![x [OR] [BML] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/7d48f2b3-8004-4429-9f4b-7ee7be465092.png)
eBook 1: Chapter 10
![BCM [E1] [C10] Identifying Critical Business Functions Banner](https://blog.bcm-institute.org/hs-fs/hubfs/BCM%20E1%20Blog%20Banner/BCM%20%5BE1%5D%20%5BC10%5D%20Identifying%20Critical%20Business%20Functions%20Banner.png?width=1920&height=384&name=BCM%20%5BE1%5D%20%5BC10%5D%20Identifying%20Critical%20Business%20Functions%20Banner.png)
What are the Bank of Maldives’s Critical Business Functions Concerning Business Continuity Management?
Introduction
![[BCM] [BML] [E1] [C10] Identifying Critical Business Functions](https://no-cache.hubspot.com/cta/default/3893111/a26696f2-9b69-4bd6-88c7-bdf182ed66d8.png)
Bank of Maldives operates as the country’s largest and most systemically important financial institution, providing essential banking and payment services nationwide.
Any prolonged disruption to its operations could have far-reaching consequences for customers, businesses, government agencies, and the overall financial stability of the Maldives.
In this context, effective Business Continuity Management (BCM) is not merely an operational requirement, but a strategic imperative.
This chapter identifies and explains the Critical Business Functions (CBFs) of Bank of Maldives in accordance with the requirements of ISO 22301:2019 Business Continuity Management Systems (BCMS).
By clearly defining the functions essential to delivering critical products and services, this chapter establishes the foundation for subsequent Business Impact Analysis (BIA), continuity strategy formulation, and recovery planning.
Readers will gain a structured understanding of which banking functions must be prioritised during disruptions and why their resilience is vital to maintaining public confidence, regulatory compliance, and uninterrupted financial services.
|
CBF Code |
Critical Business Function (CBF) |
Description of the Function |
Why This Function Is Critical (BCM Rationale) |
Primary Impact Areas |
Key ISO 22301 Alignment |
|
CBF-1 |
Retail & Corporate Banking Services |
Provision of deposit accounts, savings, loans, credit facilities, and customer account servicing for individuals and corporates. |
Disruption would immediately affect public access to funds, customer confidence, and financial stability across the Maldives. |
Financial, Regulatory, Reputational, Customer |
Clause 8.2 (Business Impact Analysis), Clause 8.3 (BC Strategy) |
|
CBF-2 |
Payment & Settlement Services |
Processing of domestic and international payments, fund transfers, ATM transactions, card payments, and clearing activities. |
Failure would halt cashless transactions nationwide, disrupt commerce, and trigger systemic financial risk. |
Financial, Operational, Reputational |
Clause 8.2.3 (Impact over Time), Clause 8.4 (BC Plans) |
|
CBF-3 |
ATM & Digital Banking Operations |
Operation of ATMs, internet banking, mobile banking, and digital payment platforms. |
These channels are essential for nationwide accessibility, especially across dispersed islands. |
Customer, Operational, Reputational |
Clause 8.3.2 (Resource Requirements), Clause 8.4.2 |
|
CBF-4 |
Treasury & Liquidity Management |
Management of liquidity, cash flow, interbank transactions, and foreign exchange activities. |
Ensures solvency, liquidity sufficiency, and compliance with central bank requirements during disruptions. |
Financial, Regulatory |
Clause 8.3 (BC Strategy), Clause 9.1 (Performance Evaluation) |
|
CBF-5 |
Core Banking System Operations |
Operation and availability of core banking systems supporting account management, transactions, and reporting. |
System unavailability would cascade across nearly all banking services. |
Operational, Financial, Regulatory |
Clause 8.3.3 (Technology), Clause 8.4 |
|
CBF-6 |
Customer Support & Call Centre Services |
Handling customer enquiries, complaints, fraud reporting, and service requests. |
Critical during crises to maintain trust, manage misinformation, and support affected customers. |
Reputational, Customer, Legal |
Clause 8.4.1 (Response Structure), Clause 7.4 (Communication) |
|
CBF-7 |
Credit Risk & Loan Management |
Monitoring credit exposure, loan approvals, repayments, restructuring, and recovery processes. |
Disruption could lead to unmanaged credit risk and regulatory noncompliance. |
Financial, Regulatory |
Clause 6.1 (Risk-Based Thinking), Clause 8.2 |
|
CBF-8 |
Compliance, AML & Regulatory Reporting |
Monitoring regulatory compliance, AML/CFT controls, sanctions screening, and statutory reporting. |
Failure exposes the bank to legal penalties, licence risk, and reputational damage. |
Legal, Regulatory, Reputational |
Clause 4.2 (Interested Parties), Clause 5.1 (Leadership Commitment) |
|
CBF-9 |
IT Infrastructure & Cybersecurity Operations |
Management of data centres, networks, cybersecurity monitoring, and system resilience. |
Technology failure or cyber incidents directly threaten service continuity and data integrity. |
Operational, Legal, Reputational |
Clause 7.1 (Resources), Clause 8.3.4 (ICT Continuity) |
|
CBF-10 |
Branch Operations & Cash Handling |
Operation of physical branches, teller services, and cash logistics across islands. |
Essential for financial inclusion, especially in locations with limited digital access. |
Customer, Financial, Operational |
Clause 8.2.2 (Maximum Acceptable Disruption), Clause 8.4 |
Notes on ISO 22301 Compliance Context
- The identified Critical Business Functions support the ISO 22301 requirement to determine activities that deliver products and services (Clause 8.2).
