Notes for BCM Institute's Course Participants: This is the template for completing the "Overview of CBFs and Business Unit MBCO."
Identifying critical business functions is a
This function encompasses a suite of activities that ensures the organisation complies with applicable legal and regulatory requirements, upholds principles of good governance, manages internal controls, and communicates transparently with internal and external stakeholders.
Given Bandtree’s role as a government-linked entity operating in a regulated environment, the continuity of these functions is essential not only for maintaining legal and reputational integrity but also for preserving public trust and operational legitimacy.
This chapter outlines the key sub-processes that constitute CBF-5 and defines the Business Unit Minimum Business Continuity Objective (MBCO) for each business unit. These elements serve as the basis for further impact assessments and continuity planning.
The MBCO establishes the minimum acceptable level of activity that must be sustained to prevent serious consequences to the business, its stakeholders, and national operations.
By defining these priorities, Bandtree ensures that critical facilities services can continue, be restored quickly, or be adapted during adverse events to meet both regulatory and operational demands.
Here is a structured table for CBF-5 Compliance, Governance & Reporting of Bandtree, based on the provided sub-processes and about the BCM Institute’s definition of Minimum Business Continuity Objective (MBCO):
|
Critical Business Functions (CBF) |
CBF Code |
Description of CBF |
Corporate Minimum Business Continuity Objective (MBCO) |
|
Compliance, Governance & Reporting |
CBF-1 |
Ensures that Bandtree complies with regulatory requirements, maintains effective governance frameworks, and provides accurate and timely reports to stakeholders. |
To ensure timely compliance with statutory and regulatory deadlines and maintain governance oversight critical to the organisation’s license to operate. |
|
Sub-CBF |
Sub-CBF Code |
Description of CBF |
Business Unit Minimum Business Continuity Objective (MBCO) |
|
Regulatory & Legal Compliance |
5.1 |
Manages adherence to Brunei's laws, property regulations, and industry-specific compliance standards. |
Ensure continuity of regulatory reporting and legal filings to avoid fines, sanctions, or operational disruption. |
|
Internal Audit & Risk Oversight
|
5.2 |
Conducts internal audits and monitors enterprise risks for mitigation and compliance purposes. |
Maintain oversight of key risks and internal controls during disruptions to prevent the compounding of threats and ensure continuity. |
|
Corporate Governance Monitoring |
5.3 |
Oversees board governance practices and policy adherence across the company. |
Maintain transparency and documentation in decision-making processes to ensure compliance with corporate governance obligations. |
|
ESG Reporting |
5.4 |
Prepares and reports on Environmental, Social, and Governance performance. |
Sustain mandated ESG disclosures, especially for investor and regulatory accountability. |
|
Business Continuity Governance |
5.5 |
Manages the BCM framework, coordinates BCP initiatives and ensures organisational resilience. |
Ensure continuity of the Business Continuity Management (BCM) program and coordination of recovery strategies during a crisis. |
|
Strategic & Statutory Reporting |
5.6 |
Prepares statutory financial reports and strategic submissions to stakeholders and government bodies. |
Deliver critical reports to stakeholders within statutory deadlines to uphold financial credibility and compliance. |
The classification and documentation of CBF-5 Compliance, Governance, and Reporting, along with its sub-functions, provide Bandtree with a clear understanding of its essential compliance-related processes.
By identifying and prioritising these business activities, the organisation establishes a focused framework to maintain governance and reporting standards, even in times of disruption.
The defined MBCOs ensure that critical regulatory and statutory obligations can be met within acceptable timeframes, thereby minimising legal exposure, protecting stakeholder interests, and preserving corporate integrity.
This foundational analysis will inform subsequent phases of the Business Continuity Management (BCM) process, including risk assessments, recovery strategies, and resource allocation.
Notes for BCM Institute's Course Participants: This is the template for completing the "Impact Analysis of CBFs, including financial implications and effect on MBCO."
The objective of this section is to identify and evaluate the potential impact areas associated with the disruption of the critical business function CBF-5: Compliance, Governance & Reporting.
As a government-linked company (GLC) under the oversight of Darussalam Assets Sdn Bhd, Bandtree has a heightened responsibility to maintain strict compliance with legal, regulatory, and governance standards.
