Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.
Specifically, it highlights the requirements related to the recovery strategy.
A recovery strategy outlines the steps and measures to restore critical business functions and operations after a disruptive event.
Before developing a recovery strategy, banks are required to conduct a comprehensive impact assessment. This involves assessing disruptions' potential consequences and impacts on critical business functions, processes, systems, and stakeholders. The impact assessment helps banks prioritize recovery efforts and allocate resources effectively.
Banks should define clear recovery objectives as part of their recovery strategy. These objectives include Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
RTO refers to the targeted duration for restoring critical business functions, while RPO refers to the acceptable maximum data loss during recovery. Clearly defined objectives help guide the recovery process and ensure timely restoration.
The policy encourages banks to adopt a multi-faceted approach to recovery. This may involve a combination of strategies, such as:
Banks should establish appropriate backup mechanisms to ensure critical data, systems, and infrastructure availability. Regular backups, off-site storage, and periodic restoration tests help facilitate a smooth recovery process.
Banks should identify and establish alternate processing sites to serve as backup locations in a disruption. These sites should have the necessary infrastructure, systems, and resources to support critical operations.
Banks should implement redundancy and failover mechanisms for critical systems and infrastructure. This includes redundant hardware, network connections, and failover processes to minimize downtime and ensure continuous operations.
Banks should allocate sufficient resources to support the implementation of the recovery strategy. This includes personnel, technology, infrastructure, and third-party support. Adequate resource allocation enables timely and effective execution of recovery activities and minimizes the impact of disruptions.
Policy Requirement 9 emphasizes the importance of testing and validating the recovery strategy. Banks should conduct regular tests, simulations, and exercises to verify the effectiveness of the recovery plans, identify gaps, and refine the strategies as needed.
Testing helps build confidence in the recovery capabilities and ensures readiness for actual disruptions.
The policy requires banks to document the recovery strategy and regularly review and update it. Documentation should include detailed recovery plans, procedures, and associated guidelines.
Regular reviews help ensure the recovery strategy is aligned with changing business needs, emerging risks, and evolving technologies.
Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy, emphasizes the development of a robust recovery strategy within the BCM framework.
By conducting a comprehensive impact assessment, defining recovery objectives, adopting multi-faceted recovery approaches, allocating resources effectively, and conducting regular testing, banks can enhance their ability to restore critical business functions and operations after a disruptive event.
| Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9 | |||||
| R 9A | R 9B | R9C | |||
| R 9D | R 9E | R9F | |||
| R 9G | R 9H | R9I | |||
| R 9J | BCM Policy | Back to R9 | |||
|
Submit your intention via the "Tell Me More" button above. |
||
| Alternatively, feel free to email us if you have any questions. |