![BB OR [A] 6](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20A/BB%20OR%20%5BA%5D%206.jpg?width=2000&height=1333&name=BB%20OR%20%5BA%5D%206.jpg "BB OR [A] 6")
Identify Severe but Plausible Scenarios
CBS-4 – Payment and Settlement Systems
![[OR] [MB] [E4] [CBS] [1] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/6a146a73-5fc3-4f62-9bf4-5d9abae3dacf.png)
For Maybank, the Payment and Settlement Systems (CBS-4) form a backbone of its financial services, ensuring liquidity, trust, and transaction continuity across diverse channels.
This chapter maps out specific SbP scenarios for each Sub-CBS process, integrating insights from cyber, ICT, third-party, and physical risk domains.
These scenarios are not extreme outliers, but instead tailored disruptions that are within the realm of realistic, yet significant occurrences.
Each scenario includes an analysis of cyber/ ICT risk links and demonstrates proactive risk management efforts already in place or required.
|
No. |
Process Description |
Severe but Plausible Scenario |
Cyber/ICT Risk Integration |
Evidence of Proactive Risk Management Action |
|
1 |
Retail Funds Transfer Processing |
Core banking system outage during peak hours |
Core system DDoS attack |
DDoS mitigation tools and rerouting architecture are in place |
|
2 |
Corporate & Bulk Payments |
Batch file corruption due to system misconfiguration |
Insider threat or privilege misuse |
Role-based access control (RBAC) and activity logging |
|
3 |
Real-Time Gross Settlement (RENTAS) |
RENTAS host connectivity loss to the BNM node |
Network routing attack or DNS hijacking |
Encrypted VPN to BNM and an alternate leased line connection |
|
4 |
Cross-Border Payments (SWIFT) |
SWIFT connector compromise (e.g., fraudulent instruction) |
Malware in the SWIFT Alliance interface |
SWIFT CSP compliance and periodic security validation |
|
5 |
Cheque Clearing |
Data mismatch or delay due to third-party failure |
Poor encryption or API dependency |
Vendor due diligence and automated fallback routing |
|
6 |
E-Wallet and Mobile Payment Integration |
Mobile app API outage from the third-party aggregator |
API abuse or integration vulnerability |
Penetration testing and traffic throttling |
|
7 |
JomPAY & Bill Payments |
National biller integration is down for an extended period |
External service interruption |
Biller redundancy and daily connectivity health checks |
|
8 |
Merchant & Acquiring Payments |
POS transaction flow delay due to the gateway outage |
Gateway spoofing or protocol flaw |
Secure channel protocols and endpoint authentication |
|
9 |
ATM & CDM Transactions Settlement |
ATM/CDM transaction queue overflow due to sync failure |
Sync script corruption or patch rollback |
Dual-site processing and periodic integrity checks |
|
10 |
Fraud & Risk Monitoring in Payment Systems |
Fraud detection rules disabled or bypassed |
Malware, rule manipulation, or config tampering |
Endpoint protection and 24/7 SOC alerting on config changes |
|
11 |
Reconciliation & Daily Settlement |
The end-of-day report job fails due to a system delay |
System clock misconfiguration or corruption |
Time-sync verification protocol and job resumption scripts |
|
12 |
Chargeback & Dispute Resolution |
Spike in disputes overwhelms case management team |
Bot-generated chargeback abuse |
Automated triage and fraud pattern detection using ML |
|
13 |
Payment System Resilience & Uptime |
Simultaneous failure of primary and backup data centres |
Coordinated ransomware or data centre attack |
Geo-redundancy, immutable backups, and ransomware drills |
Legend
- Cyber/ICT Risk Integration: Shows the nature of ICT/cyber threats tied to the scenario.
- Evidence of Proactive Risk Management Action: Demonstrates implemented control, mitigation, or governance mechanism addressing the risk.
![[OR] [MB] [E4] [DP] [CBS] [2] Payment and Settlement Systems](https://no-cache.hubspot.com/cta/default/3893111/1a3adbfa-94ad-43ce-a533-8afc3e93450d.png)
![[OR] [MB] [E4] [CBS] [4] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/c6dc183a-daa3-48a7-bdb8-1637e70ad225.png)
![[OR] [MB] [E4] [CBS] [4] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/991bb294-c578-4aa7-98af-4e408289a1a7.png)
![[OR] [MB] [E4] [CBS] [4] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/d4ca4697-0628-48d3-b279-f59262c9b590.png)
![[OR] [MB] [E4] [CBS] [4] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/04aa13d5-6654-4a09-8a31-ea1003a15192.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
