![[OR] [BI] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/b78af26b-21f2-4eb5-be89-d10901d460fb.png)
CBS-3 Retail Financing Services
Introduction
![[OR] [BI] [E3] [CBS] [3] [ITo] Retail Financing Services](https://no-cache.hubspot.com/cta/default/3893111/4698d637-b7ac-4083-a2af-9c60b150129d.png)
Retail Financing Services represent a core revenue stream and a key customer touchpoint for Bank Islam, covering the full lifecycle from Shariah-compliant product structuring to recovery and regulatory reporting. As a licensed Islamic financial institution regulated by Bank Negara Malaysia (BNM), the Bank must ensure that disruptions to financing services remain within clearly defined tolerances to safeguard customers, financial stability, and Shariah compliance.
Establishing impact tolerances for CBS-3 Retail Financing Services aligns with the principles outlined in BNM’s 2025 Discussion Paper on Operational Resilience and industry guidance on operational resilience impact tolerances. Rather than focusing solely on recovery time objectives (RTOs), impact tolerances define the maximum level of disruption that can be tolerated before causing intolerable harm to customers, regulatory compliance, financial soundness, or Shariah integrity.
Purpose of This Chapter
This chapter defines appropriate impact tolerances for each Sub-CBS under CBS-3 Retail Financing Services. It aims to:
-
Identify the maximum tolerable downtime (MTD) and maximum tolerable data loss (MTDL) for each detailed process.
-
Assess the potential customer and regulatory impacts if disruptions exceed tolerance levels.
-
Evaluate current resilience posture and highlight required remediation actions.
-
Support Board and Senior Management oversight in meeting BNM’s expectations on operational resilience and Shariah governance.
![Banner [Table] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/627c33a8-714d-40af-9a2b-0d7957fb8afa.png)
Table P4: Establish Impact Tolerance for CBS-3
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
3.1 |
Product Structuring & Shariah Governance |
5 working days |
Zero tolerance for Shariah rulings; ≤ 1 hour working drafts |
Delay in new product launch |
Shariah non-compliance risk; breach of Shariah Governance Policy |
Reputational / Compliance |
Moderate – reliant on committee scheduling |
Strengthen digital documentation & version control; alternate Shariah quorum |
|
3.2 |
Customer Application Intake & Submission |
24 hours |
≤ 15 minutes |
Inability to submit applications; customer dissatisfaction |
Potential breach of fair treatment obligations |
Customer / Conduct |
Strong digital redundancy in place |
Enhance surge capacity & channel failover testing |
|
3.3 |
Credit Assessment & Approval |
48 hours |
≤ 30 minutes |
Delayed approvals; lost business opportunities |
Credit risk misstatement; governance breach |
Financial / Prudential |
Moderate – partial automation |
Improve system integration & decision engine resilience |
|
3.4 |
Financing Documentation & Legal Perfection |
3 working days |
Zero tolerance for executed legal docs |
Delay in disbursement; legal exposure |
Legal enforceability risk; audit findings |
Legal / Compliance |
Moderate |
Digital vault backup & dual-site legal repository |
|
3.5 |
Disbursement Processing |
24 hours |
≤ 15 minutes |
Customer unable to access approved financing |
Regulatory breach on customer funds handling |
Customer / Financial |
Strong controls but dependent on core banking uptime |
Strengthen payment gateway redundancy |
|
3.6 |
Account Setup & Maintenance |
24 hours |
≤ 15 minutes |
Incorrect account status; billing errors |
Reporting inaccuracies to BNM |
Financial / Regulatory |
Moderate |
Improve reconciliation automation & data validation controls |
|
3.7 |
Instalment Collection & Payment Processing |
4 hours (peak cycle); 24 hours (non-peak) |
≤ 5 minutes |
Missed instalments; penalty miscalculation |
Consumer protection & Shariah profit issues |
