Bank Negara Malaysia (BNM) has imposed over RM7 million in administrative monetary penalties on three financial institutions for failing to meet key regulatory requirements. The enforcement actions relate mainly to service disruptions and shortcomings in anti-money laundering and sanctions screening practices.

Bank Islam Penalised for Service Disruptions and Screening Failures

Bank Islam received two separate penalties, totalling RM3,445,000. The first, amounting to RM1,745,000, was issued due to extended service disruptions that occurred between June 2023 and December 2024. These disruptions affected digital banking channels and were attributed to delayed system recovery.

BNM stated that the bank has since initiated upgrades to its IT systems and recovery procedures to strengthen service reliability.

The second penalty, worth RM1,700,000, was for failures in complying with sanctions screening obligations under anti-money laundering and counter-terrorism financing regulations. These included delays in screening beneficial owners and customer databases, leading to late identification of matches with sanctioned entities.

The central bank identified the root causes as weak internal processes, insufficient training, and ineffective oversight. Bank Islam has reportedly taken steps to improve its screening systems and related procedures.

Bank Rakyat Fined for Multiple Service Disruptions

Bank Rakyat was fined RM2,850,000 for failing to meet BNM’s technology risk management standards. Between June 2023 and December 2024, the bank experienced repeated outages that affected critical services, including e-banking platforms, ATMs, and card systems.

BNM highlighted that these disruptions exceeded the permissible downtime limits due to shortcomings in the bank’s response and recovery capabilities. Since then, Bank Rakyat has reinforced its IT infrastructure and enhanced recovery processes.

The central bank reiterated that financial institutions are required to maintain high system availability. Specifically, unplanned downtime affecting the user interface must not exceed four cumulative hours within any 12-month period, and each individual incident must be limited to 120 minutes.

BSN Penalised for Breaching Downtime Limits

Bank Simpanan Nasional (BSN) was fined RM995,000 after experiencing multiple unplanned outages between June 2023 and October 2024. These outages disrupted essential services such as ATMs, online banking, and card transactions.

BNM found that the incidents breached the regulatory thresholds for service availability due to weak recovery protocols. BSN has since upgraded its technology infrastructure to improve operational resilience.

Regulatory Expectations on System Resilience and Compliance

BNM emphasised that all financial institutions must maintain strong technology resilience to ensure continuous access to essential financial services. The regulator noted that enforcement actions will be taken for non-compliance, regardless of an institution’s past performance.

The penalties were assessed based on the seriousness of the breaches, the banks’ historical compliance records, and the extent of corrective measures undertaken. All three banks have paid their respective fines.

The enforcement actions were carried out under provisions of the Development Financial Institutions Act 2002 and the Islamic Financial Services Act 2013, as well as relevant BNM policy documents on risk management, anti-money laundering, financial sanctions, and countering financing of terrorism.

Follow us on our official WhatsApp channel for the latest money tips and updates.

• TAGS:
• Bank Islam
• Bank Negara Malaysia
• Bank Rakyat
• Bank Simpanan Nasional
• Banks
• BNM
• Compliance Failures
• System Downtime