Business Continuity Management
Bg Bann_BNM

BNM R9J Business Continuity Management Policy by Bank Negara Malaysia: Testing and Exercises

The Business Continuity Management (BCM) Guidelines issued by Bank Negara Malaysia on December 19, 2022, provide comprehensive guidance for financial institutions operating within Malaysia to strengthen their resilience and preparedness in disruptions. 

Part B of these guidelines emphasises Policy Requirement 9, which focuses on the BCM Framework and Methodology.

The "Testing and Exercises" section outlines the key considerations and expectations banks must address when developing business continuity management strategies. Specifically, it highlights the requirements related to testing and exercises.

Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert

Business Continuity Management Policy by Bank Negara Malaysia

New call-to-actionBNM Business Continuity Management Policy by Bank Negara Malaysia TOCPart B Policy Requirements 9:  BCM Framework and Methodology

Testing and Exercises

New call-to-actionClick the icon on the right to download the BNM BCM Policy. Below is a sample Table of Contents of the downloaded BNM BCM Policy.

Introduction

Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.

This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans. Specifically, it highlights the requirements related to testing and exercises.

New call-to-actionPolicy Requirement 9 emphasizes the importance of testing and exercises within the BCM framework. These are vital in evaluating the effectiveness of business continuity plans, identifying gaps or weaknesses, and improving preparedness for disruptive events.

a. Types of Testing and Exercises

The policy encourages banks to conduct various types of testing and exercises, including:

New call-to-actioni. Desktop Exercises

These exercises involve simulated scenarios and discussions to evaluate the effectiveness of the business continuity plans and procedures.

Desktop exercises help identify plan gaps, clarify roles and responsibilities, and enhance stakeholder coordination.

ii. Functional Testing

Functional testing focuses on validating specific components or functions of the business continuity plans. It includes testing the availability and functionality of backup systems, alternate processing sites, and critical infrastructure.

New call-to-actioniii. Full-Scale Exercises

Full-scale exercises simulate real-life scenarios to assess the readiness and effectiveness of the overall business continuity plans.

These exercises involve multiple stakeholders and aim to evaluate the coordination, communication, and response capabilities during a disruptive event.

New call-to-actioniv. Live Testing

Live testing involves conducting real-time tests of backup systems, recovery processes, and alternate facilities.

During a crisis, live testing helps validate critical systems, infrastructure performance, and functionality.

b. Objectives of Testing and Exercises

The policy outlines several key objectives of testing and exercises, including:

i. Validation of Plans

Testing and exercises validate the effectiveness and adequacy of the business continuity plans, ensuring that they meet the requirements and expectations outlined in the policy.

ii. Identification of Gaps and Weaknesses

Testing and exercises help identify gaps, weaknesses, or areas for improvement in the business continuity plans. These findings enable banks to refine and enhance their plans, ensuring better preparedness.

iii. Training and Familiarization

Testing and exercises familiarise employees with their roles and responsibilities during a disruptive event. It helps build their capacity to respond effectively and promotes a culture of resilience within the organization.

iv. Stakeholder Coordination

Testing and exercises facilitate coordination and collaboration among internal and external stakeholders, including departments, business units, vendors, service providers, and regulatory authorities. These exercises help improve communication channels and strengthen relationships.

c. Documentation and Reporting

The policy emphasizes the need for banks to document and report the results of testing and exercises. Banks should maintain records of the exercises conducted, including observations, findings, and action plans for improvement.

These records serve as a basis for evaluating the effectiveness of business continuity plans and demonstrating compliance with the policy's requirements.

d. Regularity and Review

Banks are expected to conduct testing and exercises regularly as part of their business continuity management. The policy recommends establishing a schedule and ensuring they are performed at appropriate intervals.

Additionally, banks should review the results and findings of tests and exercises to update and enhance their business continuity plans accordingly.

Conclusion

Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy highlights the significance of testing and exercising within the BCM framework.

By conducting various tests and exercising, banks can validate the effectiveness of their business continuity plans, identify areas for improvement, and enhance their readiness for disruptive events.

Testing and exercises serve several objectives, including plan validation, identification of gaps and weaknesses, training and familiarisation, and stakeholder coordination.

Documentation and reporting of testing and exercise results are essential for maintaining records, monitoring progress, and demonstrating compliance with the policy's requirements.

Regular testing and review of results enable banks to refine and enhance their business continuity plans, ensuring the continuous improvement of their preparedness and response capabilities. By adhering to these requirements, banks can strengthen their resilience and mitigate the impact of disruptions on their operations.

 

Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9      
R 9A R 9B R9C      
New call-to-action New call-to-action New call-to-action      
R 9D R 9E R9F      
New call-to-action New call-to-action New call-to-action      
R 9G R 9H R9I      
New call-to-action New call-to-action New call-to-action      
R 9J BCM Policy Back to R9      
New call-to-action New call-to-action New call-to-action      

 

Learn more about BCM-5000 [B-5] and BCM-300 [B-3]

New call-to-action New call-to-action New call-to-action
New call-to-action Register [BL-B-3]* New call-to-action
 FAQ BL-B-5 BCM-5000

Submit your intention via the "Tell Me More" button above.

FAQ [BL-B-3]
BCCE Business Continuity Certified Expert Certification (Size 100)  Alternatively, feel free to email us if you have any questions. 
Email to Sales Team [BCM Institute]
BCCS Business Continuity Certified Specialist Certification (Size 75)
 

Comments:

 

More Posts

New Call-to-action