BNM fines Maybank, CIMB for e-banking service outages

BANK Negara Malaysia (BNM) has imposed fines on Malayan Banking Bhd (Maybank) and CIMB Bank Bhd (CIMB) following significant e-banking service disruptions that occurred earlier this year. The central bank announced the penalties in separate notices posted on its website.

Maybank was fined RM4.3 mil for multiple unplanned downtimes that affected its Regional Mobile Banking Platform and MAE applications between June 1, 2023, and May 31, 2024. These disruptions caused significant interference with various banking services, impacting both customers and counterparties.

BNM’s investigation revealed that Maybank’s non-compliance was due to its inability to effectively recover from unexpected system disruptions.

“Upon investigation into the root cause leading to the incidents, it was found that Maybank’s non-compliance resulted from its inability to recover effectively and promptly from the unexpected system disruptions, which severely impacted the interface experience of online banking services for its customers and counterparties.”

“Measures by Maybank to further strengthen its application and infrastructure resiliency as required by BNM were also incomplete at the time of the incidents which impeded recovery effects,” BNM said.

(Photo credit: Reddit)

 

Meanwhile, CIMB was fined RM760,000 for service outages on April 8 and 9, 2024. These disruptions affected e-banking channels, Automated Teller Machines (ATM), and both debit and credit card services. BNM stated that CIMB’s non-compliance stemmed from lapses in its response and recovery processes, which delayed the restoration of essential banking services.

BNM noted the importance of high availability for critical systems in financial institutions, stating that unplanned downtime affecting the user interface must not exceed four hours on a rolling 12-month basis with a maximum tolerable downtime of 120 minutes per incident.

Following the incidents, Maybank has taken necessary actions to address the identified gaps as part of its ongoing infrastructure investments aimed at preventing future non-compliance. CIMB has also implemented remediation measures, including enhancing real-time IT infrastructure monitoring to improve recovery capabilities.

In a statement, CIMB accepted BNM’s decision and expressed regret over the unplanned downtime, acknowledging the impact on customers and counterparties.

“We acknowledge that we need to strive to do better. The bank has invested and will continue to invest in technology, systems and processes to strengthen its resilience and ensure that its critical customer infrastructure is able to serve and meet its customers’ needs at all times.”

Maybank paid its fine on Aug 8, while CIMB settled its penalty on Aug 12.

Furthermore, BNM reiterated its expectation that all financial institutions maintain a high level of technology resilience to ensure the continuous availability of essential financial services. The central bank warned that it will not hesitate to take enforcement actions if institutions fail to meet regulatory standards.

“BNM expects all financial institutions to maintain a high level of technology resilience against operational disruptions to ensure the continuous availability of essential financial services.

“BNM will not hesitate to take appropriate supervisory and enforcement actions if financial institutions fall short of regulatory expectations.”

Subscribe and get top news delivered to your Inbox everyday for FREE