Safeguarding Digital Finance: Boost Bank's Approach to Business Continuity Management
[Business Impact Analysis] [Critical Business Function] [T3] Part 5 & Part 6
BIA Questionnaires
Part 5: Inter-dependencies
Notes for BCM Institute's Course Participants: This is the template for completing the "Part 5: Inter-dependencies
CBF-1: Customer Transactions and Payment Processing.
The seamless execution of customer transactions and payment processing is critical to Boost Bank Malaysia’s operations and customer satisfaction.
As outlined in Critical Business Function (CBF-1), this function encompasses a range of sub-processes that ensure the initiation, authorisation, settlement, and post-processing of financial transactions.
Given the intricate and interconnected nature of financial ecosystems, these processes rely heavily on both internal business units and external parties, including vendors, technology providers, financial networks, and regulatory platforms.
This chapter identifies and documents the interdependencies associated with each sub-process under CBF-1.
By understanding the upstream and downstream relationships—whether internal or external—Boost Bank can more effectively assess risk, prepare for disruptions, and implement targeted business continuity strategies.
These inter-dependencies also play a pivotal role in ensuring coordinated incident response and service restoration across various touchpoints in the transaction lifecycle.
Here is the table Part 5: Inter-dependencies for the Critical Business Function (CBF-1): Customer Transactions and Payment Processing and its sub-functions, based on the structure and guidance from BCM Institute Guidance Notes.
|
Critical Business Function |
Critical Business Function Code |
Name of Business Unit or Vendor/Supplier/Outsource Partner |
Type of Dependency - Internal |
Type of Dependency - External |
Dependency Type (Upstream / Downstream / Mutual) |
Description of Nature of Dependency |
|
Real-Time Payment Processing (RTP) |
1.1 |
Core Banking System Team |
✔️ |
Upstream |
Core banking system is required to authorize and settle real-time payments. |
|
|
Real-Time Payment Processing (RTP) |
1.1 |
PayNet (DuitNow RTP) |
✔️ |
Mutual |
External real-time payment network for transmitting and receiving transactions. |
|
|
Internal Fund Transfers |
1.2 |
Core Banking System Team |
✔️ |
Upstream |
Fund movement within customer accounts requires core banking processing. |
|
|
Internal Fund Transfers |
1.2 |
Middleware/API Services Team |
✔️ |
Upstream |
API layer facilitates communication between channels and core system. |
|
|
Debit Card Transactions & POS Payments |
1.3 |
Card Services Unit |
✔️ |
Upstream |
Card issuing and transaction authorization depends on internal card management systems. |
|
|
Debit Card Transactions & POS Payments |
1.3 |
Visa/Mastercard Network |
✔️ |
Mutual |
Transactions routed through external card networks for processing and settlement. |
|
|
Bill Payments and Scheduled Transfers |
1.4 |
Core Banking System Team |
✔️ |
Upstream |
Scheduled fund transfers require core system scheduling and execution. |
|
|
Bill Payments and Scheduled Transfers |
1.4 |
JomPAY / PayNet |
✔️ |
Mutual |
Integration with national bill payment platform for external payment routing. |
|
|
Mobile Wallet Integration and Top-Ups |
1.5 |
Mobile App Development Team |
✔️ |
Downstream |
Interface for users to initiate mobile wallet top-ups depends on frontend availability. |
|
|
Mobile Wallet Integration and Top-Ups |
1.5 |
External Wallet Providers (e.g., Boost Wallet) |
✔️ |
Mutual |
Wallet service provider must receive and confirm funds transfer. |
|
|
Incoming and Outgoing IBG Transactions |
1.6 |
Core Banking System Team |
✔️ |
Upstream |
IBG transaction instructions are routed through the core banking infrastructure. |
|
|
Incoming and Outgoing IBG Transactions |
1.6 |
PayNet (IBG Clearing) |
✔️ |
Mutual |
Interbank GIRO network used for clearing and settlement of funds. |
|
|
ATM Withdrawals (Partner Networks) |
1.7 |
ATM Operations Team |
✔️ |
Upstream |
Internal team manages connectivity and control for ATM access. |
|
|
ATM Withdrawals (Partner Networks) |
1.7 |
MEPS / Shared ATM Network Partners |
✔️ |
Mutual |
External ATM networks facilitate transaction routing and withdrawals. |
|
|
Fraud Detection and Transaction Monitoring |
1.8 |
Risk & Compliance Department |
✔️ |
Upstream |
Responsible for setting rules, alerts, and response actions. |
|
|
Fraud Detection and Transaction Monitoring |
1.8 |
Third-Party Fraud Detection Vendor |
✔️ |
Mutual |
External tools for AI/ML-based fraud pattern recognition and response. |
|
|
Customer Dispute Resolution for Transactions |
1.9 |
Customer Service Department |
✔️ |
Downstream |
Relies on transaction logs and systems to investigate disputes. |
|
|
Customer Dispute Resolution for Transactions |
1.9 |
Card Network & Merchant Acquirers |
✔️ |
Mutual |
Required for dispute handling, chargebacks, and investigation. |
|
|
Transaction History and Statement Generation |
1.10 |
IT Infrastructure Team |
✔️ |
Upstream |
Maintains storage and retrieval systems for historical data. |
|
|
Transaction History and Statement Generation |
1.10 |
Printing/Statement Delivery Vendor |
✔️ |
Downstream |
Facilitates generation and distribution of printed/electronic statements. |
|
Summing Up ...
