Business Continuity Management
Bg Bann_BNM

BNM R9D Business Continuity Management Policy by Bank Negara Malaysia: Recovery Strategy

The Business Continuity Management (BCM) Guidelines issued by Bank Negara Malaysia on December 19, 2022, provide comprehensive guidance for financial institutions operating within Malaysia to strengthen their resilience and preparedness in disruptions. 

Part B of these guidelines emphasises Policy Requirement 9, which focuses on the BCM Framework and Methodology.

The "Recovery Strategy" section outlines the key considerations and expectations banks must address when developing business continuity management strategies.  Specifically, it highlights the requirements related to the recovery strategy.

 

Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert

Business Continuity Management

Policy by Bank Negara Malaysia

New call-to-actionBNM Business Continuity Management Policy by Bank Negara Malaysia TOCPart B Policy Requirements 9: BCM Framework and Methodology

Recovery Strategy

 

New call-to-actionClick the icon on the right to download BNM BCM Policy. Below is a sample Table of Content of the downloaded BNM BCM Policy

 

Introduction

Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.

New call-to-actionThis report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans.

Specifically, it highlights the requirements related to the recovery strategy.

A recovery strategy outlines the steps and measures to restore critical business functions and operations after a disruptive event.

a. Impact Assessment

Before developing a recovery strategy, banks are required to conduct a comprehensive impact assessment. This involves assessing disruptions' potential consequences and impacts on critical business functions, processes, systems, and stakeholders. The impact assessment helps banks prioritize recovery efforts and allocate resources effectively.

b. Recovery Objectives

Banks should define clear recovery objectives as part of their recovery strategy. These objectives include Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).

RTO refers to the targeted duration for restoring critical business functions, while RPO refers to the acceptable maximum data loss during recovery. Clearly defined objectives help guide the recovery process and ensure timely restoration.

c. Recovery Approaches

The policy encourages banks to adopt a multi-faceted approach to recovery. This may involve a combination of strategies, such as:

Backup and Restore

Banks should establish appropriate backup mechanisms to ensure critical data, systems, and infrastructure availability. Regular backups, off-site storage, and periodic restoration tests help facilitate a smooth recovery process.

Alternate Processing Sites

Banks should identify and establish alternate processing sites to serve as backup locations in a disruption. These sites should have the necessary infrastructure, systems, and resources to support critical operations.

Redundancy and Failover

Banks should implement redundancy and failover mechanisms for critical systems and infrastructure. This includes redundant hardware, network connections, and failover processes to minimize downtime and ensure continuous operations.

d. Resource Allocation

Banks should allocate sufficient resources to support the implementation of the recovery strategy. This includes personnel, technology, infrastructure, and third-party support. Adequate resource allocation enables timely and effective execution of recovery activities and minimizes the impact of disruptions.

e. Testing and Validation

Policy Requirement 9 emphasizes the importance of testing and validating the recovery strategy. Banks should conduct regular tests, simulations, and exercises to verify the effectiveness of the recovery plans, identify gaps, and refine the strategies as needed.

Testing helps build confidence in the recovery capabilities and ensures readiness for actual disruptions.

Documentation and Review

The policy requires banks to document the recovery strategy and regularly review and update it. Documentation should include detailed recovery plans, procedures, and associated guidelines.

Regular reviews help ensure the recovery strategy is aligned with changing business needs, emerging risks, and evolving technologies.

Conclusion

Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy, emphasizes the development of a robust recovery strategy within the BCM framework.

By conducting a comprehensive impact assessment, defining recovery objectives, adopting multi-faceted recovery approaches, allocating resources effectively, and conducting regular testing, banks can enhance their ability to restore critical business functions and operations after a disruptive event.

 

Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9      
R 9A R 9B R9C      
New call-to-action New call-to-action New call-to-action      
R 9D R 9E R9F      
New call-to-action New call-to-action New call-to-action      
R 9G R 9H R9I      
New call-to-action New call-to-action New call-to-action      
R 9J BCM Policy Back to R9      
New call-to-action New call-to-action New call-to-action      

Learn more about BCM-5000 [B-5] and BCM-300 [B-3]

New call-to-action New call-to-action New call-to-action
New call-to-action Register [BL-B-3]* New call-to-action
 FAQ BL-B-5 BCM-5000

Submit your intention via the "Tell Me More" button above.

FAQ [BL-B-3]
BCCE Business Continuity Certified Expert Certification (Size 100)  Alternatively, feel free to email us if you have any questions. 
Email to Sales Team [BCM Institute]
BCCS Business Continuity Certified Specialist Certification (Size 75)
 

Comments:

 

More Posts

New Call-to-action