Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.
This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans. Specifically, it highlights the requirements for risk assessment, business impact analysis, and critical business functions.
Banks should identify a wide range of risks, including but not limited to external risks (e.g., natural disasters, cyber-attacks, regulatory changes) and internal risks (e.g., system failures, human errors, supply chain disruptions). It is crucial to have a systematic approach to identify and document these risks.
Once risks are identified, banks should assess their potential impact and likelihood of occurrence. This evaluation helps prioritize risks based on severity and provides insights into the potential consequences and vulnerabilities.
Based on the risk assessment, banks should develop strategies and implement measures to mitigate the identified risks. This may involve implementing controls, redundancy measures, and safeguards to reduce the likelihood and impact of disruptive events.
Banks should identify and prioritize their critical business functions for maintaining operations and providing vital services.
The BIA helps determine which functions require immediate attention and allocation of resources during a disruptive event.
The BIA should assess the dependencies and interdependencies between critical business functions, processes, systems, and external stakeholders.
This analysis helps identify potential bottlenecks, risks, and areas requiring additional attention for effective continuity planning.
The BIA helps determine the recovery time objectives (RTOs) and recovery point objectives (RPOs) for critical business functions. These objectives define the acceptable timeframes for restoring operations and recovering data, ensuring the timely resumption of essential services.
Policy Requirement 9 emphasizes identifying and managing critical business functions within the BCM framework. Critical business functions are activities that are essential for the continued operation of the bank.
Banks should clearly define their critical business functions and assign appropriate priority levels. This prioritization enables effective resource allocation and ensures that the most critical functions are given priority during a disruptive event.
The policy requires banks to allocate sufficient resources to support the continuity of critical business functions. This includes personnel, technology, infrastructure, and third-party support. Proper resource allocation helps ensure the uninterrupted provision of essential services.
Banks should regularly review and update their assessment of critical business functions to align with changing business priorities, emerging risks, and evolving regulatory requirements. This ensures that the continuity plans remain relevant and effective.
Policy Requirement, 9 of Bank Negara Malaysia's Business Continuity Management Policy underscores the importance of risk assessment, business impact analysis, and critical business functions within the BCM framework.
Banks can identify and prioritize potential risks and develop mitigation strategies by conducting a comprehensive risk assessment. The business impact analysis helps determine critical functions, dependencies, and recovery requirements while identifying and managing critical business functions to ensure the continuity of essential services.
| Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9 | |||||
| R 9A | R 9B | R9C | |||
| R 9D | R 9E | R9F | |||
| R 9G | R 9H | R9I | |||
| R 9J | BCM Policy | Back to R9 | |||
|
Submit your intention via the "Tell Me More" button above. |
||
| Alternatively, feel free to email us if you have any questions. |