30-07-2025
BNM Fines BSN RM995,000 For Weak Critical System Leading To Service Disruption
Bank Negara Malaysia has imposed an Administrative Monetary Penalty of RM995,000 on Bank Simpanan Nasional for non-compliance with critical technology resilience standards. The penalty, imposed on June 16, 2025, stems from prolonged disruptions to BSN's banking services that affected customers and counterparties.
The central bank found BSN in breach of the Development Financial Institutions Act 2002, read in conjunction with Paragraph 10.32 of the Risk Management in Technology Policy Document (RMiT PD). This policy, which came into effect on June 1, 2023, mandates that financial institutions ensure their critical systems are designed for high availability. Specifically, it requires a cumulative unplanned downtime affecting user interfaces of not more than four hours on a rolling 12-month basis, and a maximum tolerable downtime of 120 minutes per incident.
Between June 1, 2023, and October 31, 2024, BSN experienced multiple unplanned downtimes that exceeded these stipulated thresholds. The disruptions impacted essential banking services, including e-banking channels, Automated Teller Machines (ATMs), and both debit and credit card systems. BNM attributed BSN's non-compliance to lapses in executing its response and recovery processes to promptly restore the affected systems.
BSN has since confirmed that it has undertaken necessary actions to enhance its recovery capabilities and strengthen its IT infrastructure. These measures are part of a multi-year technology infrastructure investment plan designed to prevent future non-compliance.
The bank confirmed that it paid the imposed AMP of RM995,000 on June 25, 2025. Related
