These scenarios go beyond routine incidents and stress the service across people, process, technology, and third-party dependencies, while remaining grounded in realistic threat conditions.
As highlighted in the BCM Institute guidance, such scenarios are designed to test impact tolerance, not to predict specific events, and must reflect compounding and concurrent failures.
For CBS-2, payment disruptions can rapidly escalate into systemic, financial, regulatory, and reputational impacts.
Therefore, scenario design must explicitly integrate Cyber and ICT risks, including cyber-attacks, data integrity failures, infrastructure outages, and third-party technology breakdowns.
The table below presents recommended severe but plausible scenarios for each Sub-CBS, aligned to Bank Negara Malaysia (BNM) expectations and international operational resilience practices.
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
2.1 |
Payment Initiation & Capture |
Coordinated ransomware attack disables digital channels (mobile & internet banking) during the peak salary payment period |
Customers unable to initiate payments; backlog of transactions; reputational damage |
Channel redundancy, offline transaction capture, cyber incident response playbooks, and customer communication protocols |
Cyber-attack on front-end applications, endpoint compromise, and ICT channel availability risk |
|
2.2 |
Authorisation & Verification |
Core authentication service outage due to identity access management (IAM) system failure |
Payment authorisations halted; increased fraud risk if controls are bypassed |
Segregated IAM architecture, manual override procedures with dual controls, and regular penetration testing |
ICT identity systems failure; cyber risk to authentication and access controls |
|
2.3 |
Clearing & Message Exchange |
Failure of the SWIFT interface, combined with the delayed detection of message queue corruption |
Payments stuck in clearing, interbank settlement delays, and regulatory reporting issues |
SWIFT contingency connectivity, message integrity monitoring, reconciliation checkpoints |
ICT middleware failure; cyber risk to data integrity and messaging infrastructure |
|
2.4 |
Settlement Execution |
Liquidity management system unavailable due to data centre outage during the interbank settlement window |
Missed settlement deadlines; financial penalties; systemic contagion risk |
Active-active data centres, pre-funded settlement buffers, BCP settlement runbooks |
ICT infrastructure outage; cyber risk to core banking and settlement platforms |
|
2.5 |
Reconciliation & Exception Handling |
Cyber incident alters transaction logs, causing reconciliation mismatches across systems |
Undetected financial discrepancies; delayed issue resolution; audit findings |
Automated reconciliation tools, immutable logs, and cyber forensics capability |
Cyber risk to data integrity, logging systems, and reconciliation engines |
|
2.6 |
Fees, Charges & Accounting Posting |
Batch processing failure due to malware in the accounting engine |
Incorrect fee postings; customer complaints; financial misstatement risk |
Batch job validation controls, malware scanning, and parallel run capability |
ICT batch processing failure; cyber risk to financial posting systems |
|
2.7 |
Reporting & Regulatory Compliance |
Regulatory reporting system compromised by a data leakage incident |
Inaccurate or delayed regulatory submissions; compliance breaches |
Data loss prevention (DLP), regulatory reporting fallback templates, and compliance escalation protocols |
Cyber risk to regulatory data confidentiality and reporting ICT systems |
|
2.8 |
Customer Notification & Statement Updating |
Mass notification system outage following cloud service provider failure |
Customers unaware of payment status; surge in contact centre calls |
Multi-vendor notification channels (SMS, email), pre-approved customer messaging, call-centre surge plans |
Third-party ICT dependency risk; cyber and cloud service availability risk |
By defining severe but plausible scenarios for each Sub-CBS within CBS-2 Payment Processing & Settlement, AmBank strengthens its ability to anticipate and withstand high-impact disruptions without losing sight of customer and financial system outcomes.
These scenarios demonstrate how Cyber and ICT risks are not standalone threats, but deeply embedded across payment initiation, processing, settlement, and reporting activities. Integrating such scenarios into resilience testing ensures that technology failures, cyber incidents, and third-party outages are assessed in combination rather than isolation.
Ultimately, this approach enables AmBank to validate whether its impact tolerances remain credible, its response capabilities are effective, and its governance arrangements support timely decision-making during stress. Embedding proactive risk management actions alongside each scenario reinforces a forward-looking resilience posture—one that aligns with regulatory expectations and protects the continuity, integrity, and trustworthiness of critical payment services.
|
Operational Resilience Framework: A Case Study of AmBank Malaysia |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-2 Payment Processing & Settlement | |||||
| CBS-2 DP | CBS-2 MD | CBS-2 MPR | CBS-2 ITo | CBS-2 SuPS | CBS-2 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|