diff --git a/src/controllers/01-branch-controller.ts b/src/controllers/01-branch-controller.ts
index 8679ff1..d610899 100644
--- a/src/controllers/01-branch-controller.ts
+++ b/src/controllers/01-branch-controller.ts
@@ -745,4 +745,67 @@ export class BranchController extends Controller {
       ),
     );
   }
+
+  @Get("{branchId}/bank-qr/{bankId}")
+  async getBankQRByBranchIdAndBankId(
+    @Request() req: RequestWithUser,
+    @Path() branchId: string,
+    @Path() bankId: string,
+  ) {
+    const url = await presignedGetObjectIfExist(
+      MINIO_BUCKET,
+      fileLocation.branch.bank(branchId, bankId),
+      60 * 60,
+    );
+
+    if (!url) {
+      throw new HttpError(HttpStatus.NOT_FOUND, "Image cannot be found", "imageNotFound");
+    }
+
+    return req.res?.redirect(url);
+  }
+
+  @Put("{branchId}/bank-qr/{bankId}")
+  async setBankQRByBranchIdAndBankId(
+    @Request() req: RequestWithUser,
+    @Path() branchId: string,
+    @Path() bankId: string,
+  ) {
+    const record = await prisma.branch.findUnique({
+      include: {
+        user: { where: { userId: req.user.sub } },
+      },
+      where: {
+        id: branchId,
+        bank: { some: { id: bankId } },
+      },
+    });
+
+    if (!record) {
+      throw new HttpError(
+        HttpStatus.NOT_FOUND,
+        "Branch Bank cannot be found.",
+        "branchBankNotFound",
+      );
+    }
+
+    if (
+      !MANAGE_ROLES.some((v) => req.user.roles?.includes(v)) &&
+      !record?.user.find((v) => v.userId === req.user.sub)
+    ) {
+      throw new HttpError(
+        HttpStatus.FORBIDDEN,
+        "You do not have permission to perform this action.",
+        "noPermission",
+      );
+    }
+
+    return req.res?.redirect(
+      await minio.presignedPutObject(
+        MINIO_BUCKET,
+        fileLocation.branch.bank(branchId, bankId),
+        12 * 60 * 60,
+      ),
+    );
+  }
 }