For CBS-1 Retail & Digital Banking, impact tolerances define the maximum level of disruption that can be tolerated before causing intolerable harm to customers, breaching regulatory obligations, or undermining trust in the financial system.
These tolerances are outcome-focused and are set irrespective of existing controls or recovery capabilities.
In line with operational resilience guidance, impact tolerances for CBS-1 are expressed across time (Maximum Tolerable Downtime – MTD) and data integrity (Maximum Tolerable Data Loss – MTDL), while explicitly considering customer detriment, regulatory consequences, and reputational damage.
The table below summarises the impact tolerances for each Sub-CBS supporting Retail & Digital Banking, together with current resilience status and improvement actions.
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.1 |
Customer Onboarding & KYC |
24 hours |
0 data loss |
Delayed account opening; customer dissatisfaction |
Breach of AML/CFT onboarding timelines |
Regulatory / Customer |
Partially resilient |
Strengthen digital KYC redundancy and manual fallback procedures |
|
1.2 |
Digital Banking Platform Provisioning |
2 hours |
Near-zero (≤5 minutes) |
Inability to access digital channels |
Potential breach of service availability expectations |
Customer / Reputational |
Moderately resilient |
Enhance platform failover and cloud resilience testing |
|
1.3 |
Transaction Processing Services |
1 hour |
Zero data loss |
Failed or duplicated transactions; financial loss |
Serious breach of payment and banking regulations |
Financial / Systemic |
High resilience |
Continuous real-time monitoring and stress testing |
|
1.4 |
Digital Payments & Settlement |
30 minutes |
Zero data loss |
Payment failures affecting daily living |
Material regulatory breach (payment systems) |
Systemic / Regulatory |
High resilience |
Maintain multi-clearing network connectivity and contingency routing |
|
1.5 |
Loan & Credit Product Management |
8 hours |
≤15 minutes |
Delays in loan approvals and disbursements |
Customer fairness and conduct risk |
Customer / Regulatory |
Partially resilient |
Improve workflow automation and data synchronisation |
|
1.6 |
Deposit & Savings Product Management |
4 hours |
Zero data loss |
Restricted access to funds; loss of confidence |
Prudential and consumer protection breach |
Financial / Reputational |
Moderately resilient |
Enhance core banking redundancy and reconciliation controls |
|
1.7 |
Customer Support & Service Resolution |
12 hours |
≤30 minutes |
Inability to resolve urgent issues |
Increased complaints and supervisory scrutiny |
Customer / Conduct |
Partially resilient |
Expand omnichannel support and crisis staffing plans |
|
1.8 |
Compliance, Risk & Security Monitoring |
2 hours |
Zero data loss |
Indirect impact through fraud or breaches |
Severe regulatory and enforcement risk |
Regulatory / Systemic |
Moderately resilient |
Implement 24/7 monitoring and automated alert escalation |
|
1.9 |
Data Analytics & Personalisation |
48 hours |
≤1 hour |
Reduced service quality; limited personalisation |
Minimal direct regulatory impact |
Reputational / Strategic |
Tolerable |
No immediate action; monitor dependency concentration |
|
1.10 |
Back-office Support & Reconciliation |
24 hours |
Zero data loss |
Delayed issue resolution and reporting |
Reporting and audit non-compliance |
Operational / Regulatory |
Partially resilient |
Strengthen reconciliation automation and cross-training |
The impact tolerances defined for CBS-1 Retail & Digital Banking establish clear thresholds for how much disruption AmBank can tolerate before causing unacceptable harm to customers or breaching regulatory obligations.
By articulating tolerances across downtime, data loss, and impact severity, AmBank shifts the focus from traditional recovery metrics to customer and market outcomes, in line with modern operational resilience expectations.
These tolerances provide a critical foundation for subsequent resilience activities, including severe but plausible scenario testing, investment prioritisation, and remediation planning.
Where current resilience levels fall short of defined tolerances, targeted actions have been identified to strengthen AmBank’s ability to remain within impact limits during disruption.
Collectively, this ensures that Retail & Digital Banking services remain trustworthy, compliant, and reliable even under adverse conditions.
|
Operational Resilience Framework: A Case Study of AmBank Malaysia |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Retail & Digital Banking | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|