- Each function is evaluated based on its impact over time, regulatory obligations, and stakeholder expectations, including those of customers, the Maldives Monetary Authority, and the public.
- These CBFs form the foundation for:
- Business Impact Analysis (BIA)
- Continuity strategy selection
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO) determination
- Business Continuity and ICT Disaster Recovery planning
![Banner [Summary] [BCM] [E1] [C10] Identifying Critical Business Functions](https://blog.bcm-institute.org/hs-fs/hubfs/BCM%20E1%20Summing%20Up%20Banner/Banner%20%5BSummary%5D%20%5BBCM%5D%20%5BE1%5D%20%5BC10%5D%20Identifying%20Critical%20Business%20Functions.jpg?width=749&height=86&name=Banner%20%5BSummary%5D%20%5BBCM%5D%20%5BE1%5D%20%5BC10%5D%20Identifying%20Critical%20Business%20Functions.jpg)
The identification of the Bank of Maldives’ Critical Business Functions is a cornerstone of an effective and compliant Business Continuity Management System.
The functions outlined in this chapter reflect the bank’s core service obligations, regulatory responsibilities, and operational dependencies, all of which must be sustained or recovered within acceptable timeframes during disruptive incidents.
By aligning these Critical Business Functions with ISO 22301 requirements, Bank of Maldives is positioned to conduct meaningful impact assessments, establish appropriate recovery objectives, and design proportionate continuity strategies that address both operational and systemic risks.
This clarity enables informed decision-making during crises, supports regulatory expectations, and reinforces the bank’s commitment to service continuity.
As subsequent chapters build on this foundation, the identified functions will serve as the reference point for developing resilient processes, technologies, and response capabilities that ensure the bank can continue to serve the nation under adverse conditions.
![[BCM] [BML] [E1] [C1] Overview of BCM Implementation for Bank of Maldives](https://no-cache.hubspot.com/cta/default/3893111/5a1400f3-26ad-42df-8e86-b2cf5e8e93c9.png)
![[BCM] [BML] [E1] [C2] Understanding Your Organisation](https://no-cache.hubspot.com/cta/default/3893111/2d159475-b9db-4121-a6e1-1f98d258ff02.png)
![[BCM] [BML] [E1] [C3] Establishing Organisational Goals](https://no-cache.hubspot.com/cta/default/3893111/7c2bd548-16e9-49f5-ad97-8c8152d2e516.png)
![[BCM] [BML] [E1] [C4] Establishing Business Continuity Objectives](https://no-cache.hubspot.com/cta/default/3893111/df6d7941-cb50-4003-adf2-5469d872ed88.png)
![[BCM] [BML] [E1] [C5] Determining BC Assumptions](https://no-cache.hubspot.com/cta/default/3893111/5e5d9563-9c40-4500-8fcc-41f97653fabc.png)
![[BCM] [BML] [E1] [C6] Composing BCM Team](https://no-cache.hubspot.com/cta/default/3893111/d026388b-93eb-4fc6-88ed-4759b38a1224.png)
![[BCM] [BML] [E1] [C7] Analysing Operating Environment](https://no-cache.hubspot.com/cta/default/3893111/72606e99-809c-4b37-9c49-f1f33e4fba0c.png)
![[BCM] [BML] [E1] [C8] Implementing the BCM Planning Methodology](https://no-cache.hubspot.com/cta/default/3893111/67ae7880-c64d-47c8-88e1-2ba986b864ef.png)
![[BCM] [BML] [E1] [C9] Assessing Risks and Threats](https://no-cache.hubspot.com/cta/default/3893111/6ddbcd4d-d140-4c83-8a37-a745133b2d9a.png)
![[BCM] [BML] [E1] [C11] Summary of Understanding Your Organisation](https://no-cache.hubspot.com/cta/default/3893111/2f3cf910-ae9b-4c5e-b068-553320b4a981.png)
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [B-3] course and the BCM-5000 Business Continuity Management Expert Implementer [B-5].
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
