PETALING JAYA, Bank Negara Malaysia (BNM) has imposed more than RM7 million in administrative penalties on three banks for breaching regulatory requirements, primarily involving prolonged system downtime and failures in sanctions screening compliance.
In separate statements issued today, the central bank revealed that Bank Islam was fined a total of RM3.45 million, Bank Rakyat was penalised RM2.85 million, and Bank Simpanan Nasional (BSN) received a RM995,000 fine.
The penalties were issued for violations of the Development Financial Institutions Act 2002, the Islamic Financial Services Act 2013, and BNM’s policies on technology risk management, anti-money laundering, financial sanctions, and counter-terrorism financing.
Bank Islam
Bank Islam was hit with two separate penalties:
-
RM1.75 million for extended service disruptions between June 2023 and December 2024, caused by delayed system recovery that impacted its digital banking services.
-
RM1.7 million for shortcomings in sanctions screening processes, including delays in screening non-customer beneficial owners and the bank’s customer base, which led to late identification of matches with sanctioned entities. The bank also failed to report its findings in a timely manner.
BNM cited weak internal controls, insufficient training, and poor oversight as contributing factors. However, Bank Islam has since taken corrective measures, including upgrading its IT systems and enhancing sanctions screening procedures.
Bank Rakyat
Bank Rakyat was fined RM2.85 million for failing to meet BNM’s system availability requirements, resulting in multiple outages from June 2023 to December 2024. These disruptions affected key banking services such as e-banking, ATMs, and card systems, exceeding the central bank’s allowable downtime limits due to inadequate response and recovery protocols.
BNM confirmed that Bank Rakyat has strengthened its IT infrastructure and improved system recovery measures.
Bank Simpanan Nasional (BSN)
BSN received a RM995,000 penalty for similar failures. The bank experienced multiple unplanned service outages between June 2023 and October 2024, impacting ATM, online banking, and card services. The disruptions also exceeded the permitted downtime thresholds due to weak recovery capabilities.
BSN has since taken steps to upgrade its technology infrastructure, BNM noted.
Regulatory Standards and Enforcement
BNM reiterated that all financial institutions must ensure that critical systems do not exceed:
-
Four hours of cumulative unplanned downtime over a 12-month rolling period, and
-
120 minutes of downtime for any single incident.
The central bank stressed the importance of technology resilience to ensure continuous access to essential financial services, warning that enforcement action will be taken regardless of institutions’ past performance.
The penalties were calculated based on the severity of the breaches, historical compliance track records, and the effectiveness of remedial actions taken. All three banks have since paid their respective fines.
