Detailed Sub-Critical Business Services
CBS-4: Payment and Settlement Systems
Overview of Operational Resilience in Maybank
![[OR] [MB] [E4] [DP] [CBS] [2] Payment and Settlement Systems](https://no-cache.hubspot.com/cta/default/3893111/1a3adbfa-94ad-43ce-a533-8afc3e93450d.png)
Operational resilience at Maybank is defined as the ability to prevent, adapt, respond to, recover from, and learn from operational disruptions that may impact critical business services (CBS). In compliance with Bank Negara Malaysia (BNM) guidelines and global resilience standards, Maybank has identified several CBS areas vital to financial stability and customer trust.
Critical Business Service CBS-4: Payment and Settlement Systems
This service ensures the smooth execution of domestic and cross-border payment flows. It supports both retail and corporate customers and underpins the functioning of the broader financial ecosystem.
Business Processes Supporting CBS-4: Payment and Settlement Systems
|
Sub-CBF Code |
Sub-CBF |
Description |
Key Systems / Applications |
Critical Dependencies |
|
2.1 |
Retail Funds Transfer Processing |
Manages customer-initiated transfers, including interbank (IBG), instant (DuitNow), and intra-bank transfers. |
Maybank2u, MAE, Core Banking |
RPP (BNM), MyClear, APIs, mobile/online banking platforms |
|
2.2 |
Corporate & Bulk Payments |
Processes mass payments such as salaries, vendor payments, and payroll for corporate clients. |
Maybank2E, MIB, Host-to-Host Systems |
SWIFT, BNM, authentication layers, customer mandate systems |
|
2.3 |
Real-Time Gross Settlement (RENTAS) |
Settles high-value interbank payments via BNM’s RENTAS network. |
Core Banking, RENTAS Gateway |
Bank Negara Malaysia (BNM), SWIFT, treasury operations |
|
2.4 |
Cross-Border Payments (SWIFT) |
Handles global remittances and international fund transfers. |
SWIFT Alliance, AML Systems |
Correspondent Banks, FX Systems, Compliance Tools |
|
2.5 |
Cheque Clearing |
Supports cheque truncation and clearing within banking hours. |
Cheque Truncation System (CTS) |
MyClear, document scanning systems, branch network |
|
2.6 |
E-Wallet and Mobile Payment Integration |
Enables top-ups, transfers, and QR code payments via MAE and DuitNow QR. |
MAE Wallet Engine, QR Gateway |
DuitNow P2P, national QR standard, identity verification |
|
2.7 |
JomPAY & Bill Payments |
Facilitates bill payments to approved billers using JomPAY and other integrated systems. |
JomPAY Engine, Maybank2u |
PayNet, biller integration systems, and clearing arrangements |
|
2.8 |
Merchant & Acquiring Payments |
Manages online and physical POS payments for merchants via card terminals and payment gateways. |
POS Gateway, Acquiring Engine |
VISA, Mastercard, FPX, fraud detection engines |
|
2.9 |
ATM & CDM Transactions Settlement |
Reconciles cash withdrawals, deposits, and interbank ATM transactions. |
ATM/CDM Network System, Switches |
MEPS, Switch Providers, and physical cash management |
|
2.10 |
Fraud & Risk Monitoring in Payment Systems |
Real-time monitoring for fraud, suspicious activities, and transaction validation. |
FRAML (Fraud Risk & AML), Behavioural Engine |
Cybersecurity, real-time AI models, and internal fraud teams |
|
2.11 |
Reconciliation & Daily Settlement |
Daily matching of payment transactions to ensure completeness and accuracy across books and ledgers. |
Reconciliation Tool, Ledger System |
Treasury operations, GL accounts, and automated reporting systems |
|
2.12 |
Chargeback & Dispute Resolution |
Handles customer disputes, failed payments, duplicate transactions, and card chargebacks. |
CRM, Dispute Handling Systems |
Visa, Mastercard, internal compliance and customer support |
|
2.13 |
Payment System Resilience & Uptime |
System monitoring, failover testing, and redundancy protocols are in place to ensure service continuity. |
DR Infrastructure, Monitoring Dashboards |
Data Centres, Telco Providers, DR/BCP Site |
Operational Resilience Elements Integrated into CBS-2
|
Resilience Component |
Implementation in CBS-2 |
|
Impact Tolerance |
Defined in terms of maximum tolerable disruption time for each payment channel (e.g., < 2 hours for real-time payments). |
|
Severe but Plausible Scenarios |
Cyberattacks, system downtime, third-party outages, and large-scale financial fraud. |
|
Testing and Simulation |
Includes DR drills, penetration testing, and failover simulations for RENTAS, SWIFT, JomPAY, and more. |
|
Communication Protocols |
Real-time alerting to stakeholders, automated downtime notices, escalation to BNM and internal Crisis Management. |
|
Third-Party Dependency Management |
Critical suppliers (e.g., PayNet, SWIFT, VISA) undergo resilience and compliance assessments regularly. |
Regulatory Alignment
CBS-2 is aligned with:
- Bank Negara Malaysia (BNM):
- Risk Management in Technology (RMiT)
- Business Continuity Management Policy
- Financial Market Infrastructure standards
- Global Frameworks:
- Basel Committee on Banking Supervision
- ISO 22301 (Business Continuity)
Below is the detailed breakdown of the critical business service (CBS-2): Payment and Settlement Systems for Maybank Malaysia, aligned with operational resilience principles.
