Business Continuity Management
Bg Bann_BNM

BNM R9H Business Continuity Management Policy by Bank Negara Malaysia: Alternate Site & Recovery Site

The Business Continuity Management (BCM) Guidelines issued by Bank Negara Malaysia on December 19, 2022, provide comprehensive guidance for financial institutions operating within Malaysia to strengthen their resilience and preparedness in disruptions. 

Part B of these guidelines emphasises Policy Requirement 9, which focuses on the BCM Framework and Methodology.

The "Alternate Site and Recovery Site" section outlines the key considerations and expectations banks must address when developing business continuity management strategies. Specifically, it highlights the requirements related to the Alternate and Recovery Sites.

 

Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert

Business Continuity Management Policy by Bank Negara Malaysia

New call-to-actionBNM Business Continuity Management Policy by Bank Negara Malaysia TOCPart B Policy Requirements 9: BCM Framework and Methodology

Alternate Site and Recovery Site

New call-to-actionClick the icon on the right to download the BNM BCM Policy. Below is a sample Table of Contents of the downloaded BNM BCM Policy.

 

Introduction

The Business Continuity Management (BCM) Policy issued by Bank Negara Malaysia on 19th December 2022 aims to provide comprehensive guidelines for financial institutions operating in Malaysia to ensure the continuity of their critical business functions in the face of unforeseen disruptions.

Part B of this policy outlines the requirements related to the BCM Framework and Methodology, focusing on establishing and maintaining alternate and recovery sites.

Policy Requirement 9: BCM Framework and Methodology for Alternate Site and Recovery Site.

Alternate Site Identification

Financial institutions must identify alternate sites that can serve as backup locations in case of an incident affecting their primary business premises.

The alternate site should be strategically located to ensure minimal impact on business operations and have the necessary infrastructure to accommodate essential staff and technology systems.

Recovery Site Selection

The policy emphasizes the importance of selecting a suitable recovery site where critical business functions can be resumed after a disruption.

The recovery site should be geographically distant from the primary site to avoid being affected by the same incident. It must also be equipped with the required resources and technology infrastructure to facilitate a smooth transition of operations.

Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)

New call-to-actionNew call-to-actionFinancial institutions are expected to define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for each critical business function.

RTO indicates the maximum acceptable downtime for a function, while RPO represents the maximum amount of data loss that can be tolerated. These objectives help set priorities and plan for the recovery of various business processes.

Data Backup and Replication

DR Strategy: Data BackupTo ensure data integrity and availability, banks are required to implement robust data backup and replication procedures.

Critical data should be regularly backed up and stored securely at the recovery site, allowing quick restoration during a disruption.

Alternate Site Activation and Testing

The policy emphasizes the importance of conducting regular tests and simulations to validate the effectiveness of the alternate site and recovery procedures. Institutions must ensure that personnel responsible for implementing the continuity plan are well-trained and familiar with their roles during emergencies.

Risk Assessment and Mitigation

Financial institutions must perform a comprehensive risk assessment to identify potential threats and vulnerabilities that could impact the alternate and recovery sites. Appropriate mitigation measures should be implemented to minimize these risks and enhance the overall resilience of the BCM framework.

Communication and Reporting

Effective communication protocols and reporting lines should be established to inform all relevant stakeholders during a crisis. This includes internal staff, external vendors, regulatory authorities, and customers.

Regulatory Compliance

Financial institutions must adhere to all regulations and guidelines related to business continuity and disaster recovery set forth by Bank Negara Malaysia. Compliance with industry standards and best practices is crucial in maintaining the financial system's resilience.

Conclusion

Part B of the Business Continuity Management Policy issued by Bank Negara Malaysia provides comprehensive guidance on the establishment and maintenance of alternate sites and recovery sites.

Financial institutions can enhance their preparedness and resilience by adhering to these policy requirements, ensuring uninterrupted critical business functions during unforeseen disruptions. The policy's focus on risk assessment, testing, and compliance underscores the importance of a proactive approach to business continuity management in the banking sector.

 

Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9      
R 9A R 9B R9C      
New call-to-action New call-to-action New call-to-action      
R 9D R 9E R9F      
New call-to-action New call-to-action New call-to-action      
R 9G R 9H R9I      
New call-to-action New call-to-action New call-to-action      
R 9J BCM Policy Back to R9      
New call-to-action New call-to-action New call-to-action      

Learn more about BCM-5000 [B-5] and BCM-300 [B-3]

New call-to-action New call-to-action New call-to-action
New call-to-action Register [BL-B-3]* New call-to-action
 FAQ BL-B-5 BCM-5000

Submit your intention via the "Tell Me More" button above.

FAQ [BL-B-3]
BCCE Business Continuity Certified Expert Certification (Size 100)  Alternatively, feel free to email us if you have any questions. 
Email to Sales Team [BCM Institute]
BCCS Business Continuity Certified Specialist Certification (Size 75)
 

Comments:

 

More Posts

New Call-to-action