Part 1: RAR – List of Threats
The purpose of this section is to identify and categorise potential threats that could impact the operations of Credit Guarantee Corporation Malaysia (CGC).
This risk assessment review (RAR) serves as a foundational component of the organisation’s Business Continuity Management (BCM) framework, ensuring that critical business functions remain resilient in the face of disruption.
Given CGC’s role in facilitating access to financing for Malaysian SMEs through credit guarantees, it is vital to understand and prepare for a broad spectrum of threats, both at the national level and specific to CGC’s locations and operations.
These threats have been grouped into five primary categories, in alignment with industry best practices:
- Denial of Access – Natural Disaster
- Denial of Access – Man-made Disaster
- Unavailability of People
- Disruption to the Supply Chain
- Equipment and IT-Related Disruption
By identifying and assessing these threat types in detail, CGC aims to strengthen its organisational resilience, maintain service continuity, and safeguard the interests of its stakeholders during adverse events.
Here’s a structured table (“Part 1: RAR – List of Threats”) tailored for Credit Guarantee Corporation Malaysia (CGC), considering its Malaysian operations and applying the BCMpedia threat classification
|
Category of Threats |
Types of Threats |
Description of Threats |
Country Level (Malaysia) |
Organisation Level (CGC) |
|
Denial of Access – Natural Disaster |
Flood / Flash Flood / Storm / Haze / Heat Wave / Lightning |
Environmental events interrupt access to office premises, branch locations, and staff. |
South‑east Asia is prone to monsoon floods, haze from Indonesian fires, occasional lightning storms, and tropical storms |
Office in KL or branches could become inaccessible; staff unable to commute; damage to property/infrastructure. |
|
Denial of Access – Man‑made Disaster |
Terrorism; Bomb Threat/Explosion; Power Outage |
Intentional acts or utility failures disrupting access. |
Malaysia has recorded occasional bomb threats, and power grid instability can affect areas. |
CGC's primary office could face evacuation, security lockdown, and loss of critical systems during outages. |
|
Unavailability of People |
Infectious Disease/ Pandemic; Labour Dispute/ Strike; Loss of Key Appointment Holders |
Workforce reduction due to health crisis, industrial action, or key-person dependence. |
Malaysia experienced dengue, COVID‑19; public sector strikes are not uncommon. |
Reduced staff availability for credit assessments, processing guarantees, and service delivery. |
|
Disruption to the Supply Chain |
Loss of Key Supplier/ Vendor; Regulatory or Legal Violation; Transportation Accidents |
Interruptions in third-party services, compliance breaches, provider defaults, or logistics disruptions. |
Malaysia’s financial services ecosystem depends on external partners for IT, document processing, and courier/logistics. Regulations are frequently updated. |
Disruption to IT maintenance, outsourced document scanning, legal/compliance non‑adherence, and delays in customer deliverables. |
|
Equipment and IT‑Related Disruption |
IT Failure (Hardware/ Software); Network/ Telecommunication Failure; Facilities Failure |
Hardware/ software outages, telecom breakdowns, utility system failures—UPS, HVAC, generator, etc. |
Malaysian Telekom outages reported; equipment ageing; occasional infrastructure failures. |
System downtime for guarantee portal, email, telephony, office climate control or power staff comfort; potential data availability issues. |
Notes on methodology
- Threat categories as defined by BCMpedia (Denial of Access, Unavailability of People, Supply Chain, Equipment/IT)
- Filtered threat types to those most relevant to CGC in Malaysia (e.g., floods, haze, IT outages).
- Country-level context considers Malaysian environmental patterns, infrastructure, and socio-legal environment.
- Organisation-level impact evaluates direct implications on CGC’s core operations, its premises, staff, and service delivery.
Summing Up ...
The threats identified in this chapter represent the diverse range of risks that CGC may face due to both internal vulnerabilities and external environmental factors.
While some risks, such as floods or power outages, are recurrent and expected in the Malaysian context, others, like cyberattacks or supply chain disruptions, are evolving and require constant vigilance.
Through this structured threat listing, CGC can better prioritise its risk mitigation strategies, align its continuity planning with real-world conditions, and establish safeguards for uninterrupted service delivery.
These insights will inform subsequent phases of CGC’s business continuity planning process, including impact analysis, recovery strategies, and testing exercises. Proactive awareness and preparation remain key to ensuring CGC’s continued ability to support Malaysia’s small and medium enterprises, even in times of disruption.
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
