[OR] [AmB] [E1] [C7] Establishing Organisational Goals for Operational Resilience

Operational Resilience Framework: A Case Study of AmBank Malaysia

Chapter 7 Establishing Organisational Goals for Operational Resilience

Operational resilience has become a critical focus for financial institutions, especially in the face of evolving threats, regulatory expectations, and increasing interdependencies in the economic ecosystem.

AFUTUR~2 The ISO 22316:2017 Security and Resilience – Organisational Resilience standard provides a structured approach to building resilience.

Meanwhile, Bank Negara Malaysia’s (BNM) Operational Resilience Requirements set regulatory expectations for Malaysian banks, including AmBank Malaysia.

A well-defined set of organisational goals for operational resilience serves as the foundation for strengthening AmBank’s ability to anticipate, prepare for, respond to, and recover from disruptions.

This chapter outlines the key principles of establishing and aligning these goals with ISO 22316 and BNM’s regulatory framework.

Understanding Organisational Resilience

ISO 22316: Organisational Resilience Principles

ISO 22316 defines organisational resilience as “the ability of an organisation to absorb and adapt in a changing environment to enable it to deliver its objectives and survive and prosper.”

The standard highlights three key principles:

Shared Purpose and Values – Organisational resilience should align with the bank’s core mission and business objectives.
Understanding and Influencing Context – External and internal factors influencing resilience must be continuously assessed.
Effective Leadership and Governance – Senior management must drive resilience efforts by embedding resilience principles into decision-making.

BNM’s Operational Resilience Requirements

Bank Negara Malaysia (BNM) mandates that financial institutions develop and implement an operational resilience framework that ensures the continuity of critical business functions.

Key expectations include:

Identifying and mitigating risks to operational resilience
Implementing response and recovery mechanisms
Ensuring governance and oversight of resilience strategies
Strengthening third-party and supply chain resilience

Establishing Organisational Goals for Operational Resilience

To comply with ISO 22316 and BNM’s requirements, AmBank Malaysia must establish well-defined organisational goals for operational resilience.

These goals should be structured around the following key areas:

Ensuring Business Continuity and Minimal Service Disruption

Goal

Maintain continuous operation of critical banking services during disruptions by implementing robust continuity strategies.

Identify Important Business Services (IBS) that must remain operational.
Set impact tolerances based on regulatory expectations and customer needs.
Develop and test Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP).

Enhancing Risk Identification and Management

Goal

Proactively identify and manage risks that could impact operational resilience.

Conduct Operational Risk Assessments as part of the Enterprise Risk Management (ERM) framework.
Implement stress testing to assess resilience to cyber threats, natural disasters, and financial shocks.
Establish an integrated Risk Management Information System (RMIS) for continuous monitoring.

Strengthening Governance and Leadership Commitment

Goal

Embed resilience into the organisational culture through strong leadership and governance.

Define clear roles and responsibilities for operational resilience within the Board and Senior Management.
Align resilience strategies with AmBank’s Corporate Governance Framework.
Establish an Operational Resilience Committee to oversee resilience initiatives.

Improving Response and Recovery Capabilities

Goal

Develop agile and adaptive response mechanisms to manage disruptions effectively.

Implement a Crisis Management Framework aligned with ISO 22361:2022 (Crisis Management Guidelines).
Enhance coordination between Incident Response Teams, Business Units, and IT Security Teams.
Regularly test incident response plans through simulation exercises.

Ensuring Third-Party and Supply Chain Resilience

Goal

Strengthen the resilience of third-party vendors and supply chain partners to mitigate external risks.

Conduct Third-Party Risk Assessments to evaluate vendor resilience.
Integrate resilience clauses in contracts and Service Level Agreements (SLAs).
Implement continuous monitoring of critical service providers.

Fostering a Resilience Culture and Awareness

Goal

Develop a workforce that understands and actively contributes to operational resilience.

Provide resilience training programs for employees at all levels.
Conduct awareness campaigns on emerging risks (e.g., cyber threats, fraud, operational disruptions).
Encourage cross-functional collaboration to embed resilience thinking across departments.

Summing Up …

Establishing organisational goals for operational resilience is fundamental in ensuring AmBank Malaysia’s ability to withstand and recover from disruptions while maintaining financial stability and regulatory compliance.

By aligning these goals with ISO 22316’s principles and BNM’s operational resilience requirements, AmBank can build a resilient financial institution that continues to effectively serve its customers and stakeholders.

AmBank must adopt a continuous improvement approach, ensuring that resilience strategies evolve in response to emerging risks, regulatory changes, and technological advancements.

Operational Resilience Framework: A Case Study of AmBank Malaysia
Understanding Your Organisation: AmBank

OR Planning Methodology Phases		Plan	Implement	Sustain

More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.