For CBS-2 Payment Processing & Settlement, impact tolerances define the maximum level of disruption the bank can tolerate before causing intolerable harm to customers, threatening financial stability, or breaching regulatory obligations.
This chapter applies the principles of impact tolerance by assessing each Sub-CBS against key metrics such as Maximum Tolerable Downtime (MTD), Maximum Tolerable Data Loss (MTDL), customer and regulatory impact, and overall resilience posture.
The outcome supports informed decision-making on prioritisation, investment, and remediation to ensure that payment services remain reliable, compliant, and trusted across the Malaysian financial ecosystem.
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
2.1 |
Payment Initiation & Capture |
≤ 1 hour |
Near-zero (≤ 5 minutes) |
High – Customers unable to initiate payments; business disruption |
High – Breach of service availability expectations |
Financial / Reputational |
Moderate |
Strengthen system redundancy and front-end failover |
|
2.2 |
Authorisation & Verification |
≤ 30 minutes |
Zero data loss |
High – Payment failures and transaction rejections |
High Risk of fraud and non-compliance |
Financial / Regulatory |
Moderate |
Enhance real-time monitoring and secondary authorisation paths |
|
2.3 |
Clearing & Message Exchange |
≤ 2 hours |
≤ 15 minutes |
High – Delayed interbank payments |
High – Breach of clearing house rules (e.g., RENTAS, DuitNow) |
Systemic / Regulatory |
Moderate |
Improve interface resilience by clearing networks |
|
2.4 |
Settlement Execution |
≤ 2 hours |
Zero data loss |
Very High – Funds not received or credited |
Very High – Settlement finality and liquidity risk |
Financial Stability / Regulatory |
Low–Moderate |
Implement enhanced liquidity buffers and automated recovery |
|
2.5 |
Reconciliation & Exception Handling |
≤ 24 hours |
≤ 1 hour |
Medium – Delayed issue resolution |
Medium – Audit and control weaknesses |
Operational / Financial |
Moderate |
Increase automation and staffing surge capacity |
|
2.6 |
Fees, Charges & Accounting Posting |
≤ 24 hours |
≤ 1 hour |
Medium – Incorrect balances or delayed postings |
Medium – Financial reporting inaccuracies |
Financial / Reputational |
Moderate |
Strengthen batch controls and reconciliation checks |
|
2.7 |
Reporting & Regulatory Compliance |
≤ 48 hours |
≤ 24 hours |
Low (indirect) |
Very High – Breach of BNM regulatory requirements |
Regulatory / Legal |
Moderate |
Enhance reporting contingency procedures |
|
2.8 |
Customer Notification & Statement Updating |
≤ 24 hours |
≤ 1 hour |
Medium – Reduced transparency and trust |
Low–Medium – Customer disclosure obligations |
Reputational / Conduct |
High |
Periodic testing of notification channels and backups |
By defining and applying impact tolerances across all Sub-CBS components of Payment Processing & Settlement, AmBank gains a clear understanding of where disruption becomes intolerable and where resilience investments must be prioritised. This structured approach ensures alignment with regulatory expectations, particularly in safeguarding settlement finality, data integrity, and customer trust.
The impact tolerance assessment also provides a practical foundation for subsequent operational resilience activities, including scenario testing, dependency mapping, and remediation planning. Ultimately, establishing and maintaining these tolerances enables AmBank to respond decisively to disruptions, minimise harm, and uphold confidence in its payment services under all operating conditions.
|
Operational Resilience Framework: A Case Study of AmBank Malaysia |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-2 Payment Processing & Settlement | |||||
| CBS-2 DP | CBS-2 MD | CBS-2 MPR | CBS-2 ITo | CBS-2 SuPS | CBS-2 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|