Bank Negara Malaysia fines Bank of China for outsourcing breach

KUALA LUMPUR, MALAYSIA — Bank Negara Malaysia (BNM) recently imposed an administrative monetary penalty of RM88,000 (US$20,250) on Bank of China (Malaysia) Bhd for non-compliance with outsourcing regulations.
The central bank announced that the penalty was due to the Chinese bank’s failure to secure prior approval before relocating two of its core banking systems to new data centers in December 2022 and February 2023.
Breach of Financial Services Act, outsourcing policy
The relocation of these systems was classified as a “significant modification to the existing approved outsourcing arrangement,” which could materially alter the risk profile of the bank.
This action breached paragraph 48(1)(a) of the Financial Services Act 2013 and paragraph 12.1(b) of the policy document on outsourcing.
BNM’s policy mandates that financial institutions obtain approval before making substantial changes to approved outsourcing arrangements to ensure effective supervision by the central bank.
Gaps in oversight and compliance procedures
BNM identified gaps in Bank of China Malaysia’s oversight of its outsourcing activities and deficiencies in its internal policies and procedures as primary reasons for the breach.
These shortcomings highlighted the need for strong oversight and compliance in outsourcing activities. The central bank emphasized the importance of regulatory compliance to prevent potential risks associated with unauthorized modifications.
Measures taken to strengthen compliance
In response to the penalty, the Bank of China Malaysia has taken “appropriate measures” to strengthen its oversight of outsourcing activities. The bank has implemented periodic reviews of its outsourcing arrangements and improved coordination with its group functions that perform material activities on behalf of the bank. These steps are designed to ensure consistent compliance with local laws and regulations.
The fine, paid by Bank of China Malaysia on August 2, underscores the bank’s commitment to addressing the oversight issues and aligning with BNM’s regulatory framework.
This incident highlights the critical nature of maintaining compliance with regulatory standards in the financial sector, particularly concerning outsourcing practices.