Customer / Shariah |
Strong – high automation |
Enhance real-time monitoring & fallback batch processing |
|
3.8 |
Profit Calculation & Statement Generation |
24 hours |
Zero tolerance for calculation errors; ≤ 5 minutes of data |
Incorrect statements; trust erosion |
Shariah and financial misstatement risk |
Financial / Shariah / Reputational |
Moderate |
Strengthen parallel recalculation & audit trail validation |
|
3.9 |
Arrears Monitoring & Early Intervention |
3 working days |
≤ 30 minutes |
Delayed outreach; worsening delinquency |
Credit risk provisioning misalignment |
Prudential / Financial |
Moderate |
Automate early-warning triggers; backup MIS dashboards |
|
3.10 |
Recovery & Collection Management |
5 working days |
≤ 1 hour |
Slower recovery; financial losses |
Governance & conduct risk |
Financial / Conduct |
Moderate |
Develop remote access recovery workflows |
|
3.11 |
Customer Service & Complaint Handling |
24 hours |
≤ 15 minutes |
Increased complaints; reputational damage |
Breach of complaint handling guidelines |
Conduct / Reputational |
Strong multi-channel support |
Enhance disaster recovery for CRM platform |
|
3.12 |
Regulatory, Risk & Shariah Reporting |
48 hours (interim); 5 working days (final) |
Zero tolerance for submitted regulatory data |
Supervisory concern; potential penalties |
Breach of BNM reporting requirements |
Regulatory / Prudential |
Moderate |
Strengthen regulatory reporting data lineage & backup reporting site |
Key Considerations in Setting Impact Tolerances
Consistent with BNM’s expectations:
- Customer Harm Threshold: Where disruption affects customers’ ability to access funds, make instalments, or receive accurate statements, tolerances are set tighter (e.g., 4–24 hours).
- Shariah Integrity: Zero tolerance is applied to incorrect Shariah rulings, executed contracts, and profit calculation accuracy.
- Financial Stability & Prudential Reporting: Regulatory reporting and arrears monitoring tolerances reflect supervisory submission timelines.
- Lifecycle Criticality: Disbursement and instalment processing are considered high-impact nodes in the financing lifecycle, thus requiring shorter tolerances.
![Banner [Summing] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5e80e50f-5e3e-44ea-8c43-16bf42d4f3b5.png)
Establishing impact tolerances for CBS-3 Retail Financing Services enables Bank Islam to clearly define the boundary between acceptable disruption and intolerable harm. By setting measurable downtime and data loss thresholds for each Sub-CBS, the Bank strengthens its ability to prioritise resilience investments, allocate resources effectively, and demonstrate compliance with BNM’s operational resilience expectations.
The next step involves rigorous scenario testing against these tolerances, validating whether existing controls, redundancy arrangements, and third-party dependencies can ensure disruptions remain within defined limits. Continuous review and Board-level oversight will ensure that the Bank’s retail financing services remain resilient, Shariah-compliant, and customer-centric even under severe but plausible stress scenarios.
![[OR] [BI] [E3] [CBS] [3] [DP] Retail Financing Services](https://no-cache.hubspot.com/cta/default/3893111/9178bb69-c1ba-4532-a8d6-32721030e29b.png)
![[OR] [BI] [E3] [CBS] [3] [MD] Retail Financing Services](https://no-cache.hubspot.com/cta/default/3893111/c302b3a7-c5e9-4129-b334-c93b193c9144.png)
![[OR] [BI] [E3] [CBS] [3] [MPR] Retail Financing Services](https://no-cache.hubspot.com/cta/default/3893111/ce2db3fc-9230-4a11-ab24-52ca9825726c.png)
![[OR] [BI] [E3] [CBS] [3] [SuPS] Retail Financing Services](https://no-cache.hubspot.com/cta/default/3893111/69f2d9a6-bab2-4a91-9400-70dea8c75f1a.png)
![[OR] [BI] [E3] [CBS] [3] [ST] Retail Financing Services](https://no-cache.hubspot.com/cta/default/3893111/e14ef93a-a201-43e8-8f85-fa9a54b41ba4.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
