![BB OR [A] 10](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20A/BB%20OR%20%5BA%5D%2010.jpg?width=2000&height=1333&name=BB%20OR%20%5BA%5D%2010.jpg "BB OR [A] 10")
Establish Impact Tolerances
CBS-4 – Payment and Settlement Systems
Introduction
![[OR] [MB] [E4] [CBS] [4] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/d4ca4697-0628-48d3-b279-f59262c9b590.png)
The Payment and Settlement Systems form the backbone of Maybank’s financial infrastructure, facilitating seamless retail, corporate, interbank, and international transactions.
As part of our commitment to operational resilience and regulatory compliance, it is essential to define and regularly review the impact tolerances for this Critical Business Service (CBS-4).
This chapter outlines the maximum tolerable downtime (MTD), maximum tolerable data loss (MTDL), and the associated customer and regulatory impacts for each key process within the Payment and Settlement Systems.
These tolerances are vital for identifying service vulnerabilities, guiding investment in resilience capabilities, and ensuring that the Bank can continue to deliver critical services during severe but plausible disruptions.
The impact tolerances presented have been determined in alignment with regulatory expectations, industry best practices, and internal risk assessments.
Each process is evaluated concerning its criticality, impact type, current resilience status, and the corresponding actions required to strengthen operational readiness.
Here is a summary table for setting appropriate impact tolerances for CBS-4: Payment and Settlement Systems for Maybank.
This summary is structured to help business units communicate effectively with their Heads and the Operational Resilience Team.
Impact Tolerance Summary
|
No. |
Process Description |
MTD |
MTDL |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1 |
Retail Funds Transfer Processing |
2 hrs |
<15 mins |
High–Retail customer disruption |
High – Regulatory reporting |
Operational / Reputational |
Partially Resilient |
Enhance failover mechanisms |
|
2 |
Corporate & Bulk Payments |
4 hrs |
<30 mins |
High Business client delay |
High–compliance timelines |
Financial / Operational |
Resilient |
Periodic stress testing |
|
3 |
Real-Time Gross Settlement (RENTAS) |
1 hr |
<5 mins |
Critical – Interbank settlement |
Critical – BNM regulatory breach |
Systemic / Financial |
Partially Resilient |
Improve RTGS redundancy |
|
4 |
Cross-Border Payments (SWIFT) |
2 hrs |
<15 mins |
High – International transaction |
Medium – SWIFT compliance |
Financial / Legal |
Resilient |
Continuous monitoring |
|
5 |
Cheque Clearing |
6 hrs |
<1 hr |
Medium – Delayed crediting |
Low–batch processing buffer |
Financial |
Resilient |
Maintain current controls |
|
6 |
E-Wallet and Mobile Payment Integration |
3 hrs |
<30 mins |
High – Consumer transaction halt |
Medium – Third-party SLA impact |
Operational / Reputational |
Partially Resilient |
Strengthen API interface resilience |
|
7 |
JomPAY & Bill Payments |
4 hrs |
<30 mins |
Medium – Payment delays |
Medium – Billers' compliance risk |
Customer Trust / Operational |
Resilient |
Review third-party dependencies |
|
8 |
Merchant & Acquiring Payments |
2 hrs |
<15 mins |
High–Merchant settlement issues |
Medium – Acquirer obligations |
Financial / Reputational |
Partially Resilient |
Expand acquiring network fallback |
|
9 |
ATM & CDM Transactions Settlement |
6 hrs |
<1 hr |
Medium – Cash flow disruption |
Low – Offline transaction buffer |
Operational |
Resilient |
Monitor hardware uptime |
|
10 |
Fraud & Risk Monitoring in Payment Systems |
1 hr |
<5 mins |
Critical – Undetected fraud |
Critical – Compliance failure |
Security / Regulatory |
Needs Improvement |
Implement real-time backup systems |
|
11 |
Reconciliation & Daily Settlement |
8 hrs |
<1 hr |
Low – Back-office impact |
Medium – Reporting delay |
Operational / Regulatory |
Resilient |
Maintain regular audits |
|
12 |
Chargeback & Dispute Resolution |
24 hrs |
<4 hrs |
Low–case resolution delay |
Low – SLA buffer |
Legal / Customer Service |
Resilient |
Improve case workflow automation |
|
13 |
Payment System Resilience & Uptime |
0 tolerance |
0 tolerance |
Critical – All systems are dependent |
Critical – BNM/industry standards |
Systemic / Regulatory |
Partially Resilient |
Achieve Tier IV data center standards |
Key Notes:
- MTD (Maximum Tolerable Downtime): Maximum duration before severe impact occurs.
- MTDL (Maximum Tolerable Data Loss): Data loss limit before impact becomes unacceptable.
- Impact Type reflects the nature of the consequence (e.g., Financial, Regulatory, Operational).
- Current Resilience Status is based on internal assessments.
- Action Required outlines priority steps to meet impact tolerance levels.
Summing Up ...
Establishing well-defined impact tolerances for the Payment and Settlement Systems enables Maybank to uphold service integrity, customer trust, and regulatory obligations during operational disruptions.
The analysis demonstrates a proactive approach to resilience planning, identifying areas that meet, exceed, or fall short of resilience expectations.
Several core processes, particularly those with systemic and regulatory significance, such as RENTAS and fraud monitoring, demand immediate attention and resource allocation to achieve target resilience levels.
Other components, while resilient under current conditions, require ongoing monitoring and stress testing to ensure continued alignment with evolving threats and regulatory standards.
Moving forward, the recommended actions and improvement areas will be prioritised and incorporated into the broader Operational Resilience Framework.
Close collaboration between business units, IT, compliance, and risk management teams will be essential to enhance the Bank's overall resilience posture and readiness to withstand future shocks.
![[OR] [MB] [E4] [DP] [CBS] [2] Payment and Settlement Systems](https://no-cache.hubspot.com/cta/default/3893111/1a3adbfa-94ad-43ce-a533-8afc3e93450d.png)
![[OR] [MB] [E4] [CBS] [4] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/c6dc183a-daa3-48a7-bdb8-1637e70ad225.png)
![[OR] [MB] [E4] [CBS] [4] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/991bb294-c578-4aa7-98af-4e408289a1a7.png)
![[OR] [MB] [E4] [CBS] [1] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/6a146a73-5fc3-4f62-9bf4-5d9abae3dacf.png)
![[OR] [MB] [E4] [CBS] [4] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/04aa13d5-6654-4a09-8a31-ea1003a15192.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
