[BCM] [GRA] [E3] [BIA] MBCO Corporate MBCO

 Corporate and Business Unit Minimum Business Continuity Objective (MBCO) for Gambling Regulatory Authority (GRA)

 

 

Introduction

The MBCO defines the minimum acceptable level of products and services that an organisation must continue to provide during a disruption to achieve its objectives, fulfil its obligations, and maintain stakeholder confidence.

The MBCO provides management with a measurable recovery target and serves as an important input into Business Impact Analysis (BIA), Business Continuity Strategy (BCS), and recovery planning activities. During a disruption, not all services may be restored immediately.

Therefore, the organisation must determine the minimum level of service that is necessary to continue operating until normal conditions are restored.

For GRA, the MBCO must support its statutory responsibility to regulate gambling activities, oversee licensed operators, protect the public from gambling-related harm, and maintain confidence in Singapore's regulatory framework.

 

Corporate Minimum Business Continuity Objective (Corporate MBCO)
Corporate MBCO Statement

During a disruption, the Gambling Regulatory Authority (GRA) shall maintain the capability to continue delivering critical regulatory oversight, enforcement, incident management, cybersecurity, stakeholder communication, and regulatory decision-making services at a minimum operational capacity sufficient to meet regulatory obligations, maintain public confidence, and support government requirements.

 

Corporate MBCO Targets

Table C1: Corporate MBCO

Corporate MBCO Category	Minimum Continuity Objective
Regulatory Oversight	Maintain at least 80% of critical regulatory monitoring activities within 24 hours
Enforcement Activities	Maintain 100% of critical investigations involving public safety, criminal activities, or regulatory breaches
Incident and Crisis Management	Activate incident response and crisis management teams within 1 hour of incident declaration
Cybersecurity Operations	Maintain continuous monitoring of critical regulatory systems and information assets
Stakeholder Communications	Issue critical stakeholder communications within 2 hours of a major incident
Regulatory Intelligence	Maintain monitoring and assessment of high-priority regulatory risks
ICT Services	Restore critical regulatory systems within approved Recovery Time Objectives (RTOs)
Executive Governance	Maintain executive decision-making capability throughout the disruption period

These objectives establish the minimum level of service delivery expected during a disruption.

Table C2: Business Unit MBCO

CBF Code	Critical Business Function	Business Unit Minimum Business Continuity Objective (MBCO)
1	Gambling Licensing and Approval	Process and approve at least 50% of urgent licence applications and renewals within established regulatory timelines
2	Regulatory Oversight and Supervision	Maintain monitoring of 100% of high-risk licensed operators and critical regulatory obligations
3	Compliance Monitoring and Inspection	Continue at least 75% of critical compliance monitoring activities and inspections
4	Enforcement and Investigation	Continue 100% of active high-priority investigations and enforcement actions
5	Responsible Gambling and Harm Prevention	Maintain 100% availability of critical responsible gambling interventions and stakeholder coordination activities
6	Regulatory Intelligence and Risk Assessment	Continue assessment and reporting of all high-risk intelligence and emerging threats
7	Incident and Crisis Management	Activate crisis management processes and response teams within 1 hour of incident declaration
8	Stakeholder Communication and Public Affairs	Issue critical communications within 2 hours and maintain stakeholder communication channels
9	Legal and Regulatory Advisory	Provide legal advice and regulatory interpretation support for all critical incidents and enforcement actions
10	Policy Development and Regulatory Framework Management	Maintain support for urgent regulatory policy decisions and legislative requirements
11	Information and Case Management Systems	Restore access to critical regulatory records and case management systems within approved recovery targets
12	Cybersecurity and Information Protection	Maintain continuous security monitoring and incident response capability for critical systems
13	ICT Infrastructure and Technology Services	Restore priority technology services and infrastructure within approved RTOs
14	Human Resource Management	Maintain payroll processing, employee communications, and workforce accountability reporting
15	Finance, Procurement, and Vendor Management	Maintain emergency procurement capability and critical financial processing functions
16	Third-Party and Service Provider Oversight	Monitor all critical service providers and escalate disruptions affecting essential services
17	Records and Information Management	Maintain access to critical regulatory records and information repositories
18	Business Continuity and Organisational Resilience Management	Coordinate BCM response activities and provide continuity reporting throughout the disruption
19	Inter-Agency Coordination and Government Liaison	Maintain communication and coordination with all key government agencies and partners
20	Executive Leadership and Governance	Maintain executive decision-making, governance oversight, and strategic direction throughout the disruption

 

MBCO Measurement Criteria

To ensure that MBCOs are measurable and auditable, GRA should establish performance indicators.

Measurement Area	Example Metric
Service Availability	Percentage of services maintained during disruption
Processing Capacity	Percentage of transactions processed
Response Time	Time taken to respond to incidents
Recovery Time	Time taken to restore services
Workforce Availability	Percentage of personnel available
Communication Performance	Time taken to issue critical communications
Regulatory Compliance	Percentage of regulatory obligations fulfilled

These measurements allow GRA to assess whether continuity objectives are being achieved.

 

MBCO Recovery Prioritisation

The following functions should receive the highest recovery priority because they directly support GRA's regulatory mandate.

Priority 1 Functions

• Regulatory Oversight and Supervision.
• Enforcement and Investigation.
• Incident and Crisis Management.
• Regulatory Intelligence and Risk Assessment.
• Cybersecurity and Information Protection.
• ICT Infrastructure and Technology Services.
• Executive Leadership and Governance.

Priority 2 Functions

• Gambling Licensing and Approval.
• Compliance Monitoring and Inspection.
• Stakeholder Communication and Public Affairs.
• Inter-Agency Coordination and Government Liaison.

Priority 3 Functions

• Legal and Regulatory Advisory.
• Records and Information Management.
• Finance, Procurement, and Vendor Management.
• Human Resource Management.

This prioritisation supports effective allocation of resources during disruptions.

 

Relationship Between MBCO and Recovery Objectives

The MBCO specifies the minimum service level to be maintained during a disruption.

The Business Impact Analysis (BIA) subsequently determines:

• Recovery Time Objectives (RTOs).
• Recovery Point Objectives (RPOs).
• Resource requirements.
• Recovery priorities.

Together, these elements guide the development of continuity and recovery strategies.

Benefits of Establishing MBCOs

The establishment of MBCOs provides several benefits:

• Defines minimum acceptable service levels.
• Supports recovery prioritisation.
• Facilitates resource allocation decisions.
• Improves crisis decision-making.
• Supports stakeholder confidence.
• Enhances ISO 22301 compliance.
• Strengthens organisational resilience.

For GRA, MBCOs ensure that critical regulatory services remain available even during severe disruptions.

 

The Corporate and Business Unit Minimum Business Continuity Objectives (MBCOs) establish the minimum level of services and products that the Gambling Regulatory Authority (GRA) must continue to provide during a disruption.

By defining measurable continuity targets across critical business functions, GRA can ensure that essential regulatory, enforcement, intelligence, cybersecurity, communication, and governance activities remain operational when normal operations are affected.

The MBCOs identified in this chapter provide a practical framework for prioritising recovery efforts, allocating resources, and maintaining stakeholder confidence during incidents, emergencies, and disasters.

They also serve as key inputs into the Business Impact Analysis and Business Continuity Strategy phases of the BCM Planning Methodology.

Through regular review and validation, GRA can ensure that its continuity objectives remain aligned with organisational priorities, regulatory responsibilities, and ISO 22301 requirements, thereby strengthening its overall organisational resilience and operational effectiveness.