KUALA LUMPUR — Bank Negara Malaysia (BNM) has imposed a RM1 million administrative monetary penalty (AMP) on Bank Kerjasama Rakyat Malaysia Bhd (Bank Rakyat) over breaches involving cybersecurity and the protection of customer information.
The central bank said the penalty, imposed on January 20, 2026, followed the bank’s failure to meet cybersecurity standards required under the Risk Management in Technology Policy Document (RMiT PD), as well as shortcomings in safeguarding customer information under the Management of Customer Information and Permitted Disclosures Policy Document (MCIPD PD).
“BNM discovered that Bank Rakyat had breached several requirements under the RMiT PD and MCIPD PD following a cybersecurity incident in which an external threat actor gained unauthorised access to its information technology (IT) infrastructure.
“These breaches were attributed to inadequate cybersecurity controls and incident response,” it said.
BNM said Bank Rakyat has since undertaken remedial measures to reinforce its cybersecurity and information and communications technology (ICT) controls, while also improving resources and governance arrangements.
In determining the amount of the AMP, the central bank said it had weighed both aggravating and mitigating factors.
“These include the severity of the breaches and Bank Rakyat’s lack of reasonable care in ensuring compliance with the RMiT PD and MCIPD PD requirements; current controls to ensure compliance with the requirements; past compliance record; and post-misconduct behaviour and the effectiveness of remedial actions to prevent the recurrence of non-compliances,” it said.
The penalty was fully paid on January 26, 2026.
BNM reiterated that all financial institutions are required to comply fully with both policy documents and warned that enforcement action would continue against institutions that fall short of legal or regulatory obligations.
“BNM will not hesitate to take appropriate supervisory and enforcement actions should any FI fail to meet legal and/or regulatory requirements.
“The enforcement action taken against Bank Rakyat is in line with the approach and processes outlined in BNM’s published Enforcement Approach,” said the central bank. - April 1, 2026
The post Bank Rakyat fined RM1mil over cybersecurity and customer data lapses appeared first on Scoop.