[OR] [CCB] [E3] [CBS] [1] [ITo] Establish Impact Tolerances

CBS-1 Core Deposit & Account Services

Introduction

Operational resilience requires China Construction Bank (Malaysia) Berhad (CCB Malaysia) to identify its Critical Business Services (CBS) and define impact tolerances—the maximum level of disruption to a service that the bank can tolerate before causing intolerable harm to customers, market integrity, financial stability, or breaching regulatory obligations.

For CBS-1: Core Deposit & Account Services, the bank provides fundamental banking functions, including account opening, deposit maintenance, transaction processing, payments, and foreign currency deposit services.

These services underpin customer confidence, liquidity management, and daily banking operations.

In line with regulatory expectations on operational resilience (as outlined in Bank Negara Malaysia’s Operational Resilience policy and global best practices), impact tolerances are defined using measurable metrics such as:

Maximum Tolerable Downtime (MTD) – Maximum duration a service can be disrupted.
Maximum Tolerable Data Loss (MTDL) – Maximum acceptable data loss measured in time (e.g., Recovery Point Objective).Customer Impact Thresholds – Number or segment of customers affected and financial exposure.
Regulatory Impact Thresholds – Risk of regulatory breach, non-compliance, or supervisory intervention.

The following table summarises the proposed impact tolerances for each Sub-CBS under CBS-1.

Table P4: Detailed Processes for CBS-1

Sub-CBS Code	Sub-CBS	Maximum Tolerable Downtime (MTD)	Maximum Tolerable Data Loss (MTDL)	Customer Impact	Regulatory Impact	Impact Type	Current Resilience Status	Action Required
1.1	Account Opening & Onboarding	8 hours (within business day)	≤ 30 minutes	Delayed onboarding, reputational impact, and potential loss of new customers	Delay in fulfilling KYC/CDD obligations	Customer / Regulatory	Moderate – Manual fallback available	Enhance digital onboarding redundancy; improve system failover
1.2	Deposit Maintenance & Account Administration	4 hours	≤ 15 minutes	Customers are unable to update account details; service dissatisfaction	Risk of inaccurate records breaching regulatory reporting	Customer / Compliance	Strong – Core system redundancy in place	Periodic resilience testing & reconciliation checks
1.3	Deposit Transactions Processing	2 hours	≤ 5 minutes	Customers unable to access funds; liquidity stress; high complaint risk	Breach of payment settlement obligations; supervisory scrutiny	Financial / Systemic	Moderate – DR site active, limited live failover testing	Increase frequency of DR simulation and real-time replication
1.4	Interest & Charges Calculation & Posting	24 hours (end-of-day batch critical)	≤ 1 hour	Incorrect interest accrual; financial disputes	Financial reporting inaccuracies; audit findings	Financial / Regulatory	Moderate – Batch backup available	Strengthen automated reconciliation and dual validation
1.5	Account Inquiry & Statement Services	6 hours	≤ 30 minutes	Customers unable to view balances; reputational impact	Potential transparency concerns	Customer / Reputational	Strong – Multi-channel access (branch, RM support)	Improve mobile/online redundancy
1.6	Transfer & Payment Execution	1 hour	≤ 5 minutes	Payment failures; customer financial distress; corporate liquidity risk	Breach of payment network rules; regulatory penalties	Financial / Systemic	Moderate – High availability design, needs stress testing	Implement active-active architecture; enhance monitoring
1.7	Foreign Currency Deposit Services	4 hours	≤ 15 minutes	FX settlement delays; corporate client impact	Exposure to market risk and cross-border compliance breach	Financial / Regulatory	Moderate	Improve FX system integration and real-time backup
1.8	Account Closure & Dormancy Management	2 business days	≤ 1 hour	Delay in releasing funds; customer dissatisfaction	AML/CFT compliance risk if dormancy controls fail	Compliance / Reputational	Moderate – Manual workaround available	Automate dormancy triggers and monitoring alerts

Key Observations

Highest Criticality Sub-CBS:
- 1.6 Transfer & Payment Execution
- 1.3 Deposit Transactions Processing
  These services have the shortest MTD (1–2 hours) due to immediate liquidity and systemic implications.

Regulatory Sensitivity Areas:
- Account Opening (KYC/CDD compliance)
- Dormancy Management (AML/CFT monitoring)
- Payment Execution (Settlement obligations)
Data Integrity Importance:
Core transactional services require near-zero data loss (≤ 5 minutes), aligning with stringent Recovery Point Objectives (RPO).

Establishing impact tolerances for CBS-1: Core Deposit & Account Services enables China Construction Bank (Malaysia) Berhad to define clear disruption thresholds and align resilience capabilities with regulatory expectations and customer protection objectives.

The defined tolerances reflect:

The criticality of deposit and payment services to customers and financial stability
The regulatory obligations imposed by Bank Negara Malaysia and international banking standards
The need for measurable, time-bound recovery objectives
The importance of balancing operational cost with systemic risk exposure

By formalising these tolerances, CCB Malaysia strengthens its operational resilience framework, ensures proactive investment in system redundancy and disaster recovery capabilities, and enhances its ability to prevent, adapt to, respond to, and recover from severe but plausible disruptions.

Ultimately, clear impact tolerances provide a structured benchmark against which the bank can continuously test, monitor, and improve resilience—ensuring sustained delivery of critical banking services even under adverse conditions.

Building a Resilient Banking Institution: Operational Resilience Implementation at China Construction Bank (Malaysia)
eBook 3: Starting Your OR Implementation
CBS-1 Core Deposit & Account Services
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SuPS	CBS-1 ST	eBook 2

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.



	If you have any questions, click to contact us.

Building a Resilient Banking Institution: Operational Resilience Implementation at China Construction Bank (Malaysia)

[OR] [CCB] [E3] [CBS] [1] [ITo] Establish Impact Tolerances

Operational Resilience Certified Planner-Specialist-Expert

CBS-1 Core Deposit & Account Services

Introduction

Table P4: Detailed Processes for CBS-1

Key Observations

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

Comments:

Building a Resilient Banking Institution: Operational Resilience Implementation at China Construction Bank (Malaysia)

[OR] [CCB] [E3] [CBS] [1] [ITo] Establish Impact Tolerances

hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, '0430108a-ef49-43aa-ac7d-ee6bb474eba8', {"useNewLoader":"true","region":"na1"});

Operational Resilience Certified Planner-Specialist-Expert

hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, '6b0c36e9-6fb9-4705-a42a-089010976426', {"useNewLoader":"true","region":"na1"});

hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, '0430108a-ef49-43aa-ac7d-ee6bb474eba8', {"useNewLoader":"true","region":"na1"});

CBS-1 Core Deposit & Account Services

Introduction

Table P4: Detailed Processes for CBS-1

Key Observations

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

Comments: