Operational Resilience Framework: A Case Study of AmBank Malaysia
Chapter 4
What Should the Composition of AmBank Malaysia’s Operational Resilience Team Be?
Operational resilience is a critical component for financial institutions, ensuring they can withstand disruptions while continuing to deliver essential services.
For AmBank Malaysia, a well-structured Operational Resilience Team must comply with regulatory requirements and safeguard financial stability.
This chapter proposes a comprehensive team structure tailored to AmBank Malaysia’s operational needs and regulatory landscape.
Chief Operational Resilience Officer (CORO)
Role
The CORO (or equivalent) leads the bank’s operational resilience strategy, ensuring alignment with Bank Negara Malaysia’s (BNM) guidelines and international best practices.
This role reports to the Chief Risk Officer (CRO) and collaborates with senior executives across business units.
Key Responsibilities
- Overseeing the development and implementation of the operational resilience framework
- Ensuring compliance with BNM’s operational resilience guidelines
- Leading incident response and crisis management initiatives
- Reporting resilience metrics to the Board and regulators
Risk Management and Compliance Team
Role
This team ensures operational resilience aligns with the bank’s enterprise risk management (ERM) and regulatory compliance frameworks.
Key Responsibilities
-
Identifying and assessing operational risks related to resilience - Ensuring compliance with BNM, Basel, and ISO 22301 requirements
- Conducting regular risk and resilience assessments
- Coordinating audits and regulatory reporting
Business Continuity Management (BCM) Team
Role
The BCM team ensures that AmBank’s critical business functions can continue during disruptions.
Key Responsibilities
- Developing, maintaining, and testing BCM Plans
- Conducting Business Impact Analyses (BIA)
- Coordinating crisis response efforts across business units
- Training staff on OR and continuity planning
Information Technology Resilience Team
Role
This team ensures the bank’s IT infrastructure and cybersecurity measures support operational resilience.
Key Responsibilities
- Implementing and testing Disaster Recovery Plans
- Ensuring cyber resilience against cyberattacks and data breaches
- Collaborating with the BCM team to safeguard digital banking services
- Ensuring compliance with technology risk management (TRM) regulations from BNM
Crisis Management and Incident Response Team
Role
This team handles crises, minimizing operational disruptions and ensuring rapid recovery.
Key Responsibilities
-
Leading incident response for operational disruptions - Managing communication with stakeholders, regulators, and customers during crises
- Conducting post-incident reviews to improve future resilience
- Collaborating with law enforcement and external partners if required
Third-Party and Supply Chain Resilience Team
Role
This team manages risks associated with external service providers and supply chain dependencies.
Key Responsibilities
- Conducting third-party risk assessments for critical vendors
- Ensuring suppliers align with AmBank’s OR policies
- Monitoring and testing third-party contingency plans
- Implementing exit strategies for high-risk suppliers
Operational Resilience Governance Committee
Role
A cross-functional committee that oversees AmBank’s overall OR strategy and ensures board-level oversight.
Key Responsibilities
- Reviewing and approving resilience strategies and policies
- Ensuring alignment between resilience, risk management, and business strategy
- Overseeing regulatory compliance efforts
- Conducting resilience drills and simulations for key business services
Summing Up …
A well-structured Operational Resilience Team is essential for AmBank Malaysia to safeguard financial stability and regulatory compliance.
Establishing a dedicated team with clear roles and responsibilities can enhance the bank's resilience to operational disruptions, cyber threats, and external risks.
More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/e4287b59-1a43-4e10-8e43-c73b27b3ca39.png?width=172&height=50&name=e4287b59-1a43-4e10-8e43-c73b27b3ca39.png)
![[BL-OR] [3] FAQ OR-300](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/294e989f-8613-4bf3-96a5-a89408cfb9ca.png?width=150&height=150&name=294e989f-8613-4bf3-96a5-a89408cfb9ca.png)
![Email to Sales Team [BCM Institute]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/850988ce-aa7d-4953-95cf-797635341edd.png?width=100&height=100&name=850988ce-aa7d-4953-95cf-797635341edd.png)
