In the context of operational resilience, CBSs are services that must be maintained or quickly restored during and after disruptive events to minimise harm to the financial system and the economy.
Operational resilience frameworks recognise that disruptions — whether from cyberattacks, IT outages, natural events, or third-party failures — are inevitable. What matters is the bank’s ability to anticipate, absorb, respond to, recover, and learn from such events while still delivering its critical services.
Critical business services underpin a resilience program. They inform impact tolerances, scenario testing, governance decisions, and recovery strategies. Without a clear CBS map, resilience planning cannot be tailored to an organisation’s most essential functions.
Globally — and particularly in Malaysia — central banks are emphasising operational resilience as a key supervisory focus.
Bank Negara Malaysia’s 2025 Discussion Paper on Operational Resilience highlights the importance of ensuring continuity of critical financial services to preserve confidence, financial stability, and trust in the financial system.
In addition, international principles (e.g., Basel Committee on Banking Supervision, MAS guidelines, and other supervisory regimes) explicitly call for:
identification of services that have a meaningful impact if disrupted;
setting impact tolerances for those services;
mapping dependencies among processes, people, technology, and third parties; and assessing resilience under severe yet plausible scenarios.
These expectations mean that CBS identification for CIMB must be strategic and evidence-based, linking operational resilience planning with enterprise risk management and business continuity planning.
A service should be classified as critical based on factors such as:
Safety and soundness of the bank — Disruption could materially impair financial position or regulatory compliance.
Impact on customers — Significant numbers or types of customers (retail, corporate, SME, etc.) would face intolerable harm or financial loss.
Systemic or inter-institutional impact — Disruptions that could affect payment systems, market functioning, or interbank operations.
Legal and regulatory obligations — Services tied to time-sensitive reporting, settlement, or compliance.
Importantly, a critical service is not merely an ongoing business line; it is defined by the impact of its failure to be delivered.
Below are examples of CBSs relevant to a major ASEAN bank like CIMB. These align with industry norms and supervisory expectations for financial institutions of similar scale and complexity:
|
CBS Code |
Critical Business Service |
Service Description |
Why It Is Critical (Impact of Disruption) |
Primary Impact Area |
|
CBS-1 |
Retail & Digital Banking Access |
Provision of online and mobile banking services, including authentication, balance enquiries, and customer-initiated transactions |
Loss of access would cause widespread customer harm, reputational damage, and erosion of trust due to CIMB’s large retail and digital customer base |
Customers, Reputation |
|
CBS-2 |
Payment & Fund Transfer Services |
Processing of domestic and cross-border payments, real-time transfers, and interbank settlements |
Disruption could prevent customers and businesses from meeting financial obligations and may impact financial system stability |
Customers, Financial Stability |
|
CBS-3 |
Cash Access & Branch Services |
Availability of cash withdrawals and deposits via ATMs and branch counters |
Extended unavailability would affect daily financial needs, particularly for cash-reliant customers and businesses |
Customers, Financial Inclusion |
|
CBS-4 |
Loan Origination & Disbursement |
End-to-end processing of retail, SME, and corporate lending, including approval and fund disbursement |
Inability to disburse loans would harm customers’ liquidity and CIMB’s revenue generation and contractual obligations |
Customers, Financial Soundness |
|
CBS-5 |
Treasury & Liquidity Management |
Management of liquidity, funding, and market operations to meet obligations |
Disruption may threaten CIMB’s solvency, liquidity position, and compliance with prudential requirements |
Safety & Soundness |
|
CBS-6 |
Card & Merchant Acquiring Services |
Processing of debit/credit card transactions and merchant acquiring services |
Failure would disrupt retail commerce and expose CIMB to financial, contractual, and reputational risk |
Customers, Financial Stability |
|
CBS-7 |
Risk Management & Regulatory Reporting |
Monitoring of risks and submission of accurate, timely regulatory and prudential reports |
Failure could lead to regulatory breaches, penalties, and supervisory intervention |
Regulatory Compliance |
|
CBS-8 |
Customer Support & Contact Centre Services |
Customer assistance through call centres and digital support channels during normal operations and incidents |
Service disruption would amplify customer harm during outages and weaken crisis communication effectiveness |
Customers, Reputation |
|
CBS-9 |
Corporate & Institutional Banking Transaction Services |
Execution of high-value corporate payments, trade finance, and institutional banking transactions |
Disruption could affect corporate liquidity, trade flows, and interconnected financial counterparties |
Customers, Systemic Risk |
Onceidentified, each CBS for CIMB must be documented with:
This structured approach ensures that resilience planning is risk-based, evidence-driven, and aligned with regulatory expectations.
Identifying and safeguarding Critical Business Services is the cornerstone of CIMB’s operational resilience strategy.
These services constitute CIMB’s mission-critical capabilities, whose uninterrupted delivery protects the bank’s financial health, stakeholder confidence, and its contributions to broader financial stability.
Integrating CBS into resilience planning — from impact tolerances to scenario testing —ensures CIMB can withstand and recover from disruptions while continuing to serve its customers and markets effectively.
Blogs marked [x] are under construction.
|
Operational Resilience in Practice: The CIMB Bank Approach |
|||
| eBook 1: Understanding Your Organisation: CIMB Bank | |||
| C1 | C2 [x] | C3 [x] | C4 [x] |
| C5 | C6 [x] | C7 [x] | C8 [x] |
For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|