Business Continuity Management | BCM

BNM R9D Business Continuity Management Policy by Bank Negara Malaysia: Recovery Strategy

Written by Moh Heng Goh | Jul 24, 2023 3:22:47 AM

Business Continuity Management

Policy by Bank Negara Malaysia

Part B Policy Requirements 9: BCM Framework and Methodology

Recovery Strategy

 

Click the icon on the right to download BNM BCM Policy. Below is a sample Table of Content of the downloaded BNM BCM Policy

 

Introduction

Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.

This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans.

Specifically, it highlights the requirements related to the recovery strategy.

A recovery strategy outlines the steps and measures to restore critical business functions and operations after a disruptive event.

a. Impact Assessment

Before developing a recovery strategy, banks are required to conduct a comprehensive impact assessment. This involves assessing disruptions' potential consequences and impacts on critical business functions, processes, systems, and stakeholders. The impact assessment helps banks prioritize recovery efforts and allocate resources effectively.

b. Recovery Objectives

Banks should define clear recovery objectives as part of their recovery strategy. These objectives include Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).

RTO refers to the targeted duration for restoring critical business functions, while RPO refers to the acceptable maximum data loss during recovery. Clearly defined objectives help guide the recovery process and ensure timely restoration.

c. Recovery Approaches

The policy encourages banks to adopt a multi-faceted approach to recovery. This may involve a combination of strategies, such as:

Backup and Restore

Banks should establish appropriate backup mechanisms to ensure critical data, systems, and infrastructure availability. Regular backups, off-site storage, and periodic restoration tests help facilitate a smooth recovery process.

Alternate Processing Sites

Banks should identify and establish alternate processing sites to serve as backup locations in a disruption. These sites should have the necessary infrastructure, systems, and resources to support critical operations.

Redundancy and Failover

Banks should implement redundancy and failover mechanisms for critical systems and infrastructure. This includes redundant hardware, network connections, and failover processes to minimize downtime and ensure continuous operations.

d. Resource Allocation

Banks should allocate sufficient resources to support the implementation of the recovery strategy. This includes personnel, technology, infrastructure, and third-party support. Adequate resource allocation enables timely and effective execution of recovery activities and minimizes the impact of disruptions.

e. Testing and Validation

Policy Requirement 9 emphasizes the importance of testing and validating the recovery strategy. Banks should conduct regular tests, simulations, and exercises to verify the effectiveness of the recovery plans, identify gaps, and refine the strategies as needed.

Testing helps build confidence in the recovery capabilities and ensures readiness for actual disruptions.

Documentation and Review

The policy requires banks to document the recovery strategy and regularly review and update it. Documentation should include detailed recovery plans, procedures, and associated guidelines.

Regular reviews help ensure the recovery strategy is aligned with changing business needs, emerging risks, and evolving technologies.

Conclusion

Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy, emphasizes the development of a robust recovery strategy within the BCM framework.

By conducting a comprehensive impact assessment, defining recovery objectives, adopting multi-faceted recovery approaches, allocating resources effectively, and conducting regular testing, banks can enhance their ability to restore critical business functions and operations after a disruptive event.

 

Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9      
R 9A R 9B R9C      
     
R 9D R 9E R9F      
     
R 9G R 9H R9I      
     
R 9J BCM Policy Back to R9      
     

Learn more about BCM-5000 [B-5] and BCM-300 [B-3]

Submit your intention via the "Tell Me More" button above.

 Alternatively, feel free to email us if you have any questions.