Part 6: Questions & Answers
As businesses and financial institutions face increasingly complex regulatory landscapes, it's essential to understand how these regulations affect business continuity management (BCM), outsourcing practices, and third-party risk.
We gathered some insightful answers from industry professionals recently participating in a Q&A session on regulatory compliance and BCM strategies.
Below, we highlight key points from this discussion that will help organizations align their operations with local and global standards.
How Does MUFG Bank, Malaysia Align Its Regulatory Compliance with Global Headquarters in Japan?
MUFG Bank, a foreign bank incorporated in Malaysia, must comply with local requirements (set by Bank Negara Malaysia) and global standards from its headquarters in Japan.
The bank follows a framework that prioritizes stricter regulatory requirements, ensuring local regulations supersede global standards when necessary.
This dual approach strengthens the internal control system by ensuring compliance with local mandates while aligning with global headquarters’ directives.
How Frequently Does Bank Negara Malaysia Conduct Thematic Reviews of BCM Practices?
Bank Negara Malaysia conducts thematic reviews on business continuity management (BCM).
Last year, they conducted a review focusing on BCM across the banking sector, though the results have yet to be published. These reviews ensure that financial institutions adhere to BCM standards.
However, no specific thematic reviews related to outsourcing practices or third-party risks have been conducted yet, but supervisory reviews are conducted annually.
What Happens if a Third-Party Vendor Cannot Comply with BCM Requirements?
Managing third-party vendors effectively is crucial for any organisation, especially regarding BCM requirements.
If a third-party vendor fails to meet BCM standards, it’s important to have clear clauses in the contract. Regular reviews and assessments are essential to identify any performance gaps.
Before contract renewals, these vendors should be informed of the discrepancies and be allowed to address them.
Organisations should make BCM compliance mandatory during vendor selection to avoid future challenges.
How Do Different Regional BCM Regulations Compare, and What Challenges Arise?
BCM regulations vary across regions, with different standards and maturity levels.
For instance, countries like India and Hong Kong are moving towards operational resilience, while Malaysia's regulatory framework has not yet fully embraced this shift.
These regional differences can create challenges regarding technical integration, documentation, and resource allocation, mainly when organizations operate across multiple jurisdictions.
What Are the Consequences of Noncompliance with BCM Regulations?
Noncompliance with BCM regulations can have significant repercussions.
In Malaysia, Bank Negara has penalized banks for inaccurate regulatory reporting, and companies that fail to meet BCM standards face increased insurance premiums.
In addition to financial penalties, the inability to respond promptly to disruptions can jeopardize critical functions, leading to reputational damage, loss of stakeholder trust, and legal risks.
How Do You Ensure Compliance with Multiple Regulatory Requirements in the Financial Sector?
Financial institutions often face the challenge of navigating numerous regulatory requirements.
To stay compliant, it is vital to understand the regulations and operationalize them within the organization.
This involves collaborating with risk and compliance teams, setting up key risk indicators for high-risk areas, and conducting regular audits and thematic reviews to ensure regulatory compliance.
Managing High-Profile Vendors to Meet Binding BCM Requirements
When working with major cloud service providers like AWS or Microsoft, organizations must verify compliance with BCM regulations.
Although these vendors provide audit assurances, organizations must rely on their IT risk personnel to assess the quality and relevance of the audit reports.
It's essential to perform detailed assessments to ensure that these providers meet the required BCM standards and mitigate concentration risks associated with relying heavily on a small group of large vendors.
Summing Up for Part 6 ...
Regulatory compliance and third-party risk management are complex, requiring organizations to build robust frameworks that align with local and global standards.
Organisations can mitigate risks and strengthen their resilience in disruptions by prioritizing stricter regulations, conducting regular reviews, and ensuring vendors meet BCM requirements.
Whether complying with Bank Negara Malaysia’s mandates or managing the challenges posed by outsourcing, the key to success is proactive risk management and a commitment to continuous improvement.
Dr Goh Moh Heng, President of BCM Institute, summarises this webinar. If you have any questions, please speak to the author.
Summing Up for Parts 1 & 2 & 3...
Click the icon on the right for the additional questions asked by the participants. However, due to a time shortage, Dr. Goh provided the answers.
Click the icon on the left to continue reading Parts 1 & 2 & 3 of Ruzita Abd Rashid's presentation.
| Navigating the Challenges in Complying to BCM Regulatory Requirements | |||||
More Information About Business Continuity Management Courses
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BL-B-3] and the BCM-5000 Business Continuity Management Expert Implementer [BL-B-5].
![Register [BL-B-3]*](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/19a8306f-6b76-45ff-8585-95111f393aeb.png?width=200&height=56&name=19a8306f-6b76-45ff-8585-95111f393aeb.png)
![FAQ [BL-B-3]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/9b7f5669-8ad6-450b-a98f-5f5d49ebfc8e.png?width=150&height=150&name=9b7f5669-8ad6-450b-a98f-5f5d49ebfc8e.png)
![Email to Sales Team [BCM Institute]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/83ae9ad3-affc-416e-8f51-64218d6d98f2.png?width=100&height=100&name=83ae9ad3-affc-416e-8f51-64218d6d98f2.png)
