Operational resilience standards, including Bank Negara Malaysia’s 2025 Operational Resilience Discussion Paper, emphasize that dependency mapping is critical to understanding how people, processes, technologies, and third parties interact to sustain service delivery under stress.
Mapping dependencies ensures that weak points — whether human, technical, procedural, or external — are identified, monitored, and mitigated.
In this chapter, we map the key dependencies of the Retail & Digital Banking Access service to support risk assessment, continuity planning, and recovery strategies.
|
Sub‑CBS Code |
Sub‑CBS |
Dependency Type |
Dependency Detail (What/Who) |
Connectivity (How it Interacts) |
|
1.1 |
Online Banking Login & Authentication |
People |
IT Security Team, IAM Administrators |
Supports authentication flow; updates security policies and responds to incidents |
|
|
|
Process |
Multi‑factor authentication policies; user onboarding workflows |
Ensures users follow the secure login process for access |
|
|
|
Technology |
Authentication servers, IAM (Identity & Access Management), SSO systems |
Connects to customer login front‑end and backend validation systems |
|
|
|
Third Party |
SMS/Email OTP service providers |
Sends authentication tokens during login |
|
1.2 |
Account Dashboard & Balance Inquiry |
Technology |
Core banking system, account database servers |
Feeds balance and transaction data to web/mobile UI |
|
|
|
Process |
Real‑time data query & caching mechanisms |
Updates customer views and reduces load on core systems |
|
|
|
People |
UI/UX support, DevOps |
Monitors dashboard performance and issues fixes |
|
1.3 |
Funds Transfer & Payment Services |
Technology |
Payments engine, real‑time gross settlement (RTGS), FAST/SWIFT gateways |
Processes and routes payment instructions |
|
|
|
Third Party |
External payment networks, clearing houses |
Executes cross‑bank/national transfers |
|
|
|
Process |
Transaction validation rules, fraud checks |
Ensures secure transfer and compliance |
|
1.4 |
Mobile App Transaction Processing |
Technology |
Mobile backend APIs, microservices, app servers |
Connects the app UI to backend services |
|
|
|
People |
Mobile dev team, QA/testers |
Release management and app updates |
|
|
|
Third Party |
Push notification services, app store delivery |
Supports app installations and updates |
|
1.5 |
Retail Digital Onboarding |
People |
Customer verification and the KYC team |
Verifies identity for new accounts |
|
|
|
Process |
KYC/AML workflows, e‑signature processes |
Handles compliance checks and captures customer info |
|
|
|
Technology |
Biometric verification, document capture tools |
Interfaces with customer devices to verify identity |
|
|
|
Third Party |
ID verification services, AML screening providers |
Provides authoritative identity checks |
|
1.6 |
Digital Alerts & Notification Services |
Technology |
Messaging servers, alert engine, email/SMS gateways |
Sends alerts for activities such as balance changes |
|
|
|
Third Party |
Telecommunication providers |
Supports delivery of SMS/voice alerts |
|
|
|
Process |
Alert configuration and escalation procedures |
Determines which alerts get sent and when |
|
1.7 |
Customer Support & Chatbot Interface |
Technology |
Chatbot platform, CRM systems |
Interfaces with customer queries and contextual data |
|
|
|
People |
Support agents, escalation teams |
Handle inquiries beyond automated responses |
|
|
|
Third Party |
AI/NLP chatbot engine |
Enhances automated support experiences |
|
1.8 |
API Gateway & Third‑Party Integrations |
Technology |
API gateway, developer portal, API management |
Exposes secure APIs to internal systems and partners |
|
|
|
Third Party |
Fintech partners, aggregators, regulators |
Consumes APIs for extended services (e.g., account aggregation) |
|
|
|
Process |
API access control and monitoring |
Controls access and tracks usage/performance |
|
1.9 |
Access Monitoring & Security Event Logging |
Technology |
SIEM systems, logging platforms, analytics tools |
Collects and analyzes access logs, detects anomalies |
|
|
|
People |
Security Operations Center (SOC) |
Responds to alerts and investigates events |
|
|
|
Process |
Incident response process |
Defines how security events are escalated |
|
1.10 |
Back‑End Data Synchronisation & Recovery |
Technology |
Replication services, disaster recovery (DR) systems |
Synchronises production data to backups and recovery sites |
|
|
|
Process |
Backup schedules, DR failover procedures |
Ensures continuity during outages |
|
|
|
Third Party |
Cloud backup providers |
Stores replicated data off‑site |
Dependency mapping for Retail & Digital Banking Access at CIMB Bank provides critical insight into how sub‑services rely on people, processes, technology, and external partners. By documenting these interdependencies, the bank gains visibility into potential single points of failure, risks from third parties, and areas requiring strengthened controls or redundancy.
This structured approach to resilience aligns with operational risk standards and guidance, such as in Bank Negara Malaysia’s 2025 Operational Resilience Discussion Paper, which highlights the need to understand cross‑cutting dependencies and their impact on service continuity.
Ultimately, a comprehensive dependency map enhances preparedness, informs recovery planning, and supports more resilient digital banking operations — ensuring customers can access core banking services even under stress.
|
Operational Resilience in Practice: The CIMB Bank Approach |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Retail & Digital Banking Access | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|