This chapter focuses on the six key sub-processes under CBF-5, namely Regulatory & Legal Compliance, Internal Audit & Risk Oversight, Corporate Governance Monitoring, ESG Reporting, Business Continuity Governance, and Strategic & Statutory Reporting.
Each sub-process plays a vital role in ensuring the company’s operational integrity, legal adherence, reputational protection, and strategic alignment with national development objectives.
By assessing the financial, legal, reputational, operational, and strategic impacts of each sub-process, this chapter helps quantify the risks associated with a loss or interruption in these areas. These insights provide foundational inputs for developing effective mitigation strategies, business continuity procedures, and recovery priorities.
| Financial Impact | ||||
|
Sub-CBF |
Sub-CBF Code |
Impact Area |
Monetary Loss (Estimated) |
Calculation of Monetary Loss (State Formula for Calculations) |
|
Regulatory & Legal Compliance |
5.1 |
Legal & Regulatory |
BND 500,000– 2,000,000 |
Penalty cost per breach × No. of violations + Legal fees × Duration of proceedings |
|
Internal Audit & Risk Oversight |
5.2 |
Operational & Financial |
BND 250,000 - 1,000,000 |
Loss from undetected frauds or risks × Recovery period |
|
Corporate Governance Monitoring |
5.3 |
Reputational & Strategic |
BND 200,000–1,000,000 |
Investor confidence loss estimate + Board non-compliance penalty |
|
ESG Reporting |
5.4 |
Reputational & Regulatory |
BND 100,000–500,000 |
Regulatory non-disclosure fine + Impacted investment opportunity loss estimate |
|
Business Continuity Governance |
5.5 |
Operational & Compliance |
BND 300,000–1,500,000/incident |
Downtime cost per day × Duration of unprepared event + Non-compliance penalty |
|
Strategic & Statutory Reporting |
5.6 |
Regulatory & Strategic |
BND 150,000–750,000/month |
Cost of missed reporting deadlines + Penalties × Delay duration |
|
Sub-CBF |
Sub-CBF Code |
Affect MBCO |
Impact |
Remarks – Description |
|
Regulatory & Legal Compliance |
5.1 |
Yes |
May result in license suspension or termination of key operational permits |
Ensures Bandtree complies with national laws and sector-specific regulations to maintain legal standing and operational continuity. |
|
Internal Audit & Risk Oversight
|
5.2 |
Yes |
Delayed detection of internal risks could disrupt strategic functions and lead to reputational loss |
Manages oversight of internal controls, audits, and identification of enterprise risks. |
|
Corporate Governance Monitoring |
5.3 |
Yes |
Governance breaches can impact trust with stakeholders and the parent company (Darussalam Assets) |
Ensures effective board governance, compliance with governance frameworks, and oversight of executive actions. |
|
ESG Reporting |
5.4 |
No |
Impacts company image, potential ESG-related investment, and stakeholder trust |
Tracks and reports on sustainability, environmental, and social governance performance in line with GLC accountability requirements. |
|
Business Continuity Governance |
5.5 |
Yes |
Inability to maintain BC program compliance affects recovery time for all other CBFs |
Governs the company-wide business continuity management and disaster recovery planning activities. |
|
Strategic & Statutory Reporting |
5.6 |
Yes |
Failure to report impacts government relations and strategic planning functions. |
Oversees the timely submission of reports to stakeholders, including regulators, Darussalam Assets, and government ministries. |
The impact analysis of CBF-5 Compliance, Governance & Reporting underscores its central role in upholding Bandtree Sdn Bhd’s corporate accountability, transparency, and legal standing.
Disruption in any of the sub-processes can result in significant financial penalties, regulatory sanctions, reputational damage, and erosion of stakeholder trust, particularly given the company’s GLC status.
Understanding the varying degrees of impact across legal, regulatory, operational, and strategic dimensions enables Bandtree to prioritise recovery efforts and allocate resources effectively during a crisis.
Furthermore, this assessment strengthens the organisation’s capacity to maintain continuity of governance and reporting obligations, even under adverse conditions.
The findings from this chapter will feed into subsequent stages of the business continuity planning process, including risk mitigation, resource allocation, and recovery time objective (RTO) planning for the identified critical sub-functions.
Implementing Business Continuity Management for Bandtree: A Practical Guide |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF 5: Compliance, Governance & Reporting | ||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
|
Please feel free to send us a note if you have any questions. |
||