BNM fines Maybank RM4.3mil, CIMB RM760,000 for service disruptions

BNM fines Maybank RM4.3mil, CIMB RM760,000 for service disruptions

The central bank says the duration of the disruptions for both banks breached the thresholds specified in rules.

bank negara
The central bank imposed the fines for Maybank’s service disruptions on June 1, 2023 and May 31 this year as well as for CIMB’s on April 8 and 9.
PETALING JAYA:
Bank Negara Malaysia (BNM) has imposed a penalty of RM4,320,000 on Malayan Banking Bhd and RM760,000 on CIMB Bank Bhd over their prolonged service disruptions.

BNM said it imposed the fines for non-compliance with the Financial Services Act 2013 and the Islamic Financial Services Act 2013, as well as the central bank’s policy document on risk management in technology.

In separate statements, BNM said Maybank and CIMB had paid their respective fines on Aug 8 and 12.

It said that on June 1, 2023 and May 31 this year, Maybank’s regional mobile banking platform and MAE applications experienced multiple unplanned downtime that caused prolonged disruptions in several banking services, impacting customers and other parties.

BNM said that upon investigation, it was found that Maybank’s non-compliance resulted from its inability to recover effectively and promptly from the unexpected system disruptions, which severely impacted the interface experience of its online banking services.

“Measures by Maybank to further strengthen its application and infrastructure resiliency as required by BNM were also incomplete at the time of the incidents, which impeded recovery,” BNM added.

It, however, noted that Maybank had taken the necessary actions to close these gaps as part of its multi-year infrastructure investments to prevent future non-compliance.

BNM said CIMB’s customers experienced prolonged service disruptions on April 8 and 9 across its e-banking channels, automated teller machines, as well as debit and credit cards.

“CIMB’s non-compliance resulted from lapses in the execution of its response and recovery process to restore the disrupted systems promptly,” said the central bank.

It also noted that CIMB took the necessary remedial actions, including enhancing its real-time IT infrastructure monitoring function, to further improve its recovery capabilities and prevent future non-compliance.

BNM said the duration of the disruptions for both banks breached the thresholds specified in paragraph 10.32 of the policy document.

The policy document prescribes that financial institutions must ensure any cumulative unplanned downtime that affects user interface must not exceed four hours on a rolling 12-month basis, and that the maximum tolerable downtime is 120 minutes per incident.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.