One of the most valuable aspects of the BCM Institute Meet-the-Expert session was the sharing of lessons learned from financial institutions and organisations that have already embarked on Operational Resilience programmes across Europe, the United Kingdom, North America, Asia, and the Middle East.
These experiences provide important guidance for organisations beginning their own Operational Resilience journey.
The most common misconception is that Operational Resilience is simply a larger version of Business Continuity Management. Many organisations initially delegated Operational Resilience to their BCM teams and attempted to expand existing BCM frameworks.
Experience has shown that this approach often leads to implementation gaps because Operational Resilience requires the integration of BCM, Operational Risk, Cyber Resilience, and Third-Party Risk Management.
Many organisations rushed into compliance activities before establishing governance structures, accountability frameworks, and board-level oversight.
Successful programmes began by defining policies, governance structures, responsibilities, and reporting mechanisms before attempting technical implementation activities.
Unlike traditional BCM programmes, Operational Resilience requires active board involvement.
Regulators increasingly expect board members to approve resilience strategies, impact tolerances, and Critical Operations. Organisations that delayed board engagement often encountered significant implementation challenges later.
The quality of an Operational Resilience programme depends heavily on how Critical Operations or Critical Business Services are identified.
Organisations that defined services too broadly struggled with implementation. Organisations that identified services correctly were able to establish meaningful impact tolerances and resilience objectives.
Operational Resilience shifts attention away from individual departments and towards end-to-end service delivery.
This requires organisations to understand dependencies across people, technology, facilities, data, suppliers, and third parties. Mapping these dependencies often reveals vulnerabilities that were previously hidden.
Many organisations discovered that resilience gaps only became visible during severe-but-plausible scenario testing exercises.
Testing provides evidence of whether Critical Operations can remain within their defined impact tolerances during disruptive events and helps prioritise resilience investments.
A common challenge faced by organisations is not knowing where to begin.
Institutions that leveraged structured methodologies, implementation frameworks, and proven examples progressed significantly faster than those attempting to develop everything from scratch. The use of implementation guides, templates, and structured planning methodologies accelerates compliance while reducing implementation risk.
Perhaps the most important lesson from global Operational Resilience programmes is that resilience is no longer solely about recovering from disruption. The objective is to ensure that critical services continue to operate despite disruption.
Organisations that embrace this mindset will be better positioned to meet regulatory expectations, strengthen stakeholder confidence, and build long-term resilience in an increasingly complex operating environment.
Click the icon below to continue reading parts of Dr Goh Moh Heng's presentation.
| Building Operational Resilience in the Philippines: A Hands-On Approach to BSP Circular 1203 Compliance | ||||
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|