![BB OR [D] 6](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20D/BB%20OR%20%5BD%5D%206.jpg?width=2000&height=1333&name=BB%20OR%20%5BD%5D%206.jpg "BB OR [D] 6")
![[OR] [MAS] [E0] A Practical OR Guide to MAS Compliance and Implementation](https://no-cache.hubspot.com/cta/default/3893111/23a20024-f0ef-49c9-b977-9368b9e21491.png)
eBook 1: Chapter 2
Monetary Authority of Singapore's (MAS) Regulatory Landscape
Introduction
Operational resilience is no longer a theoretical construct but a regulatory and business imperative, particularly within Singapore’s financial sector under the guidance of the Monetary Authority of Singapore (MAS).
Financial institutions are expected to move beyond traditional Business Continuity Management (BCM) and adopt a service-centric, end-to-end resilience approach to ensure the continuity of Critical Business Services (CBS) during severe but plausible disruptions.
This chapter introduces the Operational Resilience Planning Methodology, structured around a continuous lifecycle of:
- Plan → Implement → Test → Improve
This lifecycle aligns closely with both:
- The BCM Institute’s Operational Resilience Planning Methodology
- MAS’s BCM lifecycle and operational resilience supervisory expectations
Together, they provide a practical, structured, and regulatory-aligned roadmap for organisations to design, implement, and sustain operational resilience capabilities.
The Plan → Implement → Test → Improve Lifecycle
The Operational Resilience Planning Methodology is built on a closed-loop lifecycle, ensuring that resilience is continuously strengthened rather than treated as a one-time compliance exercise.
Plan Phase – Establishing the Foundation
The Plan phase corresponds to the strategic and governance layer of operational resilience. It answers the question:
“What must we protect, and how resilient do we need to be?”
Aligned with the BCM Institute’s [OR-P1] “Embarking the Operational Resilience Journey,” this phase includes:
- Assessing organisational resilience capability and maturity
- Conducting gap analysis against regulatory expectations (e.g., MAS guidelines)
- Defining Critical Business Services (CBS) based on customer and systemic impact
- Setting impact tolerances (e.g., Maximum Tolerable Downtime, data loss thresholds)
- Establishing governance structures, including:
- Board and senior management oversight
- Risk appetite and resilience objectives
- Developing a multi-year Operational Resilience Roadmap
This phase aligns with MAS expectations that financial institutions must:
- Identify and prioritise critical services
- Define tolerance levels for disruption
- Embed resilience into enterprise risk management
👉 Key Outcome
A clearly defined resilience strategy and governance framework.
Implement Phase – Operationalising Resilience
The Implement phase translates strategy into actionable capabilities. It aligns with the BCM Institute’s [OR-P2] “Implementing Operational Resilience.”
Key activities include:
a. Identification and Decomposition of CBS
- Break down CBS into sub-CBS (detailed processes)
- Ensure full end-to-end service visibility
b. Mapping Dependencies and Interconnections
- Identify dependencies across:
- People
- Processes
- Technology
- Third parties
- Map interconnections and concentration risks, a key MAS requirement
c. Mapping Processes and Resources
- Document:
- Supporting applications and infrastructure
- Key personnel and roles
- Third-party providers and outsourcing arrangements
d. Establishing Impact Tolerances
- Quantify:
- Maximum tolerable disruption duration
- Data loss thresholds
- Customer and regulatory impact
e. Scenario Development
- Identify severe but plausible scenarios, such as:
- Cyber-attacks
- Technology failures
- Third-party outages
- Pandemic or workforce disruptions
👉 Key Outcome: A fully mapped and operationalised resilience framework centred on CBS.
Test Phase – Validating Resilience Capabilities
The Test phase ensures that resilience strategies are not theoretical but proven under stress. This aligns strongly with MAS expectations on scenario testing.
Key components include:
- Scenario Testing (End-to-End CBS Testing)
- Validate whether CBS can remain within impact tolerance
- Integrated Exercises
- Combine BCM, crisis management, and incident response
- Third-Party and Supply Chain Testing
- Assess resilience of external dependencies
- Cyber and Technology Resilience Testing
- Simulate cyber incidents and system failures
Testing must demonstrate:
- Ability to detect, respond, and recover
- Capability to maintain service continuity within tolerance levels
👉 Key Outcome
Evidence-based assurance of the effectiveness of resilience capabilities.
