[CM] [RYT] [E3] [CRA] [T1-2] List of Crisis Scenarios [3 to 8]

Conclusion

Introduction

List of Threats/ Crisis Scenarios for Ryt Bank [3 to 8]

More Information About Crisis Management Blended/ Hybrid Learning Courses

Part 1: CRA – List of Threats/Crisis Scenario for Ryt Bank [3 to 8]

Legend

As a fully licensed digital bank under Bank Negara Malaysia and the Ministry of Finance, YTL Digital Bank Berhad (Ryt Bank) operates in a rapidly evolving financial ecosystem where technological innovation intersects with increasing operational risk exposure. This chapter initiates the Risk Assessment and Review (RAR) process by identifying a comprehensive list of potential threats that could impact the bank’s critical operations, digital infrastructure, and customer service delivery.

Given Ryt Bank’s reliance on digital platforms, cloud infrastructure, and third-party providers, combined with its commitment to inclusive, customer-centric banking, understanding its threat landscape is paramount.

The threat categories examined include natural and man-made disasters, people-related disruptions, supply chain vulnerabilities, and technology or system failures.

This threat identification is designed to enable the Bank to proactively implement resilience strategies and establish a robust foundation for risk treatment and controls in subsequent phases of operational resilience planning.

This section is developed in alignment with the BCM Institute's Operational Resilience Planning Methodology, incorporating both external (country-level) and internal (organisation-level) considerations to ensure comprehensive threat awareness.

Table Below: Notes for BCM Institute's Course Participants: This is the template for completing the "Part 1: CRA – List of Threats."

Crisis Type	Type of Crisis Scenario	Description of Crisis Scenario	Country Level	Organisation Level
Confrontation	Industrial Dispute	Employee strike, union protest due to poor working conditions or job insecurity	Yes	Yes
Confrontation	Activism	Stakeholder confrontation over ESG or digital privacy concerns	Yes	Yes
Malevolence	Cybercrime – Ransomware	Criminal actors encrypt Ryt Bank systems, demanding ransom	Yes	Yes
Malevolence	Social Engineering	Phishing leading to credential compromise or financial loss	Yes	Yes
Org Misdeeds – Skewed Values	Profit Above Ethics	Management disregards compliance in pursuit of growth	Yes	Yes
Org Misdeeds – Deception	Hidden Breach	Withholding disclosure of a data breach from regulators or the public	Yes	Yes
Org Misdeeds – Misconduct	Insider Trading / Bribery	Executives caught in unethical practices or collusion	Yes	Yes
Due to Workplace Violence	Physical Harm	Aggression between staff or external threats entering the premises	Low	Yes
Due to Rumours	Fake News	Viral misinformation on app shutdown or bank license being revoked	Yes	Yes
Lack of Funds	Liquidity Crunch	Poor financial planning resulting in capital shortfalls	Yes (esp. in a crisis economy)	Yes

Country Level: Whether the threat is likely to affect Malaysia or has precedent at a national level.
Organisation Level: Whether the threat can directly disrupt Ryt Bank’s operations, reputation, or compliance.

This chapter has outlined the broad spectrum of threats that may affect Ryt Bank’s ability to maintain continuous and reliable banking operations in a digitally driven environment.

By systematically categorising and describing each threat—ranging from floods and cyberattacks to cloud outages and workforce disruptions—Ryt Bank reinforces its commitment to anticipating disruptions before they occur.

This foundational threat register serves as the basis for developing deeper risk treatment, controls, and resilience strategies, which are addressed in the following chapters.

With a clear understanding of both external risks and internal vulnerabilities, Ryt Bank is better positioned to uphold customer trust, regulatory compliance, and operational integrity, no matter the crisis scenario.

Crisis Management Blueprint for Ryt Bank

eBook 3: Starting Your Crisis Management Implementation

To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].