![[OR] [MIB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/3f6f3532-eeed-4a2f-a703-09465c567f80.png)
CBS-1 Securities Trading & Execution
Introduction
![[OR] [MIB] [E3] [CBS] [1] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/d9e1fd27-e41f-4735-9e4f-a98355d23bbb.png)
Scenario testing is a core pillar of operational resilience.
In line with industry guidance and the principles outlined in the BCM Institute blog “[OR] [P2-S4] What is Scenario Testing in Operational Resilience?”, scenario testing enables Maybank Investment Bank to assess whether its Critical Business Service (CBS-1 Securities Trading & Execution) can remain within defined impact tolerances during severe but plausible disruptions.
Rather than testing isolated systems, scenario testing examines end-to-end service continuity across people, process, technology, third parties, and market infrastructure.
For CBS-1, scenario testing ensures that trading, execution, clearing, settlement, custody, and regulatory obligations continue to operate within acceptable thresholds even under cyberattacks, ICT outages, market volatility, third-party failures, or data integrity incidents.
The following table outlines recommended scenario test themes for each Sub-CBS, highlighting impact assessment, integration of cyber and ICT risks, and evidence of proactive risk management actions.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action (Including Cyber & ICT Risk Integration) |
|
1-1 |
Client Onboarding for Trading |
Cyber breach of KYC system; AML screening system outage; Third-party eKYC provider failure |
Delayed account activation; regulatory breach; onboarding backlog |
Periodic penetration testing; dual AML screening engines; fallback manual onboarding procedures; third-party SLA monitoring; KYC data encryption controls |
|
1-2 |
Order Capture & Validation |
Trading front-end system outage; FIX gateway disruption; market data feed corruption |
Inability to capture orders, rejected trades, and client dissatisfaction |
Active-active trading platform; redundant FIX connections; real-time data validation controls; incident response playbooks |
|
1-3 |
Pre-Trade Risk Controls |
Risk engine malfunction; limit file corruption; latency spike during high volatility |
Breach of risk appetite; exposure beyond limits; regulatory non-compliance |
Automated limit monitoring; daily risk parameter validation; independent risk oversight; cyber hardening of risk engine servers |
|
1-4 |
Trade Execution (Exchange-Traded) |
Exchange connectivity loss; DDoS attack; algorithm malfunction during volatility surge |
Trade execution failure; financial loss; reputational damage |
Multi-exchange connectivity; DDoS protection; kill-switch controls; algorithm testing under stressed market simulation |
|
1-5 |
Trade Execution (OTC / Structured Products) |
Counterparty system outage; pricing model error; data tampering |
Mispricing; failed trades; contractual disputes |
Independent price verification; model validation governance; encrypted deal capture systems; counterparty contingency agreements |
|
1-6 |
Algorithmic & Electronic Trading Management |
Rogue algorithm deployment; unauthorised code change; cyber intrusion into trading engine |
Market disruption; regulatory sanctions; financial loss |
Change management controls; segregation of duties; real-time algo monitoring dashboards; periodic red-team testing |
|
1-7 |
Trade Confirmation & Client Notification |
SWIFT/email server outage; confirmation system data mismatch |
Client disputes, delayed settlement, and reputational risk |
Automated reconciliation between trade blotter and confirmation engine; secure communication channels; disaster recovery testing |
|
1-8 |
Trade Capture & Booking |
Core trading ledger corruption; database ransomware attack |
Inaccurate books; P&L misstatement; audit findings |
Real-time replication; immutable backup storage; quarterly data restoration drills; database access controls |
|
1-9 |
Clearing & Settlement Processing |
Clearing house connectivity disruption, payment system outage, and cyberattack on the settlement platform |
Settlement failure; liquidity strain; penalties |
Alternate clearing routes; pre-funding liquidity buffer; SWIFT contingency arrangements; ICT recovery time objectives tested |
|
1-10 |
Custody & Safekeeping Coordination |
Custodian bank outage; asset misposting; cross-border settlement delay |
Asset segregation risk; regulatory breach |
Custodian SLA reviews; daily position reconciliation; contingency custodian arrangements; secure data exchange protocols |
|
1-11 |
Margin & Collateral Management |
Margin call calculation error; collateral valuation feed failure; market shock liquidity stress |
Under-collateralization; counterparty default risk |
Stress testing collateral under extreme volatility; automated margin recalculation; diversified collateral pool |
|
1-12 |
Corporate Actions Processing |
Corporate action event misinterpretation; vendor feed failure; data corruption |
Incorrect entitlement processing; financial loss to clients |
Dual-source corporate action feeds; maker-checker approval; automated entitlement reconciliation; vendor risk assessments |
|
1-13 |
Reconciliation & Exception Management |
Reconciliation engine outage; delayed exception resolution; cyber manipulation of records |
Unresolved breaks; financial misstatement; audit impact |
Daily automated reconciliation; exception escalation matrix; forensic audit logging; independent operations oversight |
|
1-14 |
Regulatory Reporting & Surveillance |
Surveillance system failure; trade reporting file corruption; regulatory gateway outage |
Late/misreported trades; regulatory fines |
Parallel reporting environment; automated validation checks; compliance monitoring dashboards; periodic regulatory simulation drills |
|
1-15 |
Business Continuity & System Recovery for Trading |
Primary data centre outage; ransomware attack; pandemic-related staff unavailability |
Trading halt; breach of impact tolerance; systemic disruption |
Tested DR site (RTO/RPO defined); cyber incident response plan; cross-trained staff; tabletop crisis simulation exercises |
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing for CBS-1 Securities Trading & Execution enables Maybank Investment Bank to move beyond theoretical risk assessment into practical validation of resilience capabilities.
By subjecting each Sub-CBS to severe but plausible cyber, ICT, operational, third-party, and market stress events, the Bank ensures its critical trading services remain within defined impact tolerances.
Importantly, scenario testing integrates cyber resilience, ICT recovery, liquidity preparedness, and governance oversight into a unified resilience framework.
Through structured testing, evidence gathering, and remediation tracking, Maybank Investment Bank demonstrates proactive risk management, regulatory alignment, and a strong operational resilience posture.
This approach strengthens stakeholder confidence, protects market integrity, and ensures continuity of securities trading and execution services even during major disruptions.
![[OR] [MIB] [E3] [CBS] [1] [DP] Securities Trading & Execution](https://no-cache.hubspot.com/cta/default/3893111/7a960cf5-5f8f-4795-8e2d-941b62c49b0e.png)
![[OR] [MIB] [E3] [CBS] [1] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/4818366e-86d1-4625-b282-e17bd7e87a6d.png)
![[OR] [MIB] [E3] [CBS] [1] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/aef19608-353c-48cd-89b2-f76601598a32.png)
![[OR] [MIB] [E3] [CBS] [1] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/86a15235-66bf-4ff2-a2fc-aefe29518d19.png)
![[OR] [MIB] [E3] [CBS] [1] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/dc813894-8c9d-4277-a496-5f45b220f990.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
