In line with the 2025 Discussion Paper on Operational Resilience issued by Bank Negara Malaysia, financial institutions are required to identify and document the end-to-end processes, supporting resources, and interdependencies that enable the delivery of critical business services.
Mapping provides transparency on how services are delivered, where vulnerabilities may exist, and which resources are essential to remain within impact tolerances during severe but plausible disruptions.
The objective of this chapter is to:
Establish a structured end-to-end view of each Sub-CBS under CBS-3 Retail Financing Services.
Identify key internal and external dependencies (people, processes, technology, and third parties).
Support scenario testing, vulnerability identification, and recovery planning.
Enable management to make informed decisions to strengthen operational resilience and maintain continuity of Shariah-compliant retail financing services.
|
Sub-CBS Code |
Sub-CBS |
Processes |
People |
Technology (Applications & Infrastructure) |
Third-Party Vendors |
Upstream / Downstream Dependencies |
|
3.1 |
Product Structuring & Shariah Governance |
Product design (Murabahah, Tawarruq, Ijarah, etc.); pricing & profit methodology; Shariah review; internal approval; product launch governance |
Product Development Team; Shariah Committee; Shariah Risk & Compliance; Legal; Risk Management; Board Product Committee |
Product management systems; Document repository; Core Financing System parameter setup; Collaboration platforms |
External Shariah advisors; Legal firms (where required) |
Upstream: Regulatory guidelines, Shariah standards. Downstream: Credit assessment, documentation templates, system configuration |
|
3.2 |
Customer Application Intake & Submission |
Application capture (branch/digital); KYC; document collection; data validation; preliminary eligibility checks |
Branch Sales Officers; Relationship Managers; Contact Centre; Digital Channel Support; Compliance (CDD) |
Digital onboarding platform; eKYC tools; CRM; Core Financing front-end; Branch systems; Network connectivity |
eKYC vendor; Credit bureau; Document verification service providers |
Upstream: Product availability; customer identity data. Downstream: Credit assessment |
|
3.3 |
Credit Assessment & Approval |
Credit scoring; affordability assessment; CCRIS/CTOS checks; Shariah compliance validation; approval workflow |
Credit Analysts; Credit Approvers; Risk Officers; Shariah Compliance; Fraud Risk Team |
Credit scoring engine; Core Financing System; Workflow engine; Data analytics tools; Data warehouse |
Credit reporting agencies; Fraud detection vendors |
Upstream: Application data. Downstream: Documentation & legal perfection |
|
3.4 |
Financing Documentation & Legal Perfection |
Facility offer issuance; contract preparation; customer acceptance; stamping; collateral registration (if applicable) |
Legal Dept; Documentation Unit; Branch Officers; Panel Lawyers |
Document generation system; e-Signature platform; Collateral management system; Core Financing System |
Panel law firms; Land office; Stamp duty authorities; e-Stamping service |
Upstream: Approved financing. Downstream: Disbursement |
|
3.5 |
Disbursement Processing |
Pre-disbursement checks; Shariah execution (e.g., commodity purchase in Tawarruq); fund release; GL posting |
Operations Team; Treasury (if required); Finance |
Core Financing System; Payment gateway; GL system; Internet banking interface; SWIFT/IBG/RENTAS connectivity |
Commodity trading platform; Payment network operators; Settlement banks |
Upstream: Completed documentation. Downstream: Account setup |
|
3.6 |
Account Setup & Maintenance |
Account creation; limit activation; profit rate updates; restructuring; customer data updates |
Financing Operations; Customer Service; IT Support |
Core Financing System; Customer Information File (CIF); CRM; Data centre infrastructure |
Data centre provider; Managed service providers |
Upstream: Disbursement confirmation. Downstream: Instalment processing |
|
3.7 |
Instalment Collection & Payment Processing |
Auto-debit setup; salary deduction; IBG/FPX payments; reconciliation; posting to financing account |
Collections Ops; Finance; Payment Operations |
Core Financing System; Payment gateway; FPX/IBG interface; Reconciliation tools; Batch scheduler |
Payment network operators; Employer payroll units (for salary deduction) |
Upstream: Active account. Downstream: Profit calculation & arrears monitoring |
|
3.8 |
Profit Calculation & Statement Generation |
Monthly profit accrual; rebate (Ibra’) computation; statement generation; customer notification |
Finance; IT Application Support; Operations |
Core Financing profit engine; Statement generation system; Data warehouse; Email/SMS gateway |
Print vendor; SMS/email service providers |
Upstream: Instalment posting. Downstream: Customer servicing; reporting |
|
3.9 |
Arrears Monitoring & Early Intervention |
Delinquency identification; reminder notifications; restructuring evaluation; impairment flagging |
Collections Team; Credit Risk; Customer Service |
Collections management system; Core Financing; Dialler system; Analytics dashboard |
SMS vendors; Call centre outsourcing (if applicable) |
Upstream: Payment processing data. Downstream: Recovery management |
|
3.10 |
Recovery & Collection Management |
Legal recovery; rescheduling; write-off process; collateral realisation; impairment reporting |
Recovery Unit; Legal; External Panel Lawyers; Risk; Finance |
Recovery management system; Core Financing; Legal tracking system; Data analytics tools |
External collection agencies; Auctioneers; Legal firms |
Upstream: Persistent arrears. Downstream: Regulatory reporting |
|
3.11 |
Customer Service & Complaint Handling |
Inquiry management; dispute resolution; complaint logging; BNM escalation handling |
Contact Centre; Branch Officers; Customer Experience; Compliance |
CRM; Case management system; Call centre infrastructure; Digital banking channels |
Call centre outsourcing provider; Ombudsman liaison |
Upstream: All service interactions. Downstream: Regulatory reporting; process improvement |
|
3.12 |
Regulatory, Risk & Shariah Reporting |
Regulatory returns; impairment reporting; Shariah compliance reporting; management dashboards; stress scenario inputs |
Finance; Risk Management; Compliance; Shariah Secretariat; Data Governance |
Regulatory reporting system; Data warehouse; BI tools; Secure reporting channels |
Regulatory reporting solution vendors; External auditors |
Upstream: Data from all Sub-CBS. Downstream: Board reporting; regulatory submissions |
Consistent with expectations under the 2025 BNM Discussion Paper on Operational Resilience, this mapping:
Identifies critical resources supporting each Sub-CBS.
Highlights single points of failure (e.g., core financing system, payment gateways, credit bureau access).
Distinguishes between internal capabilities and external dependencies (e.g., commodity platforms, legal firms, payment networks).
Enables targeted scenario testing, such as system outage, third-party failure, cyber incident, data corruption, or Shariah non-compliance event.
This structured mapping supports the calibration and prioritisation of impact tolerance and resilience investments.
The mapping of processes and resources for CBS-3 Retail Financing Services provides a comprehensive, end-to-end view of how Bank Islam delivers Shariah-compliant retail financing to customers. By clearly identifying people, processes, technologies, and third-party dependencies for each Sub-CBS, the Bank strengthens its ability to anticipate disruptions, conduct meaningful scenario testing, and remain within defined impact tolerances.
This foundation supports proactive resilience planning, reinforces regulatory compliance, and ensures that retail customers continue to receive reliable financing services even during severe but plausible stress events.
|
Implementing Operational Resilience for Bank Islam: Aligning with BNM and Global Best Practices |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-3 Retail Financing Services | |||||
| CBS-3 DP | CBS-3 MD | CBS-3 MPR | CBS-3 ITo | CBS-3 SuPS | CBS-3 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|