Bank Negara Malaysia (BNM) has imposed administrative monetary penalties on Bank Rakyat, Bank Simpanan Nasional (BSN), and Bank Islam for breaches related to system downtime and regulatory non-compliance.
Bank Rakyat was fined RM2.85 million on 16 June 2025 for failing to comply with the Development Financial Institutions Act 2002 and the Risk Management in Technology (RMiT) Policy Document.
The bank experienced multiple service disruptions between June 2023 and December 2024 affecting its e-banking channels, ATMs, and card systems.
These incidents exceeded the policy’s thresholds, which limit unplanned downtime to four hours cumulatively over 12 months and 120 minutes per incident.
BNM found the disruptions were due to weaknesses in the bank’s response and recovery processes.
Bank Rakyat has since taken steps to strengthen its IT infrastructure and paid the penalty on 26 June 2025.
Meanwhile, BSN was fined RM995,000 for similar issues between June 2023 and October 2024.
The bank also experienced prolonged disruptions that affected banking services.
BNM cited BSN’s failure to respond effectively, which led to the breaches. BSN has enhanced its recovery capabilities and invested in upgrading its systems. The fine was paid on 25 June 2025.
Bank Islam was penalised RM3.445 million for two separate compliance failures.
A fine of RM1.745 million was imposed on 16 June 2025 for extended system outages between June 2023 and December 2024, which impacted services such as online banking, debit card usage, and payment transactions.
These disruptions breached the RMiT policy limits, and BNM noted lapses in the bank’s recovery efforts. The penalty was paid on 30 June 2025.
An additional RM1.7 million fine was imposed on 27 May 2025 for failures in sanctions screening under the Islamic Financial Services Act 2013 and anti-money laundering regulations.
BNM found that Bank Islam delayed screening its full customer database against updated domestic and United Nations sanctions lists, resulting in late identification of three specified entities and delayed reporting. Some transactions were carried out before matches were confirmed.
The bank has since enhanced its core systems, screening procedures, and staff training. The penalty was paid on 29 May 2025.
BNM said it considered the severity of the breaches, their impact on customers, each bank’s past compliance history, and remedial actions taken.
The central bank reaffirmed that all financial institutions must maintain high standards of operational resilience and compliance to ensure uninterrupted financial services.
Featured image: Edited by Fintech News Malaysia, based on image by 936072494 via Freepik
