Business Continuity Management
Blog_Jan_Ban.jpg

Case Study: BCM Guidelines

This is the background to the case study for the BCM-5000 Blended Learning course.  This is the table of content to the multiple part series.
Moh Heng Goh
Business Continuity Management Certified Planner-Specialist-Expert

IC_Morepost_BCM Guideline

Extract of Local Monetary Authority BCM Guidelines

Back to Table of ContentOverview and Intent

  1. Business continuity management (BCM) entails enterprise-wide planning and arrangements of key resources and procedures that enable the institution to respond and continue to operate critical business functions across a broad spectrum of interruptions to the business, arising from internal or external events.

  2. Continuous availability of critical and essential services is a necessity for the institution to promote customer confidence, ensure regulatory compliance and protect its reputation. It is therefore crucial for the institution to continuously enhance its capabilities to respond swiftly and to ensure the continuity of critical business processes in the event of a major disruption.

  3. The Guidelines outline BCM principles and specific requirements with regard to the formulation of business continuity plan (BCP) and disaster recovery plan (DRP), implementation, testing and maintenance of the plans by the institution.

  4. The Guidelines should be read in conjunction with other relevant guidelines or circulars issued by the monetary authority from time to time.

Guidelines and Specifics

All financial institutions under the authority purview are encouraged to adopt the following guidelines taking into account the diverse activities they engage in and the different markets in which they conduct transactions. Ultimately, the responsibility for business continuity preparedness and recovery following operational disruptions rests with institutions.

Senior management and BCM practitioners should familiarize themselves with the guidelines and understand the intent and implications of the sound principles. Institutions should also read the guidelines in conjunction with relevant regulatory requirements and industry standards.

The guidelines for institutions are as follows :

  1. Has in place a comprehensive BCM framework which includes a business continuity policy

  2. Establishes a comprehensive BCM programme to formulate, implement and test the BCP

  3. Reviews and updates the BCP and DRP continuously to reflect changes in the operating environment

  4. Provides sufficient information to the Board of Directors (Board) to enable them to discharge their responsibilities under the Guidelines

  5. Must ensure that all client-side disruptions to interbank funds transfers are reported to the relevant authorities within 1 hour. Institutions must be assured that all such functions can be recovered within the same business day.

Any non-observance of or deviation from the above guidelines should be based on proper risk assessment and risk management process, taking into account the nature, scale and complexity of the institution’s business operations as well as risk tolerance.

The Guidelines operate on the premise that the Board retains ultimate accountability for the implementation and effectiveness of BCM.

Given that BCM also encompasses disaster recovery for IT systems, crisis management and contingency planning, the institution should ensure that internal linkages with crisis management and emergency response procedures as well as external dependencies on key service providers/vendors are adequately considered during business continuity planning. In addition, safeguard measures should also be undertaken on human life and business assets/premises.

From the above it is foreseen that instituting a proper BCM programme requires the following specific action to be adopted in conjunction :

  1. The Board and Management are responsible for ensuring the implementation of effective BCM framework within the institution.

  2. The institution should have clearly defined policies for business continuity management
    .
  3. The institution should clearly define the roles and reporting lines of individuals and/or committee responsible for BCM.

  4. The institution should identify and assess potential threats that could severely interrupt operations and business activities. Institutions should also evaluate the business impact of the threats on all business functions and the financial system in general.

  5. The institution should identify the critical business functions essential for the development of recovery strategy to ensure resumption of its operations.

  6. The institution should develop recovery strategies and procedures for all critical business functions derived from the BIA exercise.

  7. Institution should test its BC Plan and DR Plan regularly, completely and meaningfully at least once a year.

  8. The institution must carry out periodic review of the BC Plan and DR Plan.

  9. The plan must be updated to reflect changes in the operating environment and business activities

Back to Table of ContentInstitution should attest all the above guidelines and specific actions are undertaken and in place and ensure that they are reviewed and updated at least once a year or more frequently should there be material change within the institution. All documents and supporting evidence should be submitted to the authority as part of the attestation.

 
Your Comments Here :

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024