The purpose of this section is to identify and categorise potential threats that could impact the operations of Credit Guarantee Corporation Malaysia (CGC).
This risk assessment review (RAR) serves as a foundational component of the organisation’s Business Continuity Management (BCM) framework, ensuring that critical business functions remain resilient in the face of disruption.
Given CGC’s role in facilitating access to financing for Malaysian SMEs through credit guarantees, it is vital to understand and prepare for a broad spectrum of threats, both at the national level and specific to CGC’s locations and operations.
These threats have been grouped into five primary categories, in alignment with industry best practices:
By identifying and assessing these threat types in detail, CGC aims to strengthen its organisational resilience, maintain service continuity, and safeguard the interests of its stakeholders during adverse events.
Here’s a structured table (“Part 1: RAR – List of Threats”) tailored for Credit Guarantee Corporation Malaysia (CGC), considering its Malaysian operations and applying the BCMpedia threat classification
|
Category of Threats |
Types of Threats |
Description of Threats |
Country Level (Malaysia) |
Organisation Level (CGC) |
|
Denial of Access – Natural Disaster |
Flood / Flash Flood / Storm / Haze / Heat Wave / Lightning |
Environmental events interrupt access to office premises, branch locations, and staff. |
South‑east Asia is prone to monsoon floods, haze from Indonesian fires, occasional lightning storms, and tropical storms |
Office in KL or branches could become inaccessible; staff unable to commute; damage to property/infrastructure. |
|
Denial of Access – Man‑made Disaster |
Terrorism; Bomb Threat/Explosion; Power Outage |
Intentional acts or utility failures disrupting access. |
Malaysia has recorded occasional bomb threats, and power grid instability can affect areas. |
CGC's primary office could face evacuation, security lockdown, and loss of critical systems during outages. |
|
Unavailability of People |
Infectious Disease/ Pandemic; Labour Dispute/ Strike; Loss of Key Appointment Holders |
Workforce reduction due to health crisis, industrial action, or key-person dependence. |
Malaysia experienced dengue, COVID‑19; public sector strikes are not uncommon. |
Reduced staff availability for credit assessments, processing guarantees, and service delivery. |
|
Disruption to the Supply Chain |
Loss of Key Supplier/ Vendor; Regulatory or Legal Violation; Transportation Accidents |
Interruptions in third-party services, compliance breaches, provider defaults, or logistics disruptions. |
Malaysia’s financial services ecosystem depends on external partners for IT, document processing, and courier/logistics. Regulations are frequently updated. |
Disruption to IT maintenance, outsourced document scanning, legal/compliance non‑adherence, and delays in customer deliverables. |
|
Equipment and IT‑Related Disruption |
IT Failure (Hardware/ Software); Network/ Telecommunication Failure; Facilities Failure |
Hardware/ software outages, telecom breakdowns, utility system failures—UPS, HVAC, generator, etc. |
Malaysian Telekom outages reported; equipment ageing; occasional infrastructure failures. |
System downtime for guarantee portal, email, telephony, office climate control or power staff comfort; potential data availability issues. |
The threats identified in this chapter represent the diverse range of risks that CGC may face due to both internal vulnerabilities and external environmental factors.
While some risks, such as floods or power outages, are recurrent and expected in the Malaysian context, others, like cyberattacks or supply chain disruptions, are evolving and require constant vigilance.
Through this structured threat listing, CGC can better prioritise its risk mitigation strategies, align its continuity planning with real-world conditions, and establish safeguards for uninterrupted service delivery.
These insights will inform subsequent phases of CGC’s business continuity planning process, including impact analysis, recovery strategies, and testing exercises. Proactive awareness and preparation remain key to ensuring CGC’s continued ability to support Malaysia’s small and medium enterprises, even in times of disruption.
Resilience Redefined: Implementing BCM at Credit Guarantee Corporation Malaysia |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 1: Risk Assessment and Guarantee Issuance | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||