![[OR] [BI] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/b78af26b-21f2-4eb5-be89-d10901d460fb.png)
CBS-2 Payments and Funds Transfer Services
Introduction
![[OR] [BI] [E3] [CBS] [2] [ST] Payments and Funds Transfer Services](https://no-cache.hubspot.com/cta/default/3893111/b941dc6b-846d-4718-9c2b-6494f06c7ba6.png)
Scenario testing is a core requirement of operational resilience. It enables Bank Islam to assess whether its CBS-2 Payments and Funds Transfer Services can remain within defined impact tolerances during severe but plausible disruption events. These tests go beyond traditional BCP exercises by examining end-to-end service continuity across people, process, technology, facilities, and third parties — with particular emphasis on cyber and ICT risk integration.
For CBS-2, scenario testing must simulate high-impact disruptions such as core banking outages, cyber-attacks, payment gateway failures, data corruption, sanctions system downtime, and external clearing network disruptions. The objective is to validate recovery capability, decision-making effectiveness, communication readiness, and regulatory compliance under stress conditions.![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-2
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes (Including Cyber & ICT Risk Integration) |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
2-01 |
Customer Payment Initiation |
Mobile/Internet banking outage due to DDoS attack; authentication server failure; API gateway compromise |
Customers unable to initiate payments; reputational impact; service backlog |
DDoS mitigation testing reports; alternate channel activation logs; customer communication drill records; post-test remediation tracker |
|
2-02 |
Funds Transfer Processing (Intra-bank) |
Core banking system slowdown; database corruption; ransomware infection |
Delayed intra-bank transfers; transaction queue buildup |
Core failover test results; database recovery drill evidence; cyber incident response exercise documentation |
|
2-03 |
Interbank Transfer Processing (IBFT & RENTAS) |
Interbank payment switch outage; network connectivity failure to the clearing operator; SWIFT gateway compromise |
Cross-bank payments delayed or rejected; liquidity impact |
Connectivity resilience test reports; SWIFT cyber security controls validation; alternate routing simulation outcomes |
|
2-04 |
DuitNow & Instant Payment Services |
Instant payment switch disruption; API compromise; high transaction surge (peak load stress test) |
Failed or delayed real-time transfers; customer dissatisfaction |
Load testing results; API security penetration testing; surge capacity planning evidence |
|
2-05 |
Payment Clearing & Settlement |
Clearing house delay, settlement file corruption, liquidity shortfall scenario |
Settlement delay; financial exposure; regulatory concern |
Liquidity stress simulation reports; reconciliation back-testing; settlement contingency playbook validation |
|
2-06 |
Corporate & Bulk Payment Processing |
Host-to-host file transmission failure; payroll bulk upload corruption; corporate portal cyber intrusion |
Payroll delay, corporate client complaints, and contractual risk |
Secure file transfer failover testing; bulk validation controls testing; corporate client communication simulation |
|
2-07 |
Cross-Border Payment Processing |
Correspondent bank outage; FX system failure; sanctions filtering disruption |
Delayed international payments; FX loss exposure |
Nostro contingency arrangements testing; manual fallback procedure drill; FX system recovery evidence |
|
2-08 |
Payment Authorization & Authentication |
Multi-factor authentication (MFA) system outage; identity management breach |
Unauthorized transactions risk; service suspension |
MFA failover test logs; fraud rule recalibration documentation; red-team simulation results |
|
2-09 |
Sanctions Screening & AML Monitoring |
Sanctions screening engine downtime; false negative/positive surge; regulatory rule update failure |
Regulatory breach risk; payment backlog |
Sanctions fallback screening drill; AML rule stress test report; audit trail validation |
|
2-10 |
Transaction Posting & Core Banking Update |
Real-time posting failure; end-of-day batch delay; ledger mismatch |
Customer balance inaccuracies; reconciliation issues |
Core banking batch recovery testing; ledger integrity validation; EOD rehearsal documentation |
|
2-11 |
Exception Handling & Reversal Management |
Surge in failed transactions; dispute management system outage |
Increased manual workload; customer dissatisfaction |
Manual processing capacity test; workflow continuity drill; backlog recovery simulation |
|
2-12 |
Reconciliation & Nostro/Vostro Management |
Reconciliation system outage; Nostro account mismatch; delayed statement receipt |
Financial misstatement risk; liquidity miscalculation |
Reconciliation fallback test; Nostro stress simulation; dual-control validation evidence |
|
2-13 |
Customer Notification & Confirmation |
SMS/email gateway outage; push notification failure; data leakage event |
Customers are unaware of the transaction status; reputational damage |
Multi-channel notification testing; data encryption validation; crisis communication drill records |
|
2-14 |
Payment Reporting & Regulatory Submission |
Regulatory reporting system outage; inaccurate data extraction; cyber tampering |
Late or inaccurate regulatory submission |
Regulatory submission rehearsal; data integrity validation logs; maker-checker control testing |
|
2-15 |
Payment Channel Availability & Infrastructure Support |
Data centre outage; cloud service provider failure; telecom disruption |
Multiple payment channels unavailable; systemic disruption |
Data centre failover testing; cloud resilience test reports; RTO/RPO validation evidence |
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing for CBS-2 Payments and Funds Transfer Services strengthens Bank Islam’s ability to anticipate, withstand, respond to, and recover from operational disruptions. By embedding cyber and ICT risk simulations into each Sub-CBS test, the Bank ensures that resilience is not confined to technology recovery alone, but extends across governance, decision-making, liquidity management, compliance, and customer trust.
A structured and evidence-based testing programme demonstrates proactive risk management, regulatory alignment, and continuous improvement. As digital payment volumes increase and interdependencies grow more complex, rigorous scenario testing positions Bank Islam to sustain critical payment services even under extreme but plausible stress events — reinforcing resilience as a strategic capability rather than a reactive control.
![[OR] [BI] [E3] [CBS] [2] [DP] Payments and Funds Transfer Services](https://no-cache.hubspot.com/cta/default/3893111/c898ee8d-2d4d-4cf4-9b2f-e97b84d91b3b.png)
![[OR] [BI] [E3] [CBS] [2] [MD] Payments and Funds Transfer Services](https://no-cache.hubspot.com/cta/default/3893111/e444b150-6d0f-45e3-b50f-3cdbfd8e22fb.png)
![[OR] [BI] [E3] [CBS] [2] [MPR] Payments and Funds Transfer Services](https://no-cache.hubspot.com/cta/default/3893111/3446a398-dce9-49f3-bde2-cdff67689b39.png)
![[OR] [BI] [E3] [CBS] [2] [ITo] Payments and Funds Transfer Services](https://no-cache.hubspot.com/cta/default/3893111/9597f74e-1b94-4502-a538-b81ce691da68.png)
![[OR] [BI] [E3] [CBS] [2] [SuPS] Payments and Funds Transfer Services](https://no-cache.hubspot.com/cta/default/3893111/4970a79b-1480-4204-8d7d-93650ff87efe.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
