This presentation is not only about adhering to regulatory requirements such as Bank Negara Malaysia’s BCM policy, Siti will also share the requirement to build a robust business continuity framework to safeguard your organisation from unforeseen disruptions.
This is a summary of the presentation by Siti Baizura Yunus, Head of Business Continuity Management, Bank Islam, at the Meet-the-Expert Webinar on 21 September July 2023.
The presentation's theme is "Implementing Business Continuity and Compliance with Central Bank Policy."
Bank Negara Malaysia, the central bank of Malaysia, issued a revised Business Continuity Management (BCM) policy in December 2022, aiming to shift focus from business continuity measurement to operational resilience.
Minor adjustments may suffice for those already aligned with earlier guidelines, but those starting from scratch may face initial implementation challenges.
The policy emphasises two critical aspects. First, it outlines guidelines and strategies for moving from a business continuity management level to operational resilience. This entails strengthening capabilities and preparedness to respond to operational interruptions effectively.
The policy also encourages proactive testing and evaluation, encouraging organisations to think beyond established scenarios and plan for potential impacts, fostering a proactive, forward-thinking approach.
Financial institutions in Malaysia, including Maybank, CIMB, Public Bank, Hong Leong Bank, and others, must comply with this policy. The policy underscores the significance of aligning with BCM standards, ensuring operational resilience, and fostering a culture of preparedness and adaptability within the financial sector.
Bank Negara Malaysia has introduced a revamped Business Continuity Management (BCM) policy, impacting organisations under the Development Financial Institution Act and banking industry sectors.
The policy sets forth crucial mandates necessitating compliance. Notably, it emphasises the need for a comprehensive approach to handling cybersecurity incidents, specifying the Chief Information Security Officer's role in notifying BNM in case of an incident.
The policy also delves into revised recovery time objectives and strategies, providing much-needed clarity on these aspects, particularly vital for the banking sector.
Furthermore, the policy mandates that effective oversight of business continuity management integrates into risk management departments. This move towards consolidation aims to enhance the robustness of risk management practices, merging operational risk initiatives for a more comprehensive risk assessment.
A critical aspect emphasised in the policy involves assessing the potential consequences of various operational risks co-occurring and their cascading effects on business operations. The policy recommends simulation exercises to gauge the impact of different scenarios, aligning with real-life incidents like the COVID-19 pandemic.
The policy focuses on a proactive and holistic approach to business continuity, fostering resilience amidst evolving operational landscapes and potential risks, propelling the financial sector towards enhanced preparedness and adaptability.
Firstly, navigating a complex regulatory environment, like adhering to stringent standards such as the Bank Negara Business Continuity Plan (BCP) and risk management requirements, can be daunting. Striking the right balance between these regulations is essential for effective operational resilience.
Secondly, resource constraints pose a significant hurdle for smaller financial institutions. Budget limitations often result in lean teams responsible for business continuity management (BCM). Delegating responsibilities to department heads can help maximise limited resources. Some organisations appoint Business Continuity Coordinators to oversee BCM-related tasks for each department, enhancing efficiency.
Lastly, organisational culture plays a pivotal role. While regulated sectors like banking have a built-in incentive for BCM, other profit-focused organisations may not prioritise it until faced with a crisis.
Shifting the cultural mindset to emphasise the importance of resilience is vital. Organisations must address these challenges systematically, including regulatory compliance, resource limitations, and cultural shifts, to build operational resilience effectively and thrive in today's ever-changing business landscape.
A robust Business Continuity (BC) Plan is crucial to achieving operational resilience, which has evolved from the traditional Recovery Time Objective (RTO) concept.
The BC Plan now encompasses three phases:
This refined approach allows organisations to calculate RTO more accurately, considering all recovery activities.
Operational resilience begins with the board of directors and senior management. They play a pivotal role in understanding the organisation's risk appetite and approving the Business Continuity Framework (BCF). Transparent communication and alignment between the board and operational teams are essential to ensure everyone comprehends the methodology used in risk assessment and mitigation.
Critical components of operational resilience include conducting a comprehensive Business Impact Analysis (BIA), integrating BCM with Risk Management, prioritising risk identification, assessing suppliers' BCM capabilities, developing a versatile risk mitigation strategy, considering insurance coverage, creating emergency response plans, continuous monitoring, regulatory compliance, and regular review and audit.
Dr Goh Moh Heng moderated and transcribed the session.
|
Submit your intention via the "Tell Me More" button for business continuity "B-5" and Operational Resilience "OR-5" above. |
||
| Alternatively, feel free to email us if you have any questions. |