[MTE] [Feb 2025] [P3] [Summary] Navigating the Challenges in Complying to BCM Regulatory Requirements

Summary: Key Takeaways on Regulatory Compliance and Operational Resilience

As we conclude this discussion, it is essential to highlight the key takeaways from our session on regulatory compliance and operational resilience.

Understanding Regulatory Terminology

Each regulator has its terminology and definitions, making it crucial to interpret guidelines carefully.

Regulatory frameworks may overlap, leading to potential confusion about which standard to comply with.

In such cases, aligning with the more detailed and comprehensive standard is advisable, as seen in the comparison between Bank Negara Malaysia’s standards and RMiT.

Regulatory Overlaps and Compliance Challenges

A common challenge in multiple jurisdictions is the overlapping of policies. For instance, Singapore's technology risk policies closely align with RMiT.

Similarly, various central banks, including those in the Philippines, India, Japan, and Malaysia, are progressively integrating operational resilience into their frameworks.

Organisations must remain proactive in identifying and addressing these overlaps.

The Shift Towards Operational Resilience

Most regulators are gradually emphasizing operational resilience. While Bank Negara Malaysia only briefly mentions operational resilience in its latest guidelines, it is clear that this will become a primary focus in the next few years.

Global trends indicate transitioning from business continuity management (BCM) towards a broader operational resilience framework.

Lessons from Global Compliance

The European and US financial sectors have a head start, having already complied with Basel and operational resilience standards for several years.

The initial years focus on establishing foundational systems before achieving full regulatory compliance. Organisations should aim to build robust frameworks rather than merely ticking compliance checkboxes.

Regional and Global Developments

• Philippines: The BSP has issued an operational resilience standard, with compliance deadlines approaching April 2025.
  
  
• Japan: Currently, it is on its second version of operational resilience regulations.
  
  
• Malaysia: Expected to implement further refinements within the next six months.
  
  
• Singapore: We are moving towards incorporating operational resilience into BCM standards with a shift in terminology (e.g., service RTO is now referred to as impact tolerance).
  
  
• India: The Reserve Bank of India’s (RBI) guidance note presents unique challenges due to its complexity and separation of operational risk, operational resilience, and BCM.

Adapting to Regulatory Expectations

Central banks often release multiple policy documents that may overlap but never contradict one another.

Organisations must carefully review and align their compliance strategies accordingly.

Collaboration with Regulators and Industry Stakeholders

Engaging with regulators early and seeking clarifications can help avoid compliance pitfalls. While strict in enforcing policies, central banks are generally approachable for discussions.

Industry collaboration through platforms like LinkedIn and professional training institutes like BCM Institute is highly recommended for staying updated.

Upskilling for Operational Resilience

With operational resilience becoming a core regulatory requirement, BCM professionals should proactively upskill themselves.

Regulators and banks are increasingly attending training programs, signalling the need for industry professionals to prepare for these upcoming changes.

Note: BCM Institute has provided Operational Resilience training and certification since 2022 to support this global compliance requirement.

Summing Up for Part 5 ...

The evolving regulatory landscape demands a strategic and proactive approach to compliance.

Organisations must move beyond short-term compliance efforts and invest in building a strong operational resilience framework.

By staying informed, collaborating with industry peers, and engaging with regulators, businesses can navigate these challenges effectively and prepare for the future of financial resilience.

Dr Goh Moh Heng, President of BCM Institute, summarises this webinar. If you have any questions, please speak to the author.

Summing Up for Parts 1 & 2 & 3...

Click the icon on the right for the additional questions asked by the participants. However, due to a time shortage, Dr. Goh provided the answers.

Click the icon on the left to continue reading Parts 1 & 2 & 3 of Ruzita Abd Rashid's presentation.