Bank Negara Malaysia (BNM) has imposed an Administrative Monetary Penalty (AMP) totaling RM3,445,000 on Bank Islam Malaysia Berhad (BIMB).
This is due to multiple instances of non-compliance with key regulatory requirements, including the Islamic Financial Services Act 2013 (IFSA), the Risk Management in Technology (RMiT) Policy Document, and the Anti-Money Laundering, Countering Financing of Terrorism and Targeted Financial Sanctions (AML/CFT and TFS) Policy Document.
RM1.75 Million Penalty for Prolonged Service Disruptions
On 16 June 2025, BNM imposed an RM1,745,000 penalty on Bank Islam for failing to comply with section 58(1)(a) of the IFSA, in relation to paragraph 10.32 of the RMiT Policy Document.
According to BNM, between 1 June 2023 and 31 December 2024, BIMB experienced multiple unplanned downtimes across essential banking services including e-banking, debit card systems, and online payments. These disruptions exceeded the RMiT’s allowable downtime thresholds and were linked to lapses in recovery processes and IT infrastructure.
BNM stated that such disruptions compromised the availability of critical financial services to customers and business counterparties. BIMB has since initiated a multi-year technology investment plan aimed at strengthening its IT resilience and mitigating future service outages.
Key aggravating factors considered by BNM included:
•The prolonged nature and impact of the service disruptions,
•BIMB’s delayed mitigation efforts,
•Previous compliance history, and
•Effectiveness of corrective actions.
RM1.7 Million Penalty for Breach of Sanctions Screening Requirements
On 27 May 2025, a second AMP of RM1,700,000 was imposed on Bank Islam for breaching AML/CFT and TFS regulations.
BNM’s investigation uncovered two major violations involving lapses in sanctions screening processes:
- Delayed screening of non-customer beneficial owners against the Domestic List and UN Security Council Resolutions (UNSCR) List, as required by paragraphs 27.4.2 and 28.3.2 of the policy document.
- Failure to conduct timely sanctions screening of the entire customer database upon updates to the Federal Gazette, resulting in delayed identification of three specified entities and late reporting of one positive match to BNM and Royal Malaysia Police (PDRM).
BNM cited ineffective controls, insufficient employee training, and gaps in procedural oversight as key contributors to the breach. Some transactions were facilitated during the delay period before the positive name matches were identified.
Bank Islam has since enhanced its compliance framework by:
•Upgrading its AML and core banking systems,
•Strengthening standard operating procedures, and
•Intensifying staff training on sanctions compliance.
Regulatory Message and Enforcement Commitment
BNM emphasized that all financial institutions must uphold high standards in technology resilience and financial crime compliance, warning that enforcement actions will be taken when institutions fall short of regulatory expectations.
The penalties were formally settled by BIMB on:
•29 May 2025: RM1.7 million for AML/CFT-related breaches,
•30 June 2025: RM1.745 million for IT-related service disruption failures.
Shahriena Shukri is a journalist covering business and economic news in Malaysia, providing insights on market trends, corporate developments, and financial policies. More about Shahriena Shukri.
