This chapter identifies and analyses Severe but Plausible Scenarios (SPS) for CBS-4 SME and Corporate Financing Services at Bank Islam. The objective is to examine hypothetical yet credible disruptions that could severely impact critical processes within SME and corporate financing.
These scenarios are designed to stress-test operational resilience, highlight vulnerabilities, and inform proactive risk management measures, aligning with guidance from the 2025 BNM Discussion Paper on Operational Resilience and best practices in scenario-based planning.
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact/Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
4.1 |
Customer Onboarding and Financing Application Initiation |
System-wide onboarding portal outage |
Delays in application processing; customer dissatisfaction |
Multi-channel application options; failover servers; staff manual workaround |
High reliance on ICT; implement cyber resilience testing for the portal |
|
4.2 |
Credit Assessment and Risk Evaluation |
Data breach of credit scoring systems |
Exposure of sensitive customer data; reputational damage |
Regular penetration testing, encryption, access controls, and staff training |
Integrate cyber risk assessment in the credit system workflow |
|
4.3 |
Credit Approval and Governance |
Key approvers are unavailable due to the pandemic |
Delayed approvals; missed financing opportunities |
Cross-training; delegation protocols; digital approval workflows |
Digital signature and access controls to secure approval system |
|
4.4 |
Financing, Structuring, and Documentation |
Document management system corruption |
Loss or delay in contract preparation |
Regular backups, document verification, and dual-system storage |
Use secure cloud-based document storage with ICT monitoring |
|
4.5 |
Facility Setup and Limit Activation |
Core banking system downtime |
Limits not activated; financing not available |
Redundant system setup; routine system maintenance; manual fallback |
Integrate ICT system health monitoring and alerting |
|
4.6 |
Financing Disbursement and Payment Execution |
Payment gateway cyberattack |
Failed disbursements; liquidity disruption |
Transaction monitoring, fraud detection, and offline payment contingency |
Cyber threat intelligence integration with payments system |
|
4.7 |
Trade and Working Capital Financing Processing |
Trade finance document processing error |
Payment delays; supply chain disruption |
Automated reconciliation; staff double-check; exception handling |
ICT systems redundancy; secure file transfer protocols |
|
4.8 |
Financing Account Maintenance and Servicing |
Unauthorized access to customer accounts |
Fraudulent transactions; regulatory breaches |
Strong authentication, audit logs, and real-time monitoring |
Cybersecurity incident response plan linked to account systems |
|
4.9 |
Collateral and Security Management |
Physical collateral loss or mismanagement |
Loss of asset value; recovery challenges |
Offsite collateral storage; digital recording; audit trail |
Integrate the collateral management system with ICT security protocols |
|
4.10 |
Monitoring, Early Warning, and Portfolio Management |
Risk monitoring dashboard failure |
Delayed detection of portfolio deterioration |
Redundant dashboards; alternative reporting; scenario simulation |
Ensure the cyber resilience of monitoring platforms |
|
4.11 |
Recovery, Remedial, and Legal Management |
Legal case backlog due to system outage |
Delayed recovery actions; increased non-performing loans |
Case tracking software; prioritization protocols |
ICT risk management integrated with recovery workflows |
|
4.12 |
Regulatory Reporting and Shariah Governance Oversight |
Data integrity failure in the reporting system |
Incorrect regulatory submissions; compliance breach |
Data validation; automated report generation; reconciliation |
ICT system audits; cyber risk monitoring in reporting |
By identifying Severe but Plausible Scenarios for CBS-4 SME and Corporate Financing Services, Bank Islam enhances its operational resilience and preparedness. These scenarios allow the bank to proactively test its systems, processes, and workforce readiness, ensuring continuity of services under extreme but realistic conditions. Integrating cyber and ICT risk management into these scenarios further strengthens the bank’s ability to safeguard customer trust, maintain regulatory compliance, and preserve financial stability.
|
Implementing Operational Resilience for Bank Islam: Aligning with BNM and Global Best Practices |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-4 SME and Corporate Financing Services | |||||
| CBS-4 DP | CBS-4 MD | CBS-4 MPR | CBS-4 ITo | CBS-4 SuPS | CBS-4 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|