Disruptions today are no longer limited to isolated system failures or natural disasters; they span cyber threats, third-party dependencies, data integrity issues, pandemics, and rapid shifts in customer expectations.
For a leading regional financial group such as RHB Bank, the ability to continue delivering critical business services through disruption is fundamental to maintaining trust, financial stability, and regulatory confidence.
Operating under the regulatory oversight of Bank Negara Malaysia (BNM), RHB Bank is expected to demonstrate not only compliance with prudential and risk management standards, but also a clear, structured, and repeatable approach to operational resilience.
BNM’s operational resilience guidance emphasises the need for financial institutions to understand their critical business services, set impact tolerances, test severe but plausible scenarios, and continuously strengthen governance, culture, and accountability.
Against this backdrop, operational resilience is no longer viewed as a standalone compliance exercise, but as an enterprise-wide capability that integrates strategy, risk appetite, operations, technology, and people.
This eBook, Operational Resilience Journey at RHB Bank: From Understanding to Implementation, documents a structured methodology that translates regulatory expectations into practical, actionable steps. It outlines how RHB Bank can progress from foundational understanding to embedded resilience, while aligning with both regulatory intent and business priorities.
The purpose of this chapter is to provide readers with a clear rationale for why operational resilience is a critical priority for RHB Bank and why a structured methodology is essential for its successful implementation.
By setting the strategic, regulatory, and organisational context at the outset, this chapter prepares readers to understand the importance of operational resilience as a proactive capability rather than a reactive response to crises.
It also highlights how BNM’s operational resilience guidance shapes expectations around governance, impact tolerance, scenario testing, and continuous improvement within Malaysian financial institutions.
By the end of this chapter, readers are expected to gain a high-level understanding of RHB Bank’s operational resilience journey and the eBook's overall objectives.
The chapter aims to clarify what subsequent chapters will cover, how the three-phase methodology is structured, and the learning outcomes readers can expect as they progress from conceptual understanding to practical implementation.
This ensures readers are aligned on both the why and the what before engaging with the detailed phases that follow.
RHB Bank’s Operational Resilience Planning Methodology is organised into three interconnected phases: Plan, Implement, and Sustain. Together, these phases provide a clear roadmap for building, embedding, and continuously enhancing operational resilience across the organisation.
The Plan phase focuses on building clarity, alignment, and governance before execution begins.
This phase ensures that RHB Bank understands its current state, regulatory obligations, and strategic direction for operational resilience.
RHB Bank evaluates its existing resilience capabilities across people, processes, technology, third-party management, and governance. This includes assessing alignment with BNM expectations, such as board oversight, accountability, and integration with enterprise risk management.
Identified capabilities are compared against regulatory guidance and industry good practices. Gaps may include incomplete visibility of critical services, inconsistent scenario testing, or insufficient integration between business and technology resilience planning.
A structured operational resilience strategy is developed, supported by a phased roadmap. This roadmap prioritises initiatives based on risk, regulatory urgency, and business criticality, ensuring efficient use of resources.
In line with BNM’s emphasis on board-approved risk appetite statements, RHB Bank articulates its tolerance for disruption to critical business services. This provides a clear decision-making framework during both design and crises.
Clear roles, responsibilities, escalation paths, and oversight mechanisms are established. This includes senior management accountability and board visibility, as expected under BNM’s governance and risk management principles.
The Implement phase operationalises the strategy by focusing on tangible outcomes, measurable tolerances, and practical testing.
RHB Bank identifies services whose disruption would materially impact customers, financial stability, or regulatory obligations—such as payments, lending, deposit-taking, and digital banking services—consistent with BNM’s customer-centric resilience focus
End-to-end mapping is conducted to understand the people, systems, data, facilities, and third parties that support each critical service. This mapping helps reveal concentration risks and single points of failure.
RHB Bank defines maximum tolerable levels of disruption (e.g. time, volume, and data loss) for each critical business service. These tolerances are approved by senior management and aligned with customer and regulatory expectations.
Severe but plausible scenarios—such as prolonged system outages, cyber-attacks, or third-party failures—are tested to assess whether services can remain within defined impact tolerances, as encouraged by BNM.
Findings from testing and real-world incidents are analysed, documented, and translated into improvement actions that strengthen controls and recovery capabilities over time.
The Sustain phase ensures that operational resilience becomes part of RHB Bank’s culture, decision-making, and daily operations rather than a one-off initiative.
Resilience is embedded into leadership behaviours, performance objectives, and risk awareness, reinforcing shared ownership across business and support functions.
Clear and consistent communication ensures that employees understand their roles during disruptions, while external communication protocols support transparency with regulators, customers, and stakeholders.
Targeted training programmes enhance staff capability to respond effectively to disruptions, supporting BNM’s expectation for competent and informed personnel.
Regular self-assessments enable RHB Bank to measure resilience maturity, track progress, and proactively address emerging risks.
Independent reviews assure senior management and the board that the operational resilience framework remains effective, compliant, and aligned with evolving regulatory expectations.
RHB Bank’s operational resilience journey reflects a deliberate shift from reactive continuity planning to a forward-looking, service-centric, and customer-focused resilience model.
By adopting a structured methodology across the Plan, Implement, and Sustain phases, the Bank demonstrates its commitment to protecting customers, maintaining financial stability, and meeting the evolving expectations of Bank Negara Malaysia.
This journey is not a finite programme but a continuous cycle of learning, adaptation, and improvement. As risks, technologies, and customer behaviours evolve, so too must RHB Bank’s resilience capabilities.
The integration of governance, risk appetite, scenario testing, cultural change, and independent assurance ensures that operational resilience remains embedded at every level of the organisation.
Ultimately, operational resilience is about trust—trust that RHB Bank can continue to deliver critical services when they matter most.
Through disciplined planning, rigorous implementation, and sustained commitment, RHB Bank positions itself not only to comply with regulatory requirements but to emerge stronger, more agile, and more resilient in the face of future disruptions.
Blogs marked [x] are under construction.
Operational Resilience Journey at RHB Bank: From Understanding to Implementation
|
|
|
|
|||
| C1 | C2 [x] | C8 [x] | C14 [x] | |||
|
Operational Resilience in Practice: The CIMB Bank Approach |
||||||
| ebook 2: Implementing Operational Resilience for CIMB Bank | ||||||
| C1 | eBook 1 | eBook 2 | eBook 3 [x] | C20 [x] | C21 [x] | |
| "Plan" Phase of the Operational Resilience Planning Methodology |
||||||
| C2 [x] | C3 [x] | C4 [x] | C5 [x] | C6 [x] | C7 [x] | |
| "Implement" Phase of the Operational Resilience Planning Methodology | ||||||
| C8 [x] | C9 [x] | C10 [x] | C11 [x] | C12 [x] | C13 [x] | |
| "Sustain" Phase of the Operational Resilience Planning Methodology | ||||||
| C14 [x] | C15 [x] | C16 [x] | C17 [x] | C18 [x] | C19 [x] | |
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|