Notes for BCM Institute's Course Participants: This is the template for completing the "Part 2: BCS - Recovery Strategies"
In the event of a disruption, Bandtree Sdn Bhd’s compliance, governance, and reporting
As a government-linked company operating under Darussalam Assets Sdn Bhd, Bandtree must demonstrate unwavering accountability in fulfilling its statutory, legal, and corporate governance obligations.
.
This chapter outlines the Recovery Strategies developed for CBF-5: Compliance, Governance & Reporting, including its critical sub-processes. The strategies are designed to mitigate disruption risks and enable the swift restoration of essential activities, including regulatory compliance, internal audit, ESG reporting, and statutory submissions.
The selection of each recovery strategy is based on the criticality of the sub-function, the defined Recovery Time Objectives (RTOs), and the availability of alternate resources, locations, or workarounds.
Each strategy has been formulated using industry-aligned mitigation principles, incorporating a mix of manual workarounds, alternate site operations, remote accessibility, and cloud-based systems.
These are documented to ensure minimal disruption to Bandtree’s accountability and transparency mandates, even during adverse scenarios
This is a comprehensive table for CBF-1 Compliance, Governance & Reporting, incorporating RTO, recovery strategies, locations, details, and justifications based on BCM Institute’s guidance note:
|
Critical Business Function |
Sub-CBF Code |
RTO |
Recovery Strategy |
Recovery Location |
|
CBF-5 Compliance, Governance & Reporting |
- |
24 hours |
Work-from-Alternate-Site (WAS) + Manual Workarounds |
Secondary Office Site (Bandtree Satellite Office) |
|
Regulatory & Legal Compliance |
5.1 |
24 hrs |
Remote/Cloud-Based Access |
Remote/Cloud-Based Access |
|
Internal Audit & Risk Oversight
|
5.2 |
48 hrs |
Main Office or Remote |
Main Office or Remote |
|
Corporate Governance Monitoring |
5.3 |
48 hrs |
Secondary Office Site |
Secondary Office Site |
|
ESG Reporting |
5.4 |
72 hrs |
Remote |
Remote |
|
Business Continuity Governance |
5.5 |
24 hrs |
Primary/Alternate Location |
Primary/Alternate Location |
|
Strategic & Statutory Reporting |
5.6 |
48 hrs |
Remote + Cloud |
Remote + Cloud |
|
Critical Business Function |
Sub- CBF Code |
Details of Recovery Strategy |
Justification for Selected Recovery Strategy |
|
CBF-5 Compliance, Governance & Reporting |
- |
Relocate compliance and reporting teams to an alternate office. Utilise cloud-based tools and manual reporting templates if core systems are down. |
Critical to meet statutory, legal, and ESG obligations. 24-hour recovery ensures regulatory deadlines are met and governance is maintained. |
|
Regulatory & Legal Compliance |
5.1 |
Legal documentation stored in cloud; access enabled via secure VPN. Collaborate with legal counsel for urgent matters. |
Failure to comply could lead to penalties or reputational damage; temporary manual support ensures continuity. |
|
Internal Audit & Risk Oversight
|
5.2 |
Resume internal audit reviews using backup files. Risk assessments temporarily performed using pre-approved checklists. |
Short delays are manageable; continuity of oversight is crucial to internal controls. |
|
Corporate Governance Monitoring |
5.3 |
Access to board minutes and governance trackers through cloud-based DMS (Document Management System). |
Ensures executive decisions are documented and compliant; partial automation ensures baseline functionality. |
|
ESG Reporting |
5.4 |
Coordinate with sustainability partners to access the latest ESG metrics. Templates are maintained offline. |
Reporting can tolerate short delays; partner access ensures continuity of sustainability metrics. |
|
Business Continuity Governance |
5.5 |
The BCP Coordinator activates the command structure and incident reporting mechanisms from any operational location. |
Vital for managing overall crisis response; must be operational during disruption. |
|
Strategic & Statutory Reporting |
5.6 |
Engage external reporting consultants if internal capacity is affected. Use a phased reporting schedule. |
Allows continuation of national-level reporting obligations while managing reduced internal resources. |
* RTO values are illustrative; actual RTOs should be based on Business Impact Analysis (Column 17/18 per BCM Institute's guidance notes).
The recovery strategies presented in this chapter provide a structured and resilient response framework for sustaining Bandtree’s core compliance and governance functions during a crisis.
By assigning tailored strategies to each sub-function—ranging from legal compliance to ESG reporting—the organisation ensures that disruptions do not compromise its ability to meet internal controls, regulatory demands, or stakeholder expectations.
These strategies reflect a proactive commitment to good governance, risk management, and business continuity.
Furthermore, they position Bandtree to maintain operational trust and credibility in compliance within the national corporate governance landscape.
As part of an ongoing effort, these strategies will be regularly tested, reviewed, and refined to ensure relevance and alignment with emerging threats, regulatory changes, and business needs.
Through a cohesive and tested recovery framework, Bandtree strengthens its capacity to uphold governance excellence and maintain its strategic role within Brunei Darussalam’s public asset management ecosystem.
Implementing Business Continuity Management for Bandtree: A Practical Guide |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 5: Compliance, Governance & Reporting | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||