Improve Phase – Continuous Enhancement
The Improve phase closes the loop and ensures resilience evolves with emerging risks. It aligns with the BCM Institute’s [OR-P3] “Sustaining Your Operational Resilience Program.”
Key activities include:
- Post-exercise reviews and lessons learned
- Remediation of identified gaps
- Updating CBS definitions and mappings
- Enhancing governance and reporting
- Embedding resilience into organisational culture
MAS emphasises that operational resilience must be:
- Dynamic and adaptive
- Continuously improved based on testing outcomes and environmental changes
👉 Key Outcome: A continuously evolving resilience capability.
Alignment with MAS BCM Lifecycle
The Operational Resilience Planning Methodology is not separate from BCM—it builds upon and extends it.
MAS BCM Lifecycle Integration
The MAS BCM lifecycle traditionally includes:
- Risk Assessment
- Business Impact Analysis (BIA)
- Strategy Development
- Plan Development
- Testing and Maintenance
The Operational Resilience lifecycle enhances this by:
|
MAS BCM Lifecycle |
Operational Resilience Enhancement |
|
Risk Assessment |
Expanded to enterprise-wide risk and interdependency mapping |
|
BIA |
Elevated to CBS identification and impact tolerance setting |
|
Strategy Development |
Integrated with resilience-by-design principles |
|
Plan Development |
Embedded within end-to-end service continuity |
|
Testing |
Expanded to scenario testing of severe but plausible events |
|
Maintenance |
Strengthened into a continuous improvement lifecycle |
Key MAS Alignment Principles
The methodology aligns with MAS guidance in the following ways:
- Service-Centric Approach
Focus on outcomes delivered to customers, not just internal processes - Impact Tolerance
Define acceptable levels of disruption rather than aiming for zero disruption - End-to-End Mapping
Capture dependencies across the entire service delivery chain - Scenario Testing
Validate resilience against extreme but plausible scenarios - Governance and Accountability
Ensure senior management ownership of resilience
Integration with BCM Institute Methodology
The BCM Institute’s Operational Resilience framework structures the lifecycle into three overarching phases:
- [OR-P1] Plan – Embarking the Journey
- [OR-P2] Implement – Building Capabilities
- [OR-P3] Sustain – Continuous Improvement
These map seamlessly into the lifecycle:
|
Lifecycle Stage |
BCM Institute Phase |
Phase |
|
Plan |
OR-P1 |
Plan |
|
Implement |
OR-P2 |
Implement |
|
Test |
OR-P2 (Testing embedded) |
Implement |
|
Improve |
OR-P3 |
Sustain |
This integration ensures that organisations:
- Follow a structured, phased approach
- Maintain consistency across BCM and operational resilience disciplines
- Align with international best practices and regulatory expectations
Key Success Factors
To successfully implement the Operational Resilience Planning Methodology, organisations must:
- Adopt a service-centric mindset
- Break organisational silos across risk, IT, operations, and compliance
- Integrate BCM, risk management, cyber resilience, and third-party risk
- Engage senior leadership actively, beyond approval roles
- Invest in data, mapping, and analytics capabilities
The Operational Resilience Planning Methodology provides a structured, lifecycle-driven approach to building resilience that is both practical and regulator-ready.
By adopting the Plan → Implement → Test → Improve model, organisations can move beyond traditional BCM and develop a holistic, service-centric resilience capability.
Aligned with the expectations of the Monetary Authority of Singapore and grounded in the BCM Institute’s proven framework, this methodology enables financial institutions to:
- Identify and protect what truly matters—Critical Business Services
- Understand and manage complex interdependencies
- Validate resilience through rigorous testing
- Continuously improve in response to evolving threats
Ultimately, operational resilience is not just about surviving disruptions—it is about delivering critical services reliably, even under extreme conditions, thereby safeguarding customers, markets, and the broader financial system.
![[OR] [MAS] [E2] Approaches to Implementing OR](https://no-cache.hubspot.com/cta/default/3893111/d09e7f6d-fff9-4f07-9537-51e4ac8189d8.png)
| eBook 1 | C1 | C2 | C3 | C4 |
| C5 | C6 | C7 | C8 | |
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