Mapping the inter-dependencies of CBF-1 provides a strategic overview of the operational ecosystem required to support uninterrupted customer transactions and payment processing. Recognising these dependencies allows Boost Bank to prioritise critical partners and internal units in business continuity planning, while also identifying potential single points of failure and areas that require redundancy or alternative processing capabilities.
Furthermore, this inter-dependency analysis strengthens our understanding of how disruptions in one component can propagate throughout the system, underscoring the importance of proactive risk management, robust service-level agreements, and regular inter-organisational testing. By maintaining updated inter-dependency documentation, Boost Bank is better positioned to ensure resiliency, responsiveness, and reliability in the face of both internal and external disruptions.
Part 6: Vital Records
Notes for BCM Institute's Course Participants: This is the template for completing the "Part 6: Vital Records
CBF-1: Customer Transactions and Payment Processing
Vital records are essential documents and data that are critical for the ongoing operations and recovery of key business functions in the event of a disruption. For Boost Bank Malaysia, ensuring the integrity, availability, and accessibility of such records is fundamental to maintaining trust, complying with regulatory requirements, and preserving operational continuity.
This section identifies and categorises the vital records associated with CBF-1: Customer Transactions and Payment Processing and its sub-functions. These records include digital logs, configurations, authorisation records, transaction files, and other crucial data that support the execution, verification, monitoring, and auditing of financial transactions. The records are classified by their associated function, media type, physical or logical storage location, and the individual or role responsible for their care.
The purpose of this chapter is to ensure that during a business interruption, these vital records can be readily accessed to support recovery, meet legal and regulatory obligations, and uphold customer service commitments. The information in this section supports the overall continuity and disaster recovery strategy of Boost Bank Malaysia.
Here’s the table titled Part 6: Vital Records for the Critical Business Function CBF-1: Customer Transactions and Payment Processing and its associated sub-processes. This is modelled based on guidance from BCMpedia and adapted for Boost Bank Malaysia:
Part 6: Vital Records
|
Critical Business Function |
Critical Business Function Code |
Description of Vital Records |
Media Type |
Location |
In Whose Care |
|
Real-Time Payment Processing (RTP) |
CBF-1.1 |
Transaction logs, system configurations, API transaction requests/responses |
Digital |
Core banking data center, offsite backup |
Head of Payment Systems |
|
Internal Fund Transfers |
CBF-1.2 |
Internal transfer requests, customer authorization records, core banking logs |
Digital |
Core banking platform |
Operations Manager |
|
Debit Card Transactions & POS Payments |
CBF-1.3 |
Transaction records, POS terminal data, customer card data (tokenized) |
Digital |
Card services database, disaster recovery site |
Card Operations Lead |
|
Bill Payments and Scheduled Transfers |
CBF-1.4 |
Bill pay instructions, third-party payment agreements, schedule logs |
Digital |
Payment engine servers |
Head of Retail Banking |
|
Mobile Wallet Integration and Top-Ups |
CBF-1.5 |
API credentials, wallet transaction logs, partner SLAs |
Digital |
Cloud-based integrations platform |
Digital Services Manager |
|
Incoming and Outgoing Interbank GIRO (IBG) Transactions |
CBF-1.6 |
MEPS/GIRO files, settlement records, batch logs |
Digital |
Central Bank interface system |
Payments Reconciliation Officer |
|
ATM Withdrawals (Partner Networks) |
CBF-1.7 |
Switch logs, ATM transaction journals, partner agreements |
Digital |
ATM network switch database |
ATM Channel Manager |
|
Fraud Detection and Transaction Monitoring |
CBF-1.8 |
Fraud detection rules, alert logs, investigation records |
Digital |
Fraud monitoring platform |
Chief Risk Officer |
|
Customer Dispute Resolution for Transactions |
CBF-1.9 |
Dispute cases, evidence files, communication records |
Digital / Hard Copy |
Customer service CRM and secured filing |
Dispute Resolution Team Lead |
|
Transaction History and Statement Generation |
CBF-1.10 |
Archived statements, transaction history files, regulatory report copies |
Digital |
Core banking archive and regulatory server |
Data Management Officer |
Summing Up ...
The safeguarding and proper management of vital records are indispensable components of Boost Bank Malaysia’s resilience strategy.
The identification of these records for CBF-1: Customer Transactions and Payment Processing ensures that all transaction-related data can be retrieved, protected, and restored as needed to maintain uninterrupted service or enable swift recovery following a disruption.
By assigning clear custodianship, storage locations, and media classifications, Boost Bank enhances its preparedness for operational risks and aligns with regulatory expectations such as those issued by Bank Negara Malaysia (BNM).
Going forward, these records must be regularly reviewed, tested for accessibility, and updated in line with system changes or business evolution to ensure continued relevance and effectiveness.
This structured approach to vital records management reinforces Boost Bank’s commitment to operational continuity, customer trust, and regulatory compliance.
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
