![BB OR [D] 6](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20D/BB%20OR%20%5BD%5D%206.jpg?width=2000&height=1333&name=BB%20OR%20%5BD%5D%206.jpg "BB OR [D] 6")
![Banner [OR] [P2] [S4] Conducting Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a8ba87ed-c76c-4e8f-b4fa-4eb3aed30b67.png)
Stakeholders in Operational Resilience Scenario Planning (Aligned to BNM)
Introduction
Operational resilience scenario planning is not a siloed technical exercise—it is a cross-functional, enterprise-wide capability that requires coordinated input from multiple stakeholders.
Each stakeholder contributes a distinct perspective, a set of data, and decision-making authority that collectively ensure scenario testing is realistic, severe yet plausible, and aligned with regulatory expectations.
Within the context of the Bank Negara Malaysia (BNM) Operational Resilience framework (2025 Discussion Paper), stakeholder involvement is not optional—it is a regulatory expectation.
BNM emphasises that financial institutions must demonstrate:
- Clear governance and accountability
- Cross-functional integration across risk, business, and technology
- Board and senior management oversight
- End-to-end understanding of Critical Business Services (CBS)
Purpose of the Chapter
This chapter outlines the key stakeholders involved in scenario planning, what each brings to the table, and how their roles align with BNM’s expectations.
To:
- Identify key stakeholders in operational resilience scenario planning
- Define their roles and contributions
- Demonstrate how stakeholder collaboration supports effective scenario design and testing
- Align stakeholder responsibilities with BNM’s operational resilience expectations
Board of Directors and Board Risk Committee
What They Bring
- Strategic oversight and governance
- Approval of resilience strategy, risk appetite, and impact tolerances
- Accountability for ensuring resilience aligns with organisational objectives
Role in Scenario Planning
- Endorse severe but plausible scenarios
- Review outcomes of scenario testing
- Ensure remediation actions are prioritised
Alignment to BNM
BNM emphasises board accountability in operational resilience. The Board must:
- Understand the disruption impacts on CBS
- Oversee resilience strategy and tolerances
- Ensure adequate resources are allocated
👉 The Board ensures scenario planning is strategic, not operationally isolated.
Senior Management (Executive Committee)
What They Bring
- Enterprise-wide coordination and decision-making authority
- Ability to translate strategy into execution
- Ownership of resilience across business lines
Role in Scenario Planning
- Sponsor scenario planning initiatives
- Approve scenarios and testing scope
- Drive cross-functional participation
- Ensure corrective actions are implemented
Alignment to BNM
BNM requires active senior management involvement in:
- Identifying Critical Business Services
- Setting impact tolerances
- Overseeing scenario testing
👉 Senior management ensures scenario planning is actionable and embedded into operations.
Operational Resilience / Risk Management Function
What They Bring
- Methodology, frameworks, and governance
- Risk identification and scenario design expertise
- Alignment with ORM, BCM, and regulatory expectations
Role in Scenario Planning
- Lead the design of severe but plausible scenarios
- Facilitate workshops and coordination
- Ensure consistency with risk appetite and impact tolerances
- Integrate outputs into enterprise risk management
Alignment to BNM
BNM highlights the importance of integrating operational resilience with Operational Risk Management (ORM).
👉 This function ensures scenario planning is structured, consistent, and risk-driven.
Business Units / Service Owners (CBS Owners)
What They Bring
- Deep knowledge of Critical Business Services (CBS)
- Understanding of customer impact and service delivery
- Operational realities and constraints
Role in Scenario Planning
- Identify critical processes and dependencies
- Validate scenario realism
- Assess impact on customers, revenue, and operations
- Participate in scenario testing exercises
Alignment to BNM
BNM requires a service-centric approach, where institutions:
- Identify CBS
- Understand end-to-end service delivery
- Assess disruption impacts
👉 Business units ensure scenarios are realistic and customer-impact focused.
Technology and Cybersecurity Teams
What They Bring
- Knowledge of IT systems, infrastructure, and cyber threats
- Understanding of system interdependencies and vulnerabilities
- Expertise in cyber resilience and incident response
Role in Scenario Planning
- Design technology and cyber-related scenarios (e.g., ransomware, system outages)
- Identify system recovery capabilities (RTO, RPO)
- Validate the resilience of digital channels and infrastructure
Alignment to BNM
BNM’s framework integrates technology risk (RMiT) and cyber resilience into operational resilience.
