![BB OR [D] 2](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20D/BB%20OR%20%5BD%5D%202.jpg?width=2000&height=1333&name=BB%20OR%20%5BD%5D%202.jpg "BB OR [D] 2")
Chapter 3
Assess Capability and Maturity - BDCB’s Operational Resilience
1. Purpose & Scope
![[OR] [BDCB] [P1] [S1] [C3] Assessing Capability and Maturity](https://no-cache.hubspot.com/cta/default/3893111/648c0e55-c3fb-4cfb-8c3c-234d618f4c15.png)
This stage evaluates how mature BDCB is in operational resilience—the capacity to prevent, absorb, recover, and adapt to operational disruptions. We examine BDCB’s existing frameworks, capabilities, and readiness across governance, risk controls, digital infrastructure, testing processes, and supervisory mechanisms.
2. Implementation Steps
2.1. Define Resilience Domains & Maturity Criteria
- Identify domains relevant to BDCB:
- Governance & Leadership: robust oversight structures.
- Risk Management & Supervision: risk-based oversight, stress testing.
- Cybersecurity & Tech Resilience: IT defences incident response.
- Continuity & Recovery Processes: BCPs, backups.
- Digital Infrastructure: payment systems, statistics systems.
- Testing & Improvement: drills, simulations, audits.
- Specify maturity levels (e.g., Ad Hoc → Repeatable → Defined → Managed → Optimised).
2.2. Baseline Assessment
- Conduct internal maturity surveys and structured interviews across BDCB divisions (risk, IT, supervision).
- Map practices:
- Risk-based supervision and stress-testing are embedded IMF eLibrary+1.
- Cybersecurity and tech risk controls are strengthened via inspections throughout 2024 BDCB.
- Digital tools: CSS and SupTech infrastructure are in place, enabling real-time data and licensing automation, BDCB+1IMF eLibrary.
- Governance linkage with MAS and UTB via MoUs suggests mature collaborative oversight and capacity development, BBYB PRIME Borneo Bulletin Yearbook 2025CGAA.
- Assess gaps—e.g., if documented BCPs and regular testing or resiliency drills are less visible in public sources, note them as areas needing enhancement.
2.3. Benchmarking
- Compare BDCB’s maturity against international best practices:
- Basel III implementation and macroprudential tools, IMF eLibrary+1.
- Digital resiliency via SupTech and CSS capabilities BDCBIMF eLibrary.
- Highlight peer gaps and global benchmarks like ISO 22313 on business continuity planning on Wikipedia.
2.4. Maturity Scoring & Visualisation
- Assign a maturity level for each domain:
- Example scoring:
- Governance & Supervision: Defined → Managed
- Cybersecurity: Repeatable → Defined
- Digital Infrastructure: Managed
- Continuity Planning: Ad Hoc → Repeatable
- Testing/Exercises: Ad Hoc
- Example scoring:
- Visualise via a maturity radar or table to highlight strengths and gaps.
2.5. Recommendation & Improvement Pathway
- For each maturity level gap, propose specific actions:
- Continuity & Recovery: establish a formal Business Continuity Plan aligned with ISO 22313; document roles, backups, recovery sites, and data replication.
- Testing: conduct regular drills (cyber incident response, BCP tabletop, payment system downtime).
- Cybersecurity: continue strengthening, possibly with AI-driven threat detection (aligned with emerging AI strategies), Cash Platform.
- Governance & Collaboration: deepen MoUs, include climate and ESG stress testing, IMF eLibrary+1.
- Digital Resilience: enhance redundancy in CSS/SupTech, ensure offline licensing capability, and robust communication channels.
3. Illustrative Example
|
Domain |
Current Maturity |
Example & Gap Summary |
Next-step Recommendation |
|
Risk-based Supervision |
Managed |
Regular stress-testing of D-SIBs, Basel III rollout, IMF eLibrary+1 |
Sustain and extend to emerging risks (e.g., climate). |
|
Cybersecurity |
Defined |
Inspections on tech risk in 2024 BDCB |
Formalise incident response plan; integrate AI detection. |
|
Digital Infrastructure |
Managed |
SupTech, CSS licensing automation IMF eLibraryBDCB |
Add redundancy, disaster recovery capability. |
|
Continuity & Recovery |
Ad Hoc |
No public evidence of structured BCP/testing |
Create BCP, document recovery sites, and backup strategies. |
|
Testing & Exercises |
Ad Hoc |
Lack of visible resilience drills |
Organise tabletop exercises and simulations annually. |
|
Governance & Collaboration |
Defined |
Strong MoUs with MAS, UTB, CGAABBYB, PRIME Borneo Bulletin Yearbook 2025 |
Expand with climate and fintech international forums. |
Summing Up ...
This maturity assessment of BDCB reveals strong foundations in supervision, digital infrastructure, and external collaboration. Key opportunities lie in formalising continuity planning, resilience testing, and scaling cyber capabilities.
The improvement roadmap provides clear, actionable steps to advance maturity progressively, ensuring that BDCB remains resilient to operational disruptions and aligned with global central banking standards.
| C5 | C6 | C7 |
![[OR] [BDCB] [P1] [S3] [C5] Developing Strategy and Roadmap](https://no-cache.hubspot.com/cta/default/3893111/65367d1b-90d1-4b78-a48f-7067da1e24a7.png) |
![[OR] [BDCB] [P1] [S4] [C6] Confirming Risk Appetite](https://no-cache.hubspot.com/cta/default/3893111/afda77c6-6705-44f8-b594-09c4468e475d.png) |
![[OR] [BDCB] [P1] [S5] [C7] Developing and Embedding Governance](https://no-cache.hubspot.com/cta/default/3893111/78c11af2-0ee8-42e0-b92c-992fe4bfea43.png) |
![[OR] [BDCB] [P1] [S1-S5] [C2] Five Stages of the "Plan" Phase](https://no-cache.hubspot.com/cta/default/3893111/5682261d-9396-4788-a7c9-7184307ece2e.png)
![[OR] [BDCB] [P1] [S2] [C4] Analysing Gaps](https://no-cache.hubspot.com/cta/default/3893111/53caf4ce-1f23-40b5-ad7b-e2422c4dc560.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
