KUALA LUMPUR, April 1 — Bank Negara Malaysia (BNM) has imposed an administrative monetary penalty (AMP) of RM1 million on Bank Kerjasama Rakyat Malaysia Bhd (Bank Rakyat) for cybersecurity and customer information protection breaches on Jan 20, 2026.
The central bank said Bank Rakyat failed to implement robust cybersecurity standards as required under the risk management in technology policy document (RMiT PD).
It said Bank Rakyat also failed to safeguard customer information through adequate controls as required under the management of customer information and permitted disclosures policy document (MCIPD PD).
“BNM discovered that Bank Rakyat had breached several requirements under the RMiT PD and MCIPD PD following a cybersecurity incident in which an external threat actor gained unauthorised access to its information technology (IT) infrastructure.
“These breaches were attributed to inadequate cybersecurity controls and incident response,” it said on its website.
BNM said Bank Rakyat has taken remedial measures to strengthen its cybersecurity and information and communication technology (ICT) controls, resources and governance arrangements.
In deciding the AMP to be imposed, relevant aggravating and mitigating factors have been considered, the central bank said.
“These include the severity of the breaches and Bank Rakyat’s lack of reasonable care in ensuring compliance with the RMiT PD and MCIPD PD requirements; current controls to ensure compliance with the requirements; past compliance record; and post-misconduct behaviour and the effectiveness of remedial actions to prevent the recurrence of non-compliances,” it said.
Bank Rakyat paid RM1 million for the AMP on Jan 26, 2026.
BNM said it requires all financial institutions (FIs) to comply with the RMiT PD and MCIPD PD.
“BNM will not hesitate to take appropriate supervisory and enforcement actions should any FI fail to meet legal and/or regulatory requirements.
“The enforcement action taken against Bank Rakyat is in line with the approach and processes outlined in BNM’s published Enforcement Approach,” said the central bank.
