Alert
  • Contact Us
  • Download Forms
Legal Notices
  • Terms of Use for BNM Website
  • Terms of Use for BNM Datasets
  • Disclaimer
  • Privacy & Cookie Policy
BNMLINK Contact Centre
  • call-1 icon
    1-300-88-5465 Monday - Friday 9am - 5pm
  • decoration
    e-LINK Form
  • BNM General Line
  • call-1 icon +603 2784 8888
© Bank Negara Malaysia. All rights reserved.
arrow-up icon