Business Continuity Management
Bg Bann_Bank Negara Malaysia

BNM R9A Business Continuity Management Policy by Bank Negara Malaysia: Risk Assessment, Business Impact Analysis, and Critical Business Functions

The Business Continuity Management (BCM) Guidelines issued by Bank Negara Malaysia on December 19, 2022, provide comprehensive guidance for financial institutions operating within Malaysia to strengthen their resilience and preparedness in disruptions. 

Part B of these guidelines emphasises Policy Requirement 9, which focuses on the BCM Framework and Methodology.

This section, "Risk Assessment, Business Impact Analysis, and Critical Business Functions", outlines the key considerations and expectations that banks must address when developing their business continuity management strategies.  Specifically, it highlights the requirements for risk assessment, business impact analysis, and critical business functions.

 

Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert

Business Continuity Management Guidelines by Bank Negara Malaysia

Part B Policy Requirements 9:  BCM Framework and Methodology

BNM Business Continuity Management Policy by Bank Negara Malaysia TOC

New call-to-action9a: Risk Assessment, Business Impact Analysis, and Critical Business Functions

New call-to-actionClick the icon on the right to download BNM BCM Policy. Below is a sample Table of Content of the downloaded BNM BCM Policy.

 

 

Introduction

Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.

This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans. Specifically, it highlights the requirements for risk assessment, business impact analysis, and critical business functions.

Risk Assessment

New call-to-actionPolicy Requirement 9 emphasizes the importance of conducting a comprehensive risk assessment within the BCM framework. Banks must identify and assess potential threats, vulnerabilities, and risks that could disrupt their operations.

a. Risk Identification

Banks should identify a wide range of risks, including but not limited to external risks (e.g., natural disasters, cyber-attacks, regulatory changes) and internal risks (e.g., system failures, human errors, supply chain disruptions). It is crucial to have a systematic approach to identify and document these risks.

b. Risk Evaluation

Once risks are identified, banks should assess their potential impact and likelihood of occurrence. This evaluation helps prioritize risks based on severity and provides insights into the potential consequences and vulnerabilities.

c. Risk Mitigation

Based on the risk assessment, banks should develop strategies and implement measures to mitigate the identified risks. This may involve implementing controls, redundancy measures, and safeguards to reduce the likelihood and impact of disruptive events.

Business Impact Analysis (BIA)

New call-to-actionPolicy Requirement 9 emphasizes the need for banks to conduct a thorough business impact analysis (BIA) as part of their business continuity management. The BIA helps identify critical business functions and assess their dependencies, vulnerabilities, and recovery requirements.

a. Critical Business Functions

Banks should identify and prioritize their critical business functions for maintaining operations and providing vital services.

The BIA helps determine which functions require immediate attention and allocation of resources during a disruptive event.

b. Dependencies and Interdependencies

The BIA should assess the dependencies and interdependencies between critical business functions, processes, systems, and external stakeholders.

This analysis helps identify potential bottlenecks, risks, and areas requiring additional attention for effective continuity planning.

c. Recovery Requirements

The BIA helps determine the recovery time objectives (RTOs) and recovery point objectives (RPOs) for critical business functions. These objectives define the acceptable timeframes for restoring operations and recovering data, ensuring the timely resumption of essential services.

Critical Business Functions (CBF)

Policy Requirement 9 emphasizes identifying and managing critical business functions within the BCM framework. Critical business functions are activities that are essential for the continued operation of the bank.

a. Definition and Prioritisation

Banks should clearly define their critical business functions and assign appropriate priority levels. This prioritization enables effective resource allocation and ensures that the most critical functions are given priority during a disruptive event.

b. Resource Allocation

The policy requires banks to allocate sufficient resources to support the continuity of critical business functions. This includes personnel, technology, infrastructure, and third-party support. Proper resource allocation helps ensure the uninterrupted provision of essential services.

c. Regular Review and Updating

Banks should regularly review and update their assessment of critical business functions to align with changing business priorities, emerging risks, and evolving regulatory requirements. This ensures that the continuity plans remain relevant and effective.

Conclusion

Policy Requirement, 9 of Bank Negara Malaysia's Business Continuity Management Policy underscores the importance of risk assessment, business impact analysis, and critical business functions within the BCM framework.

Banks can identify and prioritize potential risks and develop mitigation strategies by conducting a comprehensive risk assessment. The business impact analysis helps determine critical functions, dependencies, and recovery requirements while identifying and managing critical business functions to ensure the continuity of essential services.

 

Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9      
R 9A R 9B R9C      
New call-to-action New call-to-action New call-to-action      
R 9D R 9E R9F      
New call-to-action New call-to-action New call-to-action      
R 9G R 9H R9I      
New call-to-action New call-to-action New call-to-action      
R 9J BCM Policy Back to R9      
New call-to-action New call-to-action New call-to-action      

Learn more about BCM-5000 [B-5] and BCM-300 [B-3]

New call-to-action New call-to-action New call-to-action
New call-to-action Register [BL-B-3]* New call-to-action
 FAQ BL-B-5 BCM-5000

Submit your intention via the "Tell Me More" button above.

FAQ [BL-B-3]
BCCE Business Continuity Certified Expert Certification (Size 100)  Alternatively, feel free to email us if you have any questions. 
Email to Sales Team [BCM Institute]
BCCS Business Continuity Certified Specialist Certification (Size 75)
 

Comments:

 

More Posts

New Call-to-action