3 banks fined more than RM7mil for regulatory breaches

3 banks fined more than RM7mil for regulatory breaches

Bank Islam, Bank Rakyat, and BSN were hauled up for issues such as non-compliance with system downtime requirements and sanctions screening failures.

bank negara malaysia
Bank Negara Malaysia said the penalties were determined after considering the severity of the breaches, past compliance records, and effectiveness of remedial actions.
PETALING JAYA:
Bank Negara Malaysia has imposed more than RM7 million in administrative monetary penalties on three banks for non-compliance with regulatory requirements, particularly relating to system downtime and sanctions screening failures.

Bank Islam received two separate penalties totalling RM3,445,000, Bank Rakyat was fined RM2,850,000, and Bank Simpanan Nasional was handed a RM995,000 penalty, said BNM in separate statements today.

The central bank said the penalties stem from breaches of the Development Financial Institutions Act 2002, the Islamic Financial Services Act 2013, as well as requirements under its policies on risk management in technology, anti-money laundering, financial sanctions, and countering financing of terrorism.

Bank Islam’s first penalty, amounting to RM1,745,000, was for prolonged service disruptions between June 2023 and December 2024.

BNM said the bank was found to have delayed system recovery, which affected its digital banking services. It has since begun upgrading its IT systems and recovery plans to prevent future incidents.

The second penalty against Bank Islam, amounting to RM1,700,000, was for failures in sanctions screening compliance under regulations on anti-money laundering and countering financing of terrorism.

These failures included delays in screening non-customer beneficial owners and the bank’s entire customer database, resulting in late identification of matches with specified entities.

Bank Islam also failed to report its findings in a timely manner.

BNM said the bank’s lapses were attributed to weak internal processes, inadequate training, and ineffective oversight.

It said Bank Islam has since enhanced its sanctions screening systems and procedures.

Bank Rakyat was fined RM2,850,000 for failing to meet BNM’s requirements for system availability, resulting in multiple service disruptions between June 2023 and December 2024. These outages affected critical banking services such as e-banking, ATMs, and card systems.

The disruptions exceeded allowable downtime thresholds due to inadequate response and recovery measures.

BNM said Bank Rakyat has since strengthened its IT infrastructure and recovery capabilities.

It said financial institutions must ensure that their critical systems are designed for a cumulative unplanned downtime that affects user interface of not more than four hours on a rolling 12-month basis, and a maximum downtime of 120 minutes per incident.

BSN was fined RM995,000 for similar failures in meeting downtime requirements. It experienced multiple unplanned outages between June 2023 and October 2024 that disrupted services, including ATMs, e-banking, and card transactions.

BNM said the disruptions breached the allowed downtime thresholds because of weak recovery protocols, though BSN has since upgraded its technology infrastructure

It said all financial institutions must maintain strong technology resilience to ensure uninterrupted access to essential financial services, adding that non-compliance will result in enforcement action regardless of past performance.

The central bank also said the penalties were determined after considering the severity of the breaches, past compliance records, and effectiveness of remedial actions.

All three institutions have paid their fines.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.