.png)
BANK Negara Malaysia (BNM) imposed a RM1 million administrative monetary penalty on Bank Kerjasama Rakyat Malaysia Bhd following breaches related to customer data protection and cyber security.
The penalty was issued after a cyber security incident on January 20, 2026, in which external threats led to unauthorised access to the bank’s information technology infrastructure.
The central bank said Bank Rakyat had failed to implement robust cyber security standards as required under its Risk Management in Technology Policy Document, and had also not adequately safeguarded customer information in line with its policy on Management of Customer Information and Permitted Disclosures.
“BNM found that Bank Rakyat had breached several requirements under the RMiT PD and MCIPD PD, following a cyber security incident involving external threats where perpetrators gained unauthorised access to its IT infrastructure.
“The breach occurred due to inadequate cyber security controls and incident response,” the central bank said in a statement.
BNM noted that Bank Rakyat has since taken remedial measures to strengthen its cyber security framework, including enhancing controls, resources, and governance over its information and communications technology systems.
In determining the penalty, the central bank said it had considered multiple factors, including the severity of the breach, shortcomings in the bank’s due diligence to ensure compliance, existing controls, past compliance record, as well as post-incident conduct and the effectiveness of remedial actions.
“This includes the level of severity of the breach and the lack of reasonable diligence by Bank Rakyat in ensuring compliance with the requirements of the RMiT PD and MCIPD PD, existing controls to ensure compliance, past compliance record, as well as post-misconduct behaviour and the effectiveness of remedial actions to prevent recurrence,” it said.
Bank Rakyat had settled the RM1 million penalty on January 26, 2026.
BNM stressed that all financial institutions are required to comply fully with its regulatory standards, warning that enforcement action will be taken where necessary.
“BNM will not hesitate to undertake appropriate enforcement and supervisory actions against any financial institution that fails to meet legal and/or regulatory requirements.
“The enforcement action taken against Bank Rakyat is in line with the approach and process set out in the Enforcement Approach published by BNM,” the central bank added. - April 1, 2026
