[OR] [BI] [E1] [C2] Understanding Your Organisation

eBook 1: Chapter 2

Understanding Your Organisation: Bank Islam

Introduction

Bank Islam is a leading Islamic financial institution in Malaysia, committed to delivering Shariah-compliant banking products and services while upholding strong governance, risk management, and operational resilience.

In an increasingly complex risk landscape — defined by digital transformation, interconnected financial ecosystems, cyber threats, and climate‑related challenges — financial institutions must prioritise resilience to ensure continuity of critical services under disruptive conditions.

This chapter situates Bank Islam’s organisational context within the ISO 22316 Operational Resilience principles and the evolving Bank Negara Malaysia (BNM) operational resilience requirements. It explains how resilience is both a strategic imperative and a regulatory expectation for banks operating in Malaysia.

Purpose of the Chapter

This chapter aims to provide readers with a clear understanding of Bank Islam’s organisational context, its operational priorities, and the regulatory landscape shaping resilience practices in Malaysia.

By exploring the intersection of ISO 22316 principles and Bank Negara Malaysia’s operational resilience expectations, readers will appreciate why resilience is both a strategic necessity and a regulatory imperative.

The chapter pre-emptively highlights the key compliance requirements, organisational responsibilities, and practical measures that underpin Bank Islam’s ability to anticipate, withstand, and recover from operational disruptions.

Readers are expected to gain insight into how operational resilience is embedded across governance, processes, technology, and culture, and why these elements are critical for sustaining customer trust, financial stability, and regulatory compliance.

By the end of this chapter, readers will understand the rationale for prioritising operational resilience and will be prepared to explore subsequent chapters that detail practical methodologies, phases, and actionable steps to strengthen Bank Islam’s resilience capabilities.

What Operational Resilience Means for Bank Islam

Operational resilience refers to an institution’s ability to anticipate, withstand, respond to, recover from, and adapt to operational disruptions —whether caused by technology outages, cyber incidents, natural events, third‑party failures, or other shocks.

Frameworks such as ISO 22316 provide a structured approach to embedding resilience across governance, risk management, processes, and culture.

For Bank Islam, operational resilience is foundational to safeguarding customer trust, sustaining financial stability, and ensuring regulatory compliance. It complements existing enterprise risk management, business continuity planning, and ICT security practices.

Bank Negara Malaysia’s Operational Resilience Expectations

On 19 December 2025, BNM issued a Discussion Paper on Strengthening Operational Resilience, which outlines emerging regulatory direction for financial institutions, including banks and Islamic banks.

This consultative paper emphasises a holistic approach to resilience—going beyond compliance to strengthen preparedness, response, recovery, and adaptive capacity amid evolving risks.

Key elements of BNM’s operational resilience expectations include:

• Governance and accountability: Clear roles and oversight structures for resilience, with senior management and Board accountability embedded in decision‑making.
• Critical service identification and mapping: Understanding and documenting which services are essential for customers and systemic stability.
• Risk assessment and business impact analysis: Comprehensive assessment of operational risks, including technology, cyber threats, human capital, and external dependencies.
• Response readiness and recovery planning: Scenario planning, exercises, and playbooks to preserve critical functions under disruption.
• Third‑party and ecosystem interdependencies: Visibility and resilience assurance across outsourced providers and key partners.

BNM intends to strengthen resilience practices across the financial ecosystem so that institutions like Bank Islam can withstand and recover from disruptions while ensuring the continuity of critical financial services.

Strategic Positioning: Alignment with ISO 22316

ISO 22316:2017 — Security and Resilience — Organisational Resilience— emphasises the importance of:

• Leadership and culture: Embedding resilience through tone‑at‑the‑top and cross‑functional collaboration.
• Context understanding: Knowing internal and external environments that influence operational outcomes.
• Risk‑informed decision‑making: Using risk assessment and business impact analysis to prioritise resilience investment.
• Continuous improvement: Monitoring, testing, and evolving resilience capabilities over time.

Bank Islam’s approach should align with these principles, fostering a culture in which resilience is proactively embedded in strategy, operations, and relationships with customers and partners.

Examples of Compliance and Implementation Requirements

Although the operational resilience framework remains in consultative development, several tangible expectations and examples are already clear or can be inferred from BNM’s guidelines and existing policy documents:

Governance & Leadership

• Bank Islam should establish operational resilience oversight at the Board and senior management levels, with clearly defined accountability for resilience outcomes.
• Designate or empower a senior leader (e.g., a Chief Operational Resilience Officer or equivalent) responsible for coordinating resilience activities across functions.

Critical Business Services & Scenario Testing

• Identify services or processes crucial to customers and system stability (e.g., payment processing, funds transfer, core Islamic financing systems).
• Conduct scenario analyses and tabletop exercises to validate the ability to maintain or restore these services under disruption.

Risk Analysis and Review (RAR) and Business Impact Analysis (BIA) (Impact Tolerance)

• Implement formal risk assessments and business impact analyses that align with the business continuity and operational risk frameworks.
• Integrate findings into resilience planning, prioritisation, and resource allocation.
• Track Key Risk Indicators (KRIs) and Loss Event Data (LED) for regulatory reporting and internal oversight.

Third‑Party and Supply Chain Resilience

• Develop standards for assessing and monitoring the resilience of critical third parties, particularly technology vendors and outsourced service providers.
• Ensure contractual commitments support resilience and recovery efforts.

Enhanced Testing & Continuous Learning

• Regularly test business continuity plans and recovery procedures using realistic scenarios.
• Capture lessons learned and embed them into updated plans, organisational training, and governance reviews.

Integrating Operational Resilience into Bank Islam’s DNA

Operational resilience should not be viewed as a standalone compliance activity. Instead, it must become an enduring organisational capability that:

• Enhances customer confidence.
• Supports sustainable growth and digital innovation.
• Enhances Bank Islam’s competitive edge in a highly dynamic financial services landscape.
• Demonstrates readiness to meet regulatory expectations from BNM and align with global best practices.

By embedding resilience into the core of strategy, culture, and execution, Bank Islam positions itself not only to meet compliance requirements but to strengthen trust, performance, and long‑term success.

In conclusion, understanding Bank Islam’s organisational landscape and the operational resilience requirements set by both ISO 22316 and Bank Negara Malaysia provides a foundational perspective for effective resilience planning.

The chapter underscores that operational resilience is not merely a compliance exercise, but a strategic capability that safeguards critical services, enhances stakeholder confidence, and supports sustainable growth.

By recognising the governance expectations, critical service dependencies, risk management practices, and third-party considerations outlined by BNM, Bank Islam can proactively embed resilience into its operations.

This chapter provides readers with the context, rationale, and objectives needed to navigate the subsequent chapters, in which practical methodologies and implementation strategies will guide the bank toward achieving a robust and adaptive operational resilience framework.

Meanwhile, these are the introductory chapters of eBook 2 and eBook 3 in the "Implementing Operational Resilience for Bank Islam: Aligning with BNM and Global Best Practices" series.

Blogs marked [x] are under construction.

For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.