👉 Technology teams ensure scenarios reflect modern digital and cyber risks.
Business Continuity Management (BCM) and Crisis Management (CM) Teams
What They Bring
- Established continuity and crisis response frameworks
- Experience in disruption response and recovery
- Testing and exercising expertise
Role in Scenario Planning
- Align scenario testing with BCM and crisis exercises
- Validate recovery strategies and plans
- Coordinate crisis response during simulations
Alignment to BNM
BNM expects integration of:
- BCM
- Crisis management
- Operational resilience
👉 BCM/CM ensures scenario planning is execution-ready and response-oriented.
Third-Party Risk Management (TPRM) Function
What They Bring
- Visibility over outsourced services and vendors
- Understanding of third-party dependencies and concentration risks
Role in Scenario Planning
- Identify third-party failure scenarios
- Assess the impact of vendor disruption on CBS
- Coordinate with critical vendors during testing
Alignment to BNM
BNM emphasises outsourcing and third-party risk as key resilience considerations.
👉 TPRM ensures scenarios include external dependency risks, not just internal failures.
Compliance and Legal Function
What They Bring
- Knowledge of regulatory obligations
- Understanding of legal implications during disruptions
Role in Scenario Planning
- Ensure scenarios consider regulatory breaches
- Assess compliance impact during disruptions
- Advise on legal risks and reporting obligations
Alignment to BNM
BNM requires institutions to assess:
- Regulatory impact
- Compliance breaches during disruptions
👉 Compliance ensures scenarios reflect regulatory consequences, not just operational impacts.
Internal Audit
What They Bring
- Independent assurance
- Objective evaluation of framework effectiveness
Role in Scenario Planning
- Review governance and controls
- Validate the adequacy of scenario design and testing
- Assess remediation effectiveness
Alignment to BNM
BNM expects an independent review and assurance of operational resilience frameworks.
👉 Internal Audit ensures scenario planning is credible and defensible.
External Stakeholders (Regulators, Critical Vendors, Industry Bodies)
What They Bring
- External perspective and systemic risk awareness
-
Industry benchmarking and best practices
Role in Scenario Planning
- Participate in sector-wide or cross-industry scenarios
- Provide insights on systemic risks
- Support coordinated response testing
Alignment to BNM
BNM encourages sector-wide resilience and systemic risk awareness.
👉 External stakeholders ensure scenarios reflect systemic and industry-level risks.
Summary Table: Stakeholder Contributions
|
Stakeholder |
Key Contribution |
Value to Scenario Planning |
|
Board |
Governance, oversight |
Strategic alignment |
|
Senior Management |
Execution leadership |
Enterprise coordination |
|
OR / Risk |
Methodology, risk expertise |
Structured scenario design |
|
Business Units |
Service knowledge |
Realistic impact assessment |
|
Technology / Cyber |
System & cyber expertise |
Digital resilience validation |
|
BCM / CM |
Response frameworks |
Recovery and crisis readiness |
|
TPRM |
Vendor insights |
External dependency risk |
|
Compliance / Legal |
Regulatory expertise |
Compliance impact assessment |
|
Internal Audit |
Independent assurance |
Framework credibility |
|
External Stakeholders |
Industry perspective |
Systemic resilience |
![[Banner] [Summing] [OR] [E2] [C12] Performing Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/4edc500a-7ed8-4428-af55-97cfed79825c.png)
Operational resilience scenario planning is only as strong as the collective strength of its stakeholders. Each stakeholder contributes a critical piece of the resilience puzzle—strategy, risk insight, operational knowledge, technical expertise, and governance.
In alignment with Bank Negara Malaysia’s Operational Resilience framework, institutions must demonstrate that scenario planning is:
- Board-led and management-driven
- Service-centric and risk-informed
- Cross-functional and integrated
- Tested, validated, and continuously improved
Ultimately, effective stakeholder engagement transforms scenario planning from a compliance exercise into a powerful tool for building true operational resilience—ensuring that financial institutions can withstand, adapt, and recover from severe disruptions while continuing to deliver Critical Business Services.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
