Business Continuity Management Guidelines by Bank Negara Malaysia
Part B Policy Requirements 9: BCM Framework and Methodology
Part B Policy Requirements 9 of the Business Continuity Management Policy highlights the following factors that banks must consider when developing their "BCM Framework and Methodology". |
Click the icon on the right to download the BNM BCM Policy. Below is a sample Table of Contents of the downloaded BNM BCM Policy.
Alignment with Business Objectives
Banks should ensure their BCM framework aligns with their business objectives, risk appetite, and regulatory requirements. This involves integrating BCM into the organisation's governance structure, risk management framework, and strategic planning processes.
Proactive Approach
Banks are expected to adopt a proactive approach to BCM, identifying potential risks, threats, and vulnerabilities that may impact their critical business functions.
This includes conducting regular risk assessments, business impact analyses, and scenario-based planning exercises to identify and mitigate potential disruptions.
Documentation and Policy Framework
Banks should establish a comprehensive and well-documented BCM policy framework that outlines their approach, principles, and standards for BCM.
This policy framework should be reviewed and approved by the board of directors and communicated across the organisation.
Roles and Responsibilities
Clear roles, responsibilities, and accountabilities should be defined for all staff involved in the BCM process.
Banks should designate key personnel responsible for driving the BCM program and ensuring its effective implementation.
BCM Governance Structure
Banks should establish a governance structure that provides oversight and guidance for the BCM program.
This includes establishing a BCM steering committee or a similar body comprising senior management representatives responsible for setting strategic directions, monitoring progress, and ensuring compliance with BCM requirements.
BCM Methodology
Banks are expected to adopt a systematic and consistent BCM methodology that covers all stages of the BCM lifecycle, including risk assessment, business impact analysis, strategy development, plan development, testing, and maintenance.
This methodology should be aligned with recognised industry standards and best practices.
Documentation and Records
Banks should maintain comprehensive documentation and records related to their BCM program.
This includes keeping inventories up-to-date on critical business functions, processes, systems, and dependencies and documenting BCM policies, procedures, and test results.
Review and Continuous Improvement
Banks should regularly review and update their BCM framework to ensure its effectiveness. This involves conducting periodic assessments, reviews, and audits to identify gaps, address emerging risks, and enhance the BCM program based on lessons learned from exercises and real-life incidents.
Conclusion
Policy Requirement 9 of the Business Continuity Management Guidelines issued by Bank Negara Malaysia emphasises the importance of a robust BCM framework and methodology for financial institutions operating in Malaysia.
By considering the factors outlined in this policy requirement, banks can develop a proactive and comprehensive BCM program that aligns with their business objectives and regulatory requirements.
This framework ensures effective risk management, facilitates timely response to disruptions, and enables the continuity of critical business functions. Compliance with these guidelines will strengthen the banking sector's resilience in Malaysia and contribute to maintaining financial stability in the face of adverse events.
Business Continuity Management Policy by Bank Negara Malaysia Part B | ||
Requirement 8 | Requirement 9 | Requirement 10 |
Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9 | |||||
R 9A | R 9B | R9C | |||
R 9D | R 9E | R9F | |||
R 9G | R 9H | R9I | |||
R 9J | BCM Policy | Back to R9 | |||