As customer reliance on always-on digital services continues to grow, any disruption to retail and digital banking access can result in immediate financial harm, loss of confidence, and broader systemic implications.
Consequently, Retail & Digital Banking Access has been identified as a Critical Business Service (CBS-1) under CIMB Bank’s operational resilience framework.
In line with the principles set out in the 2025 Bank Negara Malaysia (BNM) Discussion Paper on Operational Resilience, financial institutions are expected to move beyond high-level service identification and develop a deep understanding of the end-to-end processes that enable the continued delivery of critical services.
This chapter responds to that expectation by breaking down CBS-1 Retail & Digital Banking Access into its underlying detailed business processes (Sub-CBS), forming the foundation for dependency mapping, scenario testing, and impact tolerance setting.
Note: BNM’s 2025 Discussion Paper does not list specific banking sub-CBS categories publicly, but highlights the need for FIs to identify, map and protect critical service components and dependencies to ensure continuity and availability of essential financial services — including digital channels — under stress.
Table P1: Detailed Processes for CBS-1
|
Sub-CBS Code |
Name of Sub-CBS |
Description of Sub-CBS |
|
1.1 |
Online Banking Login & Authentication |
Secure sign-on, multi-factor authentication, identity verification, and access control services for retail customers accessing CIMB digital channels (web & app). This supports resilience by ensuring only authorised users can access services even under stress or cyber threat conditions. |
|
1.2 |
Account Dashboard & Balance Inquiry |
Real-time retrieval and display of account balances and transaction summaries for retail customers, including visibility into deposits, loans, and e-wallets, is essential for day-to-day financial management. |
|
1.3 |
Funds Transfer & Payment Services |
Digital execution and settlement of transfers (intra-bank, inter-bank, GIRO, instant payments) and bill payments, a core transaction engine that must remain available to uphold service continuity. |
|
1.4 |
Mobile App Transaction Processing |
The set of backend services that support the secure execution of transactions initiated through CIMB’s mobile banking application (e.g., payments, transfers, bookings), including message queuing, processing, and routing. |
|
1.5 |
Retail Digital Onboarding |
Online onboarding and KYC/KYB services for new digital customers, including document verification, risk profiling, and product enrolment — ensuring continuity of retail customer acquisition. |
|
1.6 |
Digital Alerts & Notification Services |
Real-time push notifications, SMS, and email alerts for transactional events, security warnings, and service updates are integral to customer awareness and risk mitigation during disruptions. |
|
1.7 |
Customer Support & Chatbot Interface |
Digital customer support services, including automated chat, FAQs, and live assistance, help users resolve issues quickly, especially when core access functions face degraded performance. |
|
1.8 |
API Gateway & Third-Party Integrations |
API management and integration layer supporting fintech partners or authorized financial aggregators (e.g., for Open Banking/PSU access) while enforcing security, availability, and resilience controls. |
|
1.9 |
Access Monitoring & Security Event Logging |
Continuous monitoring of authentication events, access patterns, and security incidents is critical for detecting anomalies and triggering resilience actions such as throttling or fallback. |
|
1.10 |
Back-End Data Synchronisation & Recovery |
Services that ensure replication, backup, and restore of customer data across digital banking platforms to support rapid recovery from infrastructure incidents. |
Authentication & Access Control (CBS-1.1): Fundamental for ensuring only legitimate users access services; resilient authentication prevents abuse during outages or cyber threats.
Transaction Capabilities (CBS-1.2 to 1.4): Core banking activities that customers depend on daily; ensuring these operate even under partial system failure is central to operational resilience.
Onboarding & Notifications (CBS-1.5 & 1.6): While not transactional, these processes support continuous customer engagement and trust — critical for reputation resilience.
Support & APIs (CBS-1.7 & 1.8): As digital banking increasingly integrates external partners, continuity of API services becomes part of critical business service mapping.
Security & Recovery (CBS-1.9 & 1.10): These processes underpin resilience monitoring, early detection, and recovery — core themes in regulatory discussion and guidance on operational resilience.
This chapter has presented a detailed breakdown of the Sub-CBS processes underpinning CBS-1 Retail & Digital Banking Access for CIMB Bank, translating a high-level critical business service into its operational building blocks.
By clearly defining these processes, CIMB Bank can better assess how disruptions may propagate across systems, people, and third-party dependencies, and how service delivery may degrade under stress.
Consistent with the BNM operational resilience principles, this level of process granularity is essential to demonstrating a robust understanding of critical services and their vulnerabilities.
The Sub-CBS identified in this chapter serves as the reference point for subsequent resilience activities, including impact tolerance setting, dependency mapping, and scenario testing.
Ultimately, this structured approach strengthens CIMB Bank’s ability to maintain essential retail and digital banking services during disruptions, safeguarding customers, preserving trust, and supporting the stability of the financial system.
|
Operational Resilience in Practice: The CIMB Bank Approach |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Retail & Digital Banking Access | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|