[OR] [BB] [E1] [C1] Introducing OR Case Study

eBook 1: Chapter 1

Introduction to the Case Study of Boost Bank

Introduction

Boost Bank represents a new generation of Malaysian digital banks built to deliver accessible, app-based financial services to retail and SME customers.

Operating in a highly connected, technology-driven ecosystem, Boost Bank integrates savings, payments, transfers, debit card services, and embedded financial offerings within a digital-first model.

Its value proposition is rooted in convenience, speed, affordability, and financial inclusion.

This case study uses Boost Bank as a practical model to explore how a digital-native financial institution can design and implement a structured operational resilience (OR) program.

Unlike traditional banks with legacy infrastructure and physical branch networks, Boost Bank’s resilience profile is heavily technology-dependent, ecosystem-connected, and customer-experience centric.

The case, therefore, provides a modern, relevant example of how operational resilience must evolve in tandem with digital banking transformation.

Purpose of this Chapter

Operational resilience begins with understanding the organisation it seeks to protect.

In the context of Boost Bank, a digital-first financial institution operating within Malaysia’s evolving regulatory and technological landscape, resilience cannot be designed in isolation from its business model, service delivery architecture, customer expectations, and ecosystem dependencies.

This chapter introduces Boost Bank as a case study to anchor the discussion of operational resilience in a real-world digital banking environment.

By examining how Boost Bank delivers value to customers and operates within a complex network of technology providers, regulators, and payment infrastructure, readers gain the necessary context to understand why resilience must be strategic, structured, and customer-focused.

The purpose of this chapter is to equip readers with a foundational understanding of Boost Bank before moving into the design and implementation of its operational resilience programme.

By the end of this chapter, readers should be able to articulate the bank’s operating environment, identify its critical business services, recognise its key organisational characteristics, and understand how these elements influence resilience priorities.

This understanding ensures that subsequent discussions on impact tolerances, dependency mapping, and scenario testing are grounded in organisational reality rather than abstract theory.

Understanding Your Organisation: Boost Bank

Understanding an organisation is the first essential step in operational resilience. For Boost Bank, this means analysing:

• Its business model (digital-first, app-centric banking)
• Its service portfolio (savings accounts, transfers, debit card services, embedded finance, SME support)
• Its customer segments (retail consumers, micro and SME businesses, ecosystem users)
• Its regulatory landscape (Bank Negara Malaysia oversight)
• Its reliance on technology platforms and third-party service providers

Boost Bank operates within a financial ecosystem where real-time transactions, high customer expectations, and regulatory accountability intersect.

The bank’s services are delivered primarily through digital channels, meaning system availability, cybersecurity, data integrity, and third-party performance are central to its operational continuity.

To build resilience effectively, Boost Bank must shift its perspective from protecting individual systems to safeguarding customer-facing services that matter most.

Boost Bank's Operating Environment

Boost Bank functions within a complex and dynamic operating environment shaped by the following:

Regulatory Environment

Boost Bank is subject to regulatory requirements issued by Bank Negara Malaysia (BNM), including expectations related to operational risk management, technology risk (RMiT), business continuity management (BCM), outsourcing governance, and emerging operational resilience guidance.

Regulatory scrutiny for digital banks is heightened due to systemic interconnectedness and customer reliance on digital access.

Technological Environment

As a digital bank, Boost Bank relies heavily on:

• Mobile applications
• Cloud infrastructure
• Payment networks
• API integrations
• Real-time transaction processing
• Cybersecurity monitoring systems

Technology disruptions (e.g., cyberattacks, system failures, third-party outages) pose immediate and visible customer impact.

Market Environment

The Malaysian digital banking landscape is competitive and innovation-driven. Customers expect:

• 24/7 availability
• Instant transfers
• Secure authentication
• Transparent communication

Reputational damage spreads rapidly through social media and digital channels, increasing the impact of operational failures.

Threat Landscape

Boost Bank must consider:

• Cyber threats (ransomware, phishing, account takeover)
• Technology failures
• Third-party disruptions
• Data breaches
• Fraud spikes during outages
• Regulatory non-compliance

Understanding this environment allows Boost Bank to contextualise risk realistically before designing resilience measures.

Composition of an Operational Resilience Team for Boost Bank

Operational resilience cannot be owned by a single department. For Boost Bank, the OR team should include representation from:

The team must operate under clear governance structures, defined escalation procedures, and regular reporting to senior leadership.

Critical Business Services of Boost Bank

A Critical Business Service (CBS) is a service provided to customers where disruption would cause intolerable harm.

For Boost Bank, CBS identification must focus on customer outcomes rather than internal systems.

Key CBS likely includes:

• Digital account access and balance availability
• Payments and real-time transfers (including DuitNow features)
• Debit card authorisation and transaction processing
• Fraud monitoring and account protection
• Customer onboarding (e-KYC)
• Loan servicing and repayment processing
• Customer support and dispute resolution

Key considerations when identifying CBS:

• What level of disruption would cause financial harm to customers?
• Would disruption undermine public confidence in digital banking?
• Would regulatory intervention likely occur?
• Is the service time-sensitive (e.g., payments vs. reporting)?
• Does the service depend heavily on third parties?

These CBS form the foundation for setting impact tolerances and conducting scenario testing in later sections of the book.

Key Characteristics of Boost Bank

Boost Bank exhibits several defining characteristics that shape its resilience strategy:

Digital-Native Architecture

Minimal physical infrastructure; heavy reliance on cloud, APIs, and mobile platforms.

Ecosystem Integration

Embedded financial services within broader digital ecosystems increase interdependency risks.

High Transaction Velocity

Real-time payments increase sensitivity to even short disruptions.

Customer Trust Dependence

Trust is built on availability, security, and reliability rather than branch relationships.

Third-Party Reliance

Payment processors, cloud providers, card networks, identity verification vendors, and telecom infrastructure are critical dependencies.

These characteristics increase exposure to technology and cyber risk while also offering flexibility if resilience is properly designed.

Establishing Organisational Goals for Operational Resilience

Operational resilience goals for Boost Bank should be aligned with its strategy and regulatory expectations. Key goals may include:

1. Protect customers from intolerable harm during disruption.
2. Maintain continuous delivery of Critical Business Services within defined impact tolerances.
3. Strengthen cyber and technology resilience capabilities.
4. Improve third-party oversight and dependency transparency.
5. Enhance crisis governance and decision-making speed.
6. Build a culture of resilience awareness across all business units.

Operational resilience should not be treated as a compliance project. Instead, it must become a strategic enabler of sustainable growth.

For a digital bank like Boost Bank, resilience is a competitive advantage: customers remain loyal to institutions that demonstrate reliability during stress.

Understanding the organisation is the cornerstone of any credible operational resilience framework.

For Boost Bank, this means recognising that its digital-native structure, reliance on real-time systems, regulatory oversight, and ecosystem partnerships fundamentally shape its resilience requirements.

Without this clarity, resilience initiatives risk becoming fragmented compliance exercises rather than strategic safeguards for customers and stakeholders.

This chapter establishes the contextual foundation upon which the rest of the book builds. By defining Boost Bank’s environment, structure, and critical services, we create a clear line of sight between business strategy and resilience design.

The next stage of the journey moves from understanding to execution—translating organisational insight into measurable impact tolerances, governance structures, testing regimes, and sustainable resilience capabilities that will strengthen Boost Bank for tomorrow.

Blogs marked [x] are under construction.

For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.