The Business Continuity Management (BCM) Policy issued by Bank Negara Malaysia on 19th December 2022 aims to provide comprehensive guidelines for financial institutions operating in Malaysia to ensure the continuity of their critical business functions in the face of unforeseen disruptions.
Part B of this policy outlines the requirements related to the BCM Framework and Methodology, focusing on establishing and maintaining alternate and recovery sites.
Policy Requirement 9: BCM Framework and Methodology for Alternate Site and Recovery Site.
Financial institutions must identify alternate sites that can serve as backup locations in case of an incident affecting their primary business premises.
The alternate site should be strategically located to ensure minimal impact on business operations and have the necessary infrastructure to accommodate essential staff and technology systems.
The policy emphasizes the importance of selecting a suitable recovery site where critical business functions can be resumed after a disruption.
The recovery site should be geographically distant from the primary site to avoid being affected by the same incident. It must also be equipped with the required resources and technology infrastructure to facilitate a smooth transition of operations.
RTO indicates the maximum acceptable downtime for a function, while RPO represents the maximum amount of data loss that can be tolerated. These objectives help set priorities and plan for the recovery of various business processes.
Critical data should be regularly backed up and stored securely at the recovery site, allowing quick restoration during a disruption.
The policy emphasizes the importance of conducting regular tests and simulations to validate the effectiveness of the alternate site and recovery procedures. Institutions must ensure that personnel responsible for implementing the continuity plan are well-trained and familiar with their roles during emergencies.
Financial institutions must perform a comprehensive risk assessment to identify potential threats and vulnerabilities that could impact the alternate and recovery sites. Appropriate mitigation measures should be implemented to minimize these risks and enhance the overall resilience of the BCM framework.
Effective communication protocols and reporting lines should be established to inform all relevant stakeholders during a crisis. This includes internal staff, external vendors, regulatory authorities, and customers.
Financial institutions must adhere to all regulations and guidelines related to business continuity and disaster recovery set forth by Bank Negara Malaysia. Compliance with industry standards and best practices is crucial in maintaining the financial system's resilience.
Part B of the Business Continuity Management Policy issued by Bank Negara Malaysia provides comprehensive guidance on the establishment and maintenance of alternate sites and recovery sites.
Financial institutions can enhance their preparedness and resilience by adhering to these policy requirements, ensuring uninterrupted critical business functions during unforeseen disruptions. The policy's focus on risk assessment, testing, and compliance underscores the importance of a proactive approach to business continuity management in the banking sector.
Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9 | |||||
R 9A | R 9B | R9C | |||
R 9D | R 9E | R9F | |||
R 9G | R 9H | R9I | |||
R 9J | BCM Policy | Back to R9 | |||
Submit your intention via the "Tell Me More" button above. |
||
Alternatively, feel free to email us if you have any questions. |