BNM has imposed an Administrative Monetary Penalty on Bank Kerjasama Rakyat Malaysia Berhad for non-compliance with the Development Financial Institutions Act 2002 and the Risk Management in Technology Policy Document
Embargo :31 Jul 2025
<!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-QCXBYX5C31"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-QCXBYX5C31'); </script>
Bank Negara Malaysia has imposed an Administrative Monetary Penalty (AMP) on Bank Kerjasama Rakyat Malaysia Berhad (BKRM) for non-compliance with the Development Financial Institutions Act 2002 (DFIA) and the Risk Management in Technology Policy Document (RMiT PD)
On 16 June 2025, Bank Negara Malaysia (BNM) imposed an AMP[1] of RM2,850,000 on BKRM for non-compliance with section 41(4)(a) of the DFIA, read together with paragraph 10.32 of the RMiT PD, which came into effect on 1 June 2023.
Under paragraph 10.32 of the RMiT PD, financial institutions must ensure that their relevant critical systems are designed for high availability. This means a:
a) cumulative unplanned downtime that affects user interface of not more than four hours on a rolling 12-month basis; and
b) maximum tolerable downtime of 120 minutes per incident.
Between 1 June 2023 and 31 December 2024, BKRM experienced multiple unplanned downtimes that caused prolonged disruptions to its banking services, such as e-banking channels, Automated Teller Machines (ATMs), including debit and credit card systems. The duration of these disruptions breached the thresholds specified in paragraph 10.32 of the RMiT PD. BKRM’s non-compliance resulted from lapses in executing the response and recovery process to restore the disrupted systems promptly. This has impacted the availability of essential banking services for its customers and counterparties.
BKRM has since taken necessary actions to enhance its recovery capabilities and strengthen its IT infrastructure as part of its multi-year technology infrastructure investment plan to prevent future non-compliance.
In determining the imposition of the AMP, BNM considered the relevant aggravating and mitigating factors, including:
BNM expects all financial institutions to maintain a high level of technology resilience against operational disruptions to ensure the continuous availability of essential financial services. BNM will not hesitate to take appropriate supervisory and enforcement actions when financial institutions fall short of regulatory expectations.
BKRM paid RM2,850,000 for the AMP imposed by BNM on 26 June 2025.
The enforcement action taken against BKRM was carried out in line with the approach and processes outlined in the Enforcement Approach.
[1] BNM imposed the AMP pursuant to section 106A(3)(b)(i) of the DFIA.
Bank Negara Malaysia
31 July 2025
© Bank Negara Malaysia, 2025. All rights reserved.