Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.
This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans. Specifically, it highlights the requirements related to testing and exercises.
The policy encourages banks to conduct various types of testing and exercises, including:
These exercises involve simulated scenarios and discussions to evaluate the effectiveness of the business continuity plans and procedures.
Desktop exercises help identify plan gaps, clarify roles and responsibilities, and enhance stakeholder coordination.
Functional testing focuses on validating specific components or functions of the business continuity plans. It includes testing the availability and functionality of backup systems, alternate processing sites, and critical infrastructure.
Full-scale exercises simulate real-life scenarios to assess the readiness and effectiveness of the overall business continuity plans.
These exercises involve multiple stakeholders and aim to evaluate the coordination, communication, and response capabilities during a disruptive event.
Live testing involves conducting real-time tests of backup systems, recovery processes, and alternate facilities.
During a crisis, live testing helps validate critical systems, infrastructure performance, and functionality.
The policy outlines several key objectives of testing and exercises, including:
Testing and exercises validate the effectiveness and adequacy of the business continuity plans, ensuring that they meet the requirements and expectations outlined in the policy.
Testing and exercises help identify gaps, weaknesses, or areas for improvement in the business continuity plans. These findings enable banks to refine and enhance their plans, ensuring better preparedness.
Testing and exercises familiarise employees with their roles and responsibilities during a disruptive event. It helps build their capacity to respond effectively and promotes a culture of resilience within the organization.
Testing and exercises facilitate coordination and collaboration among internal and external stakeholders, including departments, business units, vendors, service providers, and regulatory authorities. These exercises help improve communication channels and strengthen relationships.
The policy emphasizes the need for banks to document and report the results of testing and exercises. Banks should maintain records of the exercises conducted, including observations, findings, and action plans for improvement.
These records serve as a basis for evaluating the effectiveness of business continuity plans and demonstrating compliance with the policy's requirements.
Banks are expected to conduct testing and exercises regularly as part of their business continuity management. The policy recommends establishing a schedule and ensuring they are performed at appropriate intervals.
Additionally, banks should review the results and findings of tests and exercises to update and enhance their business continuity plans accordingly.
Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy highlights the significance of testing and exercising within the BCM framework.
By conducting various tests and exercising, banks can validate the effectiveness of their business continuity plans, identify areas for improvement, and enhance their readiness for disruptive events.
Testing and exercises serve several objectives, including plan validation, identification of gaps and weaknesses, training and familiarisation, and stakeholder coordination.
Documentation and reporting of testing and exercise results are essential for maintaining records, monitoring progress, and demonstrating compliance with the policy's requirements.
Regular testing and review of results enable banks to refine and enhance their business continuity plans, ensuring the continuous improvement of their preparedness and response capabilities. By adhering to these requirements, banks can strengthen their resilience and mitigate the impact of disruptions on their operations.
| Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9 | |||||
| R 9A | R 9B | R9C | |||
| R 9D | R 9E | R9F | |||
| R 9G | R 9H | R9I | |||
| R 9J | BCM Policy | Back to R9 | |||
|
Submit your intention via the "Tell Me More" button above. |
||
| Alternatively, feel free to email us if you have any questions. |