![[OR] [BI] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/b78af26b-21f2-4eb5-be89-d10901d460fb.png)
CBS-4 SME and Corporate Financing Services
Introduction
![[OR] [BI] [E3] [CBS] [4] [ITo] SME and Corporate Financing Services](https://no-cache.hubspot.com/cta/default/3893111/5ff72d9f-0058-4cfa-959f-a792526cf5a8.png)
Operational resilience requires financial institutions to determine the maximum level of disruption they can tolerate before causing intolerable harm to customers, the financial system, or regulatory compliance. In line with expectations outlined in the 2025 Discussion Paper on Operational Resilience issued by Bank Negara Malaysia (BNM), impact tolerances must be defined for each Critical Business Service (CBS), focusing on outcomes rather than internal recovery metrics alone.
For CBS-4 SME and Corporate Financing Services, impact tolerances are calibrated based on the potential effect of service disruption on SMEs, corporate clients, trade flows, liquidity management, Shariah compliance, and prudential soundness. The tolerances below reflect “severe but plausible” disruption scenarios such as system outages, cyber incidents, third-party failure, or unavailability of key decision-making personnel.
Purpose of the Chapter
This chapter defines measurable impact tolerances for each Sub-CBS under CBS-4. It clarifies the maximum tolerable downtime (MTD) and maximum tolerable data loss (MTDL), articulates customer and regulatory impact thresholds, and highlights current resilience posture and improvement priorities. The objective is to ensure that disruption to SME and corporate financing activities remains within acceptable boundaries aligned with BNM’s supervisory expectations and Shariah governance requirements.
![Banner [Table] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/627c33a8-714d-40af-9a2b-0d7957fb8afa.png)
Table P4: Establish Impact Tolerance for CBS-4
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
4.1 |
Customer Onboarding & Financing Application Initiation |
2 business days |
≤ 4 hours |
Delayed onboarding; lost financing opportunities |
Service standard breach; reputational risk |
Reputational / Conduct |
Partially resilient (manual fallback available) |
Enhance digital onboarding redundancy |
|
4.2 |
Credit Assessment & Risk Evaluation |
3 business days |
≤ 2 hours |
Delayed credit decision affecting SME liquidity |
Prudential risk management concerns |
Prudential / Financial |
Moderate resilience |
Automate data feeds & strengthen backup analytics |
|
4.3 |
Credit Approval & Governance |
2 business days |
Zero data loss |
Approval backlog; stalled large exposures |
Governance & board oversight breach |
Governance / Compliance |
Strong controls, but key-person dependency |
Establish alternate approval quorum & DR testing |
|
4.4 |
Financing, Structuring & Documentation |
2 business days |
≤ 1 hour |
Documentation errors; delayed facility activation |
Legal enforceability & Shariah non-compliance risk |
Legal / Shariah |
Moderate resilience |
Digital document repository with geo-backup |
|
4.5 |
Facility Setup & Limit Activation |
1 business day |
Zero data loss |
Customersare unable to access the facilities |
Contractual breach; operational risk |
Financial / Conduct |
High resilience |
Periodic reconciliation & automated validation |
|
4.6 |
Financing Disbursement & Payment Execution |
Same day (≤ 8 hours) |
Zero data loss |
Cash flow disruption to SMEs; trade default |
Systemic liquidity risk; potential supervisory action |
Systemic / Financial |
High-priority service |
Real-time replication & enhanced DR drills |
|
4.7 |
Trade & Working Capital Financing Processing |
1 business day |
≤ 30 minutes |
Disrupted import/export payments |
Trade finance regulatory breach |
Systemic / Market |
Moderate resilience |
Strengthen SWIFT/Trade platform failover |
|
4.8 |
Financing Account Maintenance & Servicing |
2 business days |
≤ 2 hours |
Statement errors; inability to service accounts |
Consumer protection concerns |
Conduct / Reputational |
Generally resilient |
Improve data reconciliation automation |
|
4.9 |
Collateral & Security Management |
3 business days |
Zero data loss |
Security documentation risk; impaired recovery |
Capital adequacy misstatement risk |
Prudential / Legal |
Moderate resilience |
Centralised collateral management system |
|
4.10 |
Monitoring, Early Warning & Portfolio Management |
2 business days |
≤ 1 hour |
Missed early warning signals; higher NPF risk |
Risk governance weakness |
Prudential / Systemic |
Partial automation |
Enhance predictive analytics redundancy |
|
4.11 |
Recovery, Remedial & Legal Management |
3 business days |
Zero data loss |
Delayed recovery actions |
Regulatory breach in impairment recognition |
Financial / Legal |
Manual-heavy processes |
Digitise case management system |
|
4.12 |
Regulatory Reporting & Shariah Governance Oversight |
Regulatory deadline (no delay tolerated) |
Zero data loss |
No direct customer impact |
Immediate regulatory breach; Shariah non-compliance |
Compliance / Shariah |
High control environment |
Independent data validation & parallel reporting |
Alignment with BNM Operational Resilience Expectations
Consistent with BNM’s 2025 Discussion Paper examples, the tolerances above:
- Focus on harm-based thresholds, not just IT recovery times.
- Prioritise customer liquidity impact, especially for SMEs dependent on timely disbursement.
- Consider systemic and market stability implications for trade and working capital financing.
- Embed Shariah governance oversight as a critical resilience dimension.
- Differentiate between internal processing delays and external regulatory deadline breaches.
High-impact services such as disbursement, limit activation, and regulatory reporting are assigned stricter tolerances, including zero data loss and near-zero downtime thresholds.
![Banner [Summing] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5e80e50f-5e3e-44ea-8c43-16bf42d4f3b5.png)
Establishing impact tolerances for CBS-4 SME and Corporate Financing Services strengthens the institution’s ability to withstand severe but plausible disruptions while protecting SME and corporate customers, maintaining financial stability, and upholding Shariah and regulatory obligations.
By defining clear maximum tolerable downtime and data loss thresholds and identifying improvement priorities, Bank Islam Malaysia Berhad can progressively enhance resilience maturity. The next phase should focus on scenario testing, board-level validation of tolerances, and closing identified resilience gaps to ensure continued compliance with supervisory expectations set by Bank Negara Malaysia and evolving operational risk standards.
This structured approach positions CBS-4 not only as a compliant function but as a strategically resilient capability supporting sustainable SME and corporate growth.
![[OR] [BI] [E3] [CBS] [4] [DP] SME and Corporate Financing Services](https://no-cache.hubspot.com/cta/default/3893111/b810f94d-d8ee-4a6f-8ee4-4097d35e2c25.png)
![[OR] [BI] [E3] [CBS] [4] [MD] SME and Corporate Financing Services](https://no-cache.hubspot.com/cta/default/3893111/3c1160f8-6f1e-4880-9755-3fe0a51322bb.png)
![[OR] [BI] [E3] [CBS] [4] [MPR] SME and Corporate Financing Services](https://no-cache.hubspot.com/cta/default/3893111/7612bc12-de2e-40c0-a068-905cee413460.png)
![[OR] [BI] [E3] [CBS] [4] [SuPS] SME and Corporate Financing Services](https://no-cache.hubspot.com/cta/default/3893111/d4ebc6ff-efc6-4b49-9b26-f7e0ac181370.png)
![[OR] [BI] [E3] [CBS] [4] [ST] SME and Corporate Financing Services](https://no-cache.hubspot.com/cta/default/3893111/e10a35b9-a49c-489d-a67a-630b2e5ee77b.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