This includes the key business processes that support the high-level service, ensuring that disruptions are minimised and essential payment functionalities continue.
Critical Business Service: CBS-2 — Payment and Settlement Systems
|
# |
Sub-CBS |
Description |
Key Systems / Applications |
Key Dependencies |
|
1 |
Retail Payments Processing |
Handles interbank GIRO, instant transfers (DuitNow), and intra-bank transfers for retail customers. |
Maybank2u, MAE, Core Banking System |
Bank Negara Malaysia (BNM) - RPP, internal middleware, mobile/online banking platforms |
|
2 |
Corporate Payments Processing |
Processes bulk payments, payroll, and supplier payments for corporate and SME clients. |
Maybank2E, MIB, Host-to-Host Systems |
SWIFT, corporate onboarding systems, internal authorisation layers, BNM MyClear, DuitNow Corporate |
|
3 |
Real-Time Gross Settlement (RTGS) |
Settles high-value and time-critical fund transfers through BNM’s RENTAS system. |
Core Banking, RENTAS Gateway |
Bank Negara Malaysia’s RENTAS system, internal treasury systems, secure messaging platforms (SWIFT) |
|
4 |
Cheque Clearing and Processing |
Processes paper-based instruments via CTS (Cheque Truncation System). |
CTS, Cheque Clearing Gateway |
Malaysian Electronic Clearing Corporation (MyClear), branch network, document imaging and scanning systems |
|
5 |
Cross-border Payments (SWIFT) |
Facilitates international payments through the SWIFT network, including remittances and trade payments. |
SWIFT Interface, AML Screening Systems |
SWIFT Alliance Access, Correspondent Banks, FX systems, Compliance Monitoring |
|
6 |
Payment Gateway and Merchant Acquiring |
Handles e-commerce and point-of-sale payments for merchants via Maybank Payment Gateway and terminal acquiring services. |
Maybank Payment Gateway, POS Terminal Systems |
VISA/Mastercard/NFPS network, merchant systems, fraud monitoring, and acquiring banks |
|
7 |
Bill Payment and JomPAY Processing |
Enables customers to pay utility bills and registered billers via Maybank2u or other platforms. |
Maybank2u, JomPAY Engine |
PayNet JomPAY, biller integrations, and customer information systems |
|
8 |
E-Wallet Top-Up and Peer-to-Peer Transfers |
Supports MAE wallet top-ups, peer-to-peer transfers, and integration with other e-wallets. |
MAE App, DuitNow P2P Engine |
DuitNow, internal APIs, national QR standards, biometric/OTP verification |
|
9 |
Fraud and Risk Monitoring in Payments |
Monitors transactions for anomalies and fraud across all payment channels in real-time. |
FRAML (Fraud & AML), Real-Time Monitoring Tools |
AI/ML-based risk engines, behavioural analytics, and national blacklist systems |
|
10 |
Dispute Management and Chargeback Handling |
Resolves failed, duplicate, or fraudulent transactions, including merchant chargebacks. |
CRM System, Card Dispute Management System |
Visa/Mastercard, Customer Support, Regulatory Guidelines |
|
11 |
Daily Reconciliation and Settlement |
Ensures all incoming and outgoing payments are correctly posted and reconciled with core systems and external networks. |
Reconciliation Engine, Core Banking, General Ledger |
Clearing houses (MyClear, SWIFT), Treasury Operations, Accounting |
|
12 |
System Availability and Continuity Checks |
Periodic testing of system resilience, backup switching (DR site), and uptime monitoring for payment infrastructure. |
Network Monitoring Tools, DR Management Systems |
Data centres (Primary and DR), Telecommunication Providers, Cybersecurity Operations |
Notes
- CBS-2 Payment and Settlement Systems is considered mission-critical under BNM’s Operational Resilience and BCM guidelines.
- Processes are interdependent, and failure in one (e.g., SWIFT, RENTAS) could cascade across others.
- Resilience strategies include:
- RTO/RPO targets for each process/system.
- Scenario testing (e.g., cyber-attack, data centre outage).
- Crisis communication playbooks.
- Third-party risk management for external services like JomPAY, SWIFT, VISA, etc.
![[OR] [MB] [E4] [CBS] [4] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/c6dc183a-daa3-48a7-bdb8-1637e70ad225.png)
![[OR] [MB] [E4] [CBS] [4] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/991bb294-c578-4aa7-98af-4e408289a1a7.png)
![[OR] [MB] [E4] [CBS] [4] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/d4ca4697-0628-48d3-b279-f59262c9b590.png)
![[OR] [MB] [E4] [CBS] [1] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/6a146a73-5fc3-4f62-9bf4-5d9abae3dacf.png)
![[OR] [MB] [E4] [CBS] [4] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/04aa13d5-6654-4a09-8a31-ea1003a15192.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
