[BCM] [BT] [E3] [PD] [CBF] [5] Compliance, Governance & Reporting

Plan Development

BCM Plan and Procedure

CBF 5: Compliance, Governance & Reporting

WHAT: Function Overview and Importance

CBF-5 encompasses the critical activities required to ensure Bandtree Sdn Bhd complies with all regulatory and legal requirements, maintains robust corporate governance, manages risk oversight, and fulfils reporting obligations, including ESG and statutory reporting. This function safeguards the company’s integrity, reputation, and ongoing license to operate within Brunei’s regulatory framework.

Importance:

• Ensures adherence to evolving laws and regulations, preventing legal penalties.
• Provides transparency and accountability through internal audits and governance monitoring.
• Supports sustainable business practices via ESG reporting.
• Guides strategic decisions with accurate and timely statutory reporting.
• Maintains confidence of stakeholders, including government authorities, investors, and the public.

PRE-CRISIS: Readiness and Preparation Measures

HOW

Documentation & Policy Review:

• • Maintain up-to-date compliance manuals, governance policies, and reporting templates.
  • Conduct regular reviews to align with regulatory changes and emerging ESG standards.
    
  
  

  Training & Awareness:

  • Schedule periodic training for staff involved in compliance, audit, governance, and reporting functions.
  • Run scenario-based drills that simulate the impact of disruptions on compliance and reporting processes.
    
  
  

  Technology & Data Backup:

  • Ensure all regulatory data, audit findings, and reporting documents are securely backed up in multiple locations.
  • Use cloud and on-premise hybrid solutions with encrypted access controls.
  
  

  Risk Assessment & Monitoring:

  • Continuously identify risks to compliance and governance functions (e.g., system failures, data breaches).
  • Establish monitoring tools and early warning systems for anomalies.

• Stakeholder Communication Plan:

  • Develop communication protocols for timely updates to regulators, auditors, and internal governance bodies during incidents.
  • Maintain updated contact lists.

• Business Continuity Governance:

  • Assign clear roles and responsibilities for crisis management within CBF-5.
  • Regularly update the recovery plan by lessons learned and regulatory requirements.

WITHIN T+24 HOURS (RESUMPTION): Immediate Post-Disruption

Below is the expanded and detailed version of the "Within T+24 Hours (RESUMPTION Phase)" section for CBF-5: Compliance, Governance & Reporting in Bandtree’s BCM Recovery Procedure.

The focus is on structured, time-sensitive, and role-specific actions designed to stabilise operations swiftly after a disruption.

HOW

Immediate Actions Post-Disruption

The Resumption Phase encompasses actions to stabilise and partially restore Asset & Facilities Management activities within the first 24 hours of an incident.

The goal is to ensure safety, secure affected facilities, initiate damage control, and resume essential subfunctions, particularly those critical to life, safety, and the operability of infrastructure.

Activate Incident Response Team:

• • Notify the CBF-5 crisis management leads and key personnel.
  • Assess the scope and impact on compliance, audit, and reporting activities.
• Secure Access & Data Integrity:
  • Verify availability and integrity of critical data backups and systems.
  • Implement interim controls if electronic systems are unavailable (e.g., manual logging).
• Prioritize Critical Compliance Activities:
  • Identify urgent regulatory filings or reporting deadlines within the next 72 hours.
  • Reassign resources or escalate external support to meet critical deadlines.
• Communicate Internally and Externally:
  • Inform executive management, regulators, and auditors of the disruption and mitigation steps underway.
  • Provide clear instructions to all CBF-5 staff on recovery priorities.
• Begin Restoration of IT Systems:
  • Coordinate with IT to restore access to compliance databases, audit tools, and reporting platforms.
  • Test system functionality as restored.

Note

All resumption actions within these 24 hours must be executed with a clear priority on life safety, regulatory compliance, and incident containment.

Coordination among departments, vendors, and public authorities is crucial to preventing secondary issues and facilitating a comprehensive recovery.

AFTER T+24 HOURS (RECOVERY): Full Restoration Activities

Below is the expanded and detailed version of the "After T+24 Hours (RECOVERY Phase)" section for CBF-1: Asset & Facilities Management in Bandtree’s Business Continuity Recovery Procedure.

This phase focuses on restoring full operations, ensuring compliance, and implementing long-term corrective measures to maintain stability.

HOW

Full Recovery and Continuity Restoration

The Recovery Phase begins after the initial 24-hour window and continues until full operational capability is restored across all sub-functions.

This includes thorough inspections, long-term infrastructure repair, re-engagement of stakeholders, and improvements to resilience.

• Comprehensive Systems Restoration:
  • Fully restore all IT systems supporting CBF-5 functions, including governance dashboards and ESG reporting tools.
  • Validate data accuracy and completeness.
• Catch-Up and Validation of Reporting:
  • Complete all delayed regulatory submissions, internal audits, and governance reports.
  • Conduct quality checks and internal reviews to ensure accuracy.
• Risk & Incident Analysis:
  • Analyze the root cause of disruption impacting CBF-5.
  • Document findings and update risk registers.
• Review and Update Procedures:
  • Revise policies, workflows, and the recovery plan based on lessons learned.
  • Plan refresher training to address identified gaps.
• Stakeholder Re-engagement:
  • Communicate completed recovery status to regulators, board committees, and auditors.
  • Confirm resumption of normal operations.
• Continuous Monitoring:
  • Increase monitoring of compliance and governance metrics to detect any residual impacts.
  • Schedule follow-up audits if necessary.

Summing Up ... 

The implementation of this Business Continuity Recovery Procedure ensures that Bandtree Sdn Bhd’s Compliance, Governance & Reporting functions are equipped to withstand and recover from disruptions swiftly and effectively. By following the outlined steps for preparedness, resumption, and full recovery, the organization can minimize operational risks, meet regulatory requirements, and maintain transparent governance practices. Ultimately, this procedure reinforces Bandtree’s commitment to operational resilience, regulatory compliance, and the continued trust of its stakeholders, securing the company’s long-term sustainability and reputation.

Implementing Business Continuity Management for Bandtree: A Practical Guide
eBook 3: Starting Your BCM Implementation
MBCO	P&S	RAR T1	RAR T2	RAR T3	BCS T1	CBF
CBF 5: Compliance, Governance & Reporting
DP	BIAQ T1	BIAQ T2	BIAQ T3	BCS T2	BCS T3	PD

More Information About Business Continuity Management Courses

To learn more about the course and schedule, click the buttons below for the  BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].

	Please feel free to send us a note if you have any questions.