Business Continuity Management Policy by Bank Negara Malaysia
Part B Policy Requirements 9: BCM Framework and Methodology
Essential Services
Introduction
Policy Requirement 9 emphasizes identifying and prioritising essential services within the BCM framework.
Essential services are critical functions provided by banks that are crucial for maintaining the stability and functionality of the banking sector and ensuring the continued provision of vital financial services to customers.
Click the icon on the right to download BNM BCM Policy. Below is a sample Table of Content of the downloaded BNM BCM Policy.
a. Identification of Essential Services
Banks are expected to identify and categorize their critical services as essential. This process involves thoroughly analysing the functions and operations fundamental to the bank's core business and the delivery of critical financial services. Banks can allocate resources effectively and prioritize their continuity planning efforts by identifying essential services.
b. Dependencies and Interdependencies
The policy requires banks to assess the dependencies and interdependencies associated with essential services.
This includes understanding the relationships between essential services, supporting systems, processes, data, and external dependencies (e.g., vendors, service providers).
By identifying these dependencies, banks can develop strategies to mitigate risks and ensure the uninterrupted delivery of essential services during a disruptive event.
c. Risk Assessment and Business Impact Analysis (BIA)
Banks should conduct a comprehensive risk assessment and business impact analysis (BIA) for their essential services. This involves evaluating the potential risks, vulnerabilities, and impacts that may affect the continuity of these services.
The BIA helps banks prioritize resource allocation, recovery strategies, and continuity measures based on essential services' criticality and potential impact.
d. Continuity Strategies and Resource Allocation
Banks should develop robust continuity strategies based on risk assessment and BIA for their essential services.
These strategies may include redundancy measures, alternate processing sites, backup systems, and diverse telecommunication networks to enhance the resilience and availability of critical functions.
Banks should allocate appropriate resources, including personnel, technology, infrastructure, and third-party support, to ensure the continuity of essential services during disruptive events.
e. Regular Review and Updates
The policy emphasizes the need for banks to review and update their assessment of essential services regularly.
This ensures that the identification and prioritization of essential services remain aligned with changing business priorities, emerging risks, and evolving regulatory requirements.
Regular reviews allow banks to incorporate lessons from previous disruptions and enhance their business continuity management strategies.
Conclusion
Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy, underscores the importance of identifying, prioritizing, and ensuring the continuity of essential services within the BCM framework.
By identifying essential services and assessing their dependencies, banks can allocate resources effectively and develop robust strategies to ensure the uninterrupted delivery of critical financial services.