[OR] [MB] [E4] [CBS] [1] [MPR] Map Processes and Resources

Map Processes and Resources for

CBS-1: Retail and SME Loans

This chapter presents the comprehensive mapping of processes and resources for the critical business service (CBS) identified as CBS-1: Retail and SME Loans within Maybank Malaysia.

In alignment with regulatory expectations for operational resilience—particularly those outlined by Bank Negara Malaysia (BNM) and international standards such as ISO 22301 and ISO 22316—this mapping exercise serves as a foundational step in understanding how each functional component of the CBS is operationalised and supported.

Each sub-component of the CBS (Sub-CBS) is examined to identify the underlying business processes, personnel, technology, third-party service providers, and upstream/downstream dependencies.

This granular breakdown not only enhances visibility over Maybank’s loan processing lifecycle—from origination and onboarding to servicing, monitoring, and recovery—but also enables the organisation to pinpoint single points of failure, assess risk concentrations, and formulate robust business continuity and recovery strategies.

Ultimately, this structured mapping supports the bank’s goal of sustaining uninterrupted service delivery to retail and SME customers, even under adverse operating conditions.

Map Processes and Resources Table for CBS-1: Retail and SME Loans

Sub-CBF Code

Sub-CBS

Processes

People

Technology (Applications & Infrastructure)

Third-party Vendors

Upstream/ Downstream Dependencies

1.1

Loan Product Origination and Marketing

- Market analysis

- Product design and pricing

- Campaign management

- Lead generation

- Product Managers

- Marketing Teams

- Digital Channel Managers

- CRM Platforms (e.g., Salesforce)

- Campaign Management Tools

- Market Analytics Tools

- Advertising Agencies

- Digital Marketing Platforms (Google, Meta)

- Fintech partner platforms

Upstream: Market research

Downstream: Loan application systems

1.2

Customer Onboarding and Application Processing

- Online/offline onboarding

- KYC/AML checks

- Data entry and validation

- Application logging

- Branch staff

- Relationship Managers

- KYC/Compliance Officers

- eKYC System

- Onboarding Portal

- Core Banking System

- Document Management System

- eKYC Vendors

- ID Verification Providers

- Credit Bureau Partners

Upstream: Marketing & product info

Downstream: Underwriting, Core Banking

1.3

Credit Assessment and Underwriting

- Creditworthiness analysis

- Risk scoring

- Approval workflow

- Manual underwriting exception handling

- Credit Analysts

- Risk Managers

- Underwriters

- Credit Risk Engine (e.g., SAS)

- Internal Rating Models

- Credit Scoring Tools

- Core Banking Integration

- Credit Bureaus (CTOS, Experian)

- SME Rating Agencies (RAM, MARC)

Upstream: Application data

Downstream: Approval & disbursement

1.4

Loan Disbursement and Documentation

- Contract preparation

- Customer consent & digital signature

- Funds disbursement

- Archiving & documentation

- Operations Officers

- Legal Team

- Branch/Call Centre Support

- eSignature Platforms

- Document Archival Systems

- Core Banking Transaction Modules

- Legal Advisory Firms

- Courier Services (for physical docs, if needed)

Upstream: Approved application

Downstream: Loan account creation, servicing

1.5

Loan Servicing and Customer Support

- EMI collection

- Account maintenance

- Customer inquiries

- Change request processing

- Customer Service Agents

- Collections Team

- Branch Officers

- Loan Management System

- Contact Centre CRM

- IVR Systems

- Mobile/Internet Banking

- Contact Centre Outsourcing

- Payment Gateways

- SMS/Email Alert Providers

Upstream: Loan account setup

Downstream: Monitoring and collections

1.6

Loan Monitoring and Early Warning

- Payment behaviour tracking

- Risk flags generation

- Exception reporting

- Proactive customer engagement

- Risk Monitoring Analysts

- Relationship Managers

- System Admins

- Early Warning Systems

- Behavioural Scoring Engines

- Portfolio Monitoring Dashboards

- Fintech Risk Monitoring Tools

- Alert & Notification Systems

Upstream: Payment data, transaction logs

Downstream: Collections & risk escalation

1.7

Collections and Recovery

- Reminder campaigns

- Soft/hard collections

- Legal notices

- Asset recovery

- Collection Officers

- Legal Team

- External Collection Agents

- Collection Management Systems

- Dialer Systems

- Payment Reconciliation Tools

- Debt Collection Agencies

- Legal Recovery Partners

Upstream: Monitoring alerts

Downstream: Write-off or legal proceedings

1.8

Compliance and Regulatory Reporting

- Report generation (BNM, PIDM)

- Risk & compliance audits

- Internal control checks

- Periodic review of compliance programs

- Compliance Officers

- Internal Audit Team

- Reporting Analysts

- Regulatory Reporting Software (e.g., AxiomSL)

- Data Warehouses

- Audit Management Tools

- Regulatory Advisory Firms

- External Auditors

Upstream: Transaction & customer data

Downstream: Regulatory bodies

1.9

System Support and Technology Infrastructure

- Application support

- Infrastructure monitoring

- Cybersecurity management

- Business continuity and DR capabilities

- IT Operations

- Cybersecurity Team

- System Administrators

- Core Banking System (e.g., Finacle)

- Middleware Platforms

- Backup Systems

- Cloud Services

- Network Infrastructure

- Cloud Providers (AWS, Azure)

- System Integrators

- Telcos (Connectivity)

- Managed IT Services

Upstream: All CBS applications

Downstream: All end-user services dependent on IT stability and availability

Notes for Compliance and Operational Resilience

Each Sub-CBS is mapped to specific people, systems, vendors, and dependencies to identify single points of failure and ensure continuity planning.
Particular focus is placed on third-party vendors and technology dependencies, per Bank Negara Malaysia (BNM) RMiT guidelines and ISO 22301 BCM requirements.
This mapping enables impact tolerance testing, improved incident response, and robust recovery planning.

Summing Up ...

The structured mapping of processes and resources across all sub-CBS elements of Retail and SME Loans provides Maybank with a vital lens to assess operational vulnerabilities, enhance response capabilities, and ensure the continuity of mission-critical services.

By clearly identifying the supporting people, systems, vendors, and interdependencies, the organisation gains the ability to proactively manage risks and reduce service disruptions that could impact customers or regulatory obligations.

This chapter lays the groundwork for subsequent activities such as impact tolerance setting, scenario testing, and crisis response planning.

It is a key milestone in operationalising resilience at the service level, ensuring that Maybank can continue to uphold customer trust and regulatory compliance in an increasingly complex and interconnected financial landscape.

Operational Resilience in Action: Case Studies and Best Practices for MayBank
eBook 4: Starting Your OR Implementation
CBS-1 Retail and SME Loans
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SuPS	CBS-1 ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.