KUALA LUMPUR, March 31 — Cyber risk remains the foremost concern for financial institutions amid increasingly sophisticated cyber threats, and the operational, financial and reputational implications in 2026, according to the Bank Negara Malaysia.

The central bank, in its Financial Stability Review for the second half of 2025 (2H 2025), said the industry also cites strategic and organisational risks as key areas of operational risk, reflecting changes in business models to meet shifting customer needs, heightened competition for critical talent and faster technology advancement.

“Additionally, regulatory compliance remains a key focus to support institutional resilience.

“Other notable operational risks identified for the year include information technology (IT) disruptions, potential execution failures stemming from human error and risks related to the increasing reliance on external service providers,” it said.

BNM said financial institutions remained operationally resilient throughout the second half of 2025 (2H 2025), although financial losses increased but remained small at only 0.11 per cent of total banking system capital against 0.04 per cent in the first half of 2025 and 0.03 per cent in the 2H 2024.

It noted that the losses were primarily attributable to a few isolated external fraud cases and system disruptions, which were addressed through timely corrective and recovery actions.

In parallel, financial institutions continued to strengthen their operational risk systems and processes with targeted investments to address root causes and to enhance internal controls.

As digitalisation and technology adoption accelerate within the financial sector, strengthening cyber resilience remains a key priority as financial institutions continue to uphold strong cyber hygiene standards and remain vigilant against evolving technological risks and cyber threats.

“While incidents involving third-party service providers (TPSPs) rose slightly amid global data leaks and supply-chain compromises, no major incidents or direct breaches impacting local financial institutions were reported.

“Systemic risks from third-party failures remain low, given financial institutions’ increasingly stringent risk management controls over third-party services and ongoing enhancements to response, recovery and contingency plans for TPSP-related risks,” it said.

BNM said financial institutions also strengthened their vigilance against evolving fraud tactics. As a result, there was a notable increase in the volume of fraudulent transactions successfully blocked in 2025.

However, it said reported fraud cases continued to rise, driven mainly by sophisticated malware capable of compromising customer devices and enabling unauthorised fund transfers.

In response, it noted that BNM and the industry enhanced mobile shielding capabilities to better protect mobile banking platforms and customer devices from malware and unauthorised access.

It said key initiatives are in place to ensure the continued resilience of payment and settlement systems. This includes Real-time Electronic Transfer of Funds and Securities System (RENTAS) and major retail payment systems (RPS), which remain resilient and have sustained a high level of system availability in 2H 2025, with isolated incidents promptly rectified.

BNM also conducted targeted supervisory reviews of selected payment service regulatees to assess the adequacy and robustness of fraud controls, effectiveness of IT and cyber risk management, and the soundness of conduct practices.

“As e-payment transactions gain momentum, managing credit and settlement risks associated with real-time retail payments has become increasingly important,” it said.

To address the interbank settlement risks inherent in deferred net settlement models, BNM said it has introduced near real-time settlement for Real-time Retail Payments Platform (RPP) transactions through the launch of RENTAS+ in late September 2025.

“Under this, RPP transactions are settled on a near real-time gross basis, significantly mitigating interbank credit and settlement risks while further strengthening confidence in the payment systems,” it added. — Bernama