[BSP] BCM Policy Issued by the Bangko Sentral ng Pilipinas
While the BSP does not have a standalone, publicly available BCM policy document, they outline expectations for Business Continuity Management (BCM) practices within the financial sector through various regulations and supervisory tools.
This chapter explores how the BSP approaches BCM for Philippine FIs:
Regulatory Framework for BCM
The BSP emphasizes the importance of BCM for maintaining operational resilience and mitigating disruption within the Philippine financial system. Key regulations and guidelines that influence BCM practices for FIs include:
Manual of Regulations for Banks (MORB)
- Book 1 of the MORB defines Business Continuity (BC) as "a state of continued, uninterrupted operation of a business."
- It also introduces the concept of Business Continuity Management (BCM) as "an enterprise-wide framework encompassing policies, standards, facilities, personnel and practices that provide for continuous functioning of the institution during disruptions."
- https://morb.bsp.gov.ph/149-business-continuity-management/
Circular No. 1088 Series of 2013 (Risk Management Guidelines)
- This circular emphasizes the importance of integrating BCM into the overall risk management framework for FIs.
- FIs must conduct risk assessments, develop and maintain Business Continuity Plans (BCPs), and regularly test these plans.
Supervisory Tools
- The BSP utilizes various supervisory tools, including on-site examinations and off-site monitoring, to assess the adequacy and effectiveness of FIs' BCM practices.
- These assessments may identify areas for improvement and ensure FIs adhere to the BSP's expectations for BCM.
Focus Areas for Financial Institutions in the Philippines
While the BSP doesn't have a single, comprehensive policy document, some key focus areas for BCM within Philippine FIs can be identified through the regulations and supervisory practices mentioned above:
- Proportionate Approach: The BSP encourages FIs to adopt a proportionate approach to BCM, considering their size, complexity, and risk profile.
- Risk Assessment: Conducting a comprehensive risk assessment that identifies potential threats and vulnerabilities specific to the Philippine context is crucial. This may include natural disasters prevalent in the region (e.g., typhoons, earthquakes), cyberattacks, and technological disruptions.
- Business Continuity Plans (BCPs): Developing and maintaining documented BCPs that outline recovery strategies for critical business functions (CBFs) during disruptions. These BCPs should be tailored to the risks identified in the risk assessment.
- Testing and Exercising: Regularly test and exercise BCPs to ensure their effectiveness and identify areas for improvement. This may involve simulations of various disruptive scenarios.
- Incident Response: Establishing clear procedures for responding to incidents that could disrupt operations. These procedures should include communication protocols, escalation processes, and recovery measures.
Summing Up ...
Although the BSP has no single, standalone BCM policy document, its regulations and supervisory practices provide a clear framework for BCM expectations in the Philippines. Understanding these expectations is essential for FIs to develop and maintain robust BCM programs.
Effective BCM practices contribute to the overall resilience of the Philippine financial system and ensure continued service delivery to Filipinos during disruptions.
Note: Further research into BSP circulars is required, and supervisory tools may reveal additional details regarding BCM expectations for Philippine FIs.
More Information About Blended Learning Auditing BCMS Courses
BCM Institute offers two levels of BCM auditing courses: A-3 BCM-8030 ISO22301 BCMS Auditor [A-3] and the ISO22301 BCMS Lead Auditor [A-5].
| Please feel free to send us a note if you have any questions. |