In line with the principles outlined in the Bank Negara Malaysia 2025 Discussion Paper on Operational Resilience and the guidance described in the BCM Institute article on Severe but Plausible Scenarios, this chapter identifies disruption scenarios that are extreme in impact yet realistically possible for Bank Islam Malaysia Berhad’s CBS-3 Retail Financing Services.
Severe but plausible scenarios are not hypothetical extremes with negligible probability; rather, they reflect credible operational, cyber, third-party, Shariah, regulatory, and technology-related events that could materially disrupt critical retail financing processes.
The objective of this chapter is to ensure that each Sub-CBS under Retail Financing Services is tested against meaningful stress conditions, strengthening preparedness, response capability, and resilience in accordance with regulatory expectations.
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action (Evidence) |
Link to Integration of Cyber and ICT Risks |
|
3.1 |
Product Structuring & Shariah Governance |
Shariah non-compliance was identified post-product launch due to a system configuration error affecting profit calculation logic |
Reputational damage, suspension of product, financial restitution, and regulatory scrutiny |
Pre-launch Shariah validation checklist, automated rule validation testing, Shariah audit trails, annual independent Shariah review |
ICT change management failure, configuration error risk, inadequate system testing controls |
|
3.2 |
Customer Application Intake & Submission |
Prolonged digital channel outage (mobile/web financing application portal) due to Distributed Denial of Service (DDoS) attack |
Inability to submit applications, customer dissatisfaction, and revenue delay |
DDoS protection, traffic monitoring, alternate manual/branch submission workflow, BCP-tested failover environment |
Cybersecurity monitoring, network resilience, and cloud hosting redundancy |
|
3.3 |
Credit Assessment & Approval |
Core credit scoring engine unavailable following ransomware infection |
Delayed approvals, backlog accumulation, and credit risk misjudgment if manual override is used |
Segregated credit systems, regular data backups, endpoint detection response (EDR), and ransomware playbook exercises |
Malware protection, secure data backup, privileged access management |
|
3.4 |
Financing Documentation & Legal Perfection |
Nationwide disruption to the e-signature platform or the third-party legal documentation vendor |
Inability to perfect security documents, legal unenforceability risk |
Dual-vendor legal panel, offline documentation fallback, periodic vendor resilience assessment |
Third-party ICT risk management, vendor system integration dependency |
|
3.5 |
Disbursement Processing |
Payment interface failure between the financing system and the core banking system |
Delayed or erroneous disbursement, financial loss, and customer complaints |
Interface monitoring dashboards, reconciliation automation, and pre-disbursement control checks |
API integration controls, system interface resilience testing |
|
3.6 |
Account Setup & Maintenance |
Data corruption during batch processing is affecting newly onboarded accounts |
Incorrect balances, customer disputes, and operational rework |
Automated data validation scripts, maker-checker controls, and daily reconciliation reporting |
Database integrity monitoring, batch job resilience, disaster recovery testing |
|
3.7 |
Instalment Collection & Payment Processing |
Failure of auto-debit processing due to core banking outage during the peak cycle |
Missed collections, liquidity mismatch, customer penalty disputes |
Payment cycle contingency plan, grace-period policy activation, customer notification protocol |
Core banking availability, real-time system monitoring, and recovery time objective (RTO) testing |
|
3.8 |
Profit Calculation & Statement Generation |
Incorrect profit computation due to a system patch defect |
Financial misstatement, Shariah breach risk, regulatory reporting impact |
Parallel run testing post-system patch, automated reconciliation of profit tables, and internal audit review |
ICT patch management, change governance, and regression testing |
|
3.9 |
Arrears Monitoring & Early Intervention |
Failure of the early warning trigger system due to data feed disruption |
Delayed arrears action, higher impairment levels |
Automated exception reporting, manual watchlist review trigger, periodic stress testing |
Data integration risk, data warehouse availability |
|
3.10 |
Recovery & Collection Management |
Cyber breach exposing customer recovery data |
Confidentiality breach, regulatory penalties, litigation risk |
Data encryption, restricted access controls, regular penetration testing, and incident response drills |
Data protection controls, SOC monitoring, cyber incident management |
|
3.11 |
Customer Service & Complaint Handling |
CRM system outage during a high complaint surge following a financing disruption |
Inability to log/track complaints, reputational impact |
CRM backup system, manual complaint register protocol, overflow call centre arrangement |
Cloud CRM resilience, third-party SaaS dependency risk |
|
3.12 |
Regulatory, Risk & Shariah Reporting |
Inaccurate regulatory submission due to data aggregation failure |
Regulatory breach, supervisory action from BNM |
Pre-submission validation scripts, independent risk review, regulatory reporting contingency process |
Data governance controls, reporting system redundancy |
The identification of severe but plausible scenarios for CBS-3 Retail Financing Services enables Bank Islam Malaysia Berhad to move beyond traditional risk identification toward operational resilience thinking. By deliberately stress-testing each detailed process against credible operational, cyber, third-party, Shariah, and regulatory disruptions, the Bank strengthens its ability to remain within defined impact tolerances even under adverse conditions.
The integration of Cyber and ICT risks across all Sub-CBS processes reflects the regulatory direction set by Bank Negara Malaysia, emphasising that digital dependency is inseparable from service resilience. Proactive risk management actions — including testing, monitoring, governance controls, redundancy planning, and scenario exercises — serve as tangible evidence that resilience is embedded within day-to-day operations rather than treated as a reactive compliance requirement.
Collectively, these scenarios form a structured foundation for scenario testing, impact tolerance validation, and continuous improvement of Retail Financing Services under CBS-3.
|
Implementing Operational Resilience for Bank Islam: Aligning with BNM and Global Best Practices |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-3 Retail Financing Services | |||||
| CBS-3 DP | CBS-3 MD | CBS-3 MPR | CBS-3 ITo | CBS-3 SuPS | CBS-3 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|