Operational Resilience in Action: A Practical Guide for OCBC Bank
BB OR eBook 4

[OR] [OCBC] [E3] [Report] [P1] [S4] [C6] Confirming Risk Appetite

New call-to-actionThis report presents the outcomes of the "Confirm Risk Appetite" stage, which is part of the "Plan" phase of OCBC Bank’s Operational Resilience Planning Methodology.

New call-to-actionThis stage ensures that the Bank clearly defines and formally approves its risk appetite for operational disruptions, aligning with its business strategy, regulatory requirements, and stakeholder expectations.

A clear and agreed-upon risk appetite framework enables OCBC to make informed decisions about resilience investments and resource prioritisation.

Moh Heng Goh
Operational Resilience Certified Planner-Specialist-Expert

Operational Resilience Management Report

"Plan" Phase – Stage 4: Confirm Risk Appetite

Completion Report

 

Executive Summary

[OR] [OCBC] [E2] [Report] [P1] [S4] [C6] Confirming Risk AppetiteThis report presents the outcomes of the "Confirm Risk Appetite" stage, which is part of the "Plan" phase of OCBC Bank’s Operational Resilience Planning Methodology.

This stage ensures that the Bank clearly defines and formally approves its risk appetite for operational disruptions, aligning with its business strategy, regulatory requirements, and stakeholder expectations.

A clear and agreed-upon risk appetite framework enables OCBC to make informed decisions about resilience investments and resource prioritisation.

Objectives

  • Define and document OCBC’s operational resilience risk appetite.

  • Align the risk appetite with the bank’s enterprise-wide risk management (ERM) framework.

  • Establish thresholds and tolerances for disruption across critical business services.

  • Obtain formal endorsement from senior management and the Board Risk Committee.

Summary of Activities

  • Stakeholder Workshops: Engaged business units, risk management, IT, operations, compliance, and audit to understand expectations and constraints.

  • Review of Critical Business Services: Assessed the potential impact of disruption scenarios on customers, financial stability, and OCBC’s reputation.

  • Benchmarking: Compared risk appetite frameworks and tolerances with industry peers and MAS expectations.

  • Drafting of Risk Appetite Statements: Developed clear and measurable statements, focusing on disruption tolerance levels, recovery timelines, and acceptable residual risks.

Key Risk Appetite Statements (Proposed)

Category Risk Appetite Statement
Customer Impact OCBC has zero tolerance for disruptions to critical services that significantly impact customer access beyond pre-defined thresholds (e.g., inability to access internet banking for more than 2 hours during business hours).
Financial Impact OCBC accepts minimal financial losses from resilience events, not exceeding [X]% of the monthly operating income per incident.
Operational Tolerance OCBC commits to maintaining service delivery for critical business services within agreed impact tolerances under plausible scenarios.
Regulatory Compliance OCBC has no tolerance for breaches of regulatory resilience requirements defined by MAS and other jurisdictions.
Reputational Impact OCBC has low tolerance for disruptions that lead to significant adverse media or customer sentiment.

Integration with Enterprise Risk Management (ERM)

The operational resilience risk appetite will be integrated into the existing ERM framework, ensuring alignment with:

  • Risk categories (e.g., technology, third-party, operational, cyber)

  • Material risk identification and monitoring processes

  • Key Risk Indicators (KRIs) and reporting dashboards

Next Steps

  • Obtain approval from the Operational Resilience Steering Committee.

  • Present the risk appetite statements to the Board Risk Committee for final endorsement.

  • Cascade approved the risk appetite to all business units.

  • Incorporate scenario testing, control effectiveness reviews, and service mapping into the design in the “Design” phase.

Conclusion

Confirming OCBC’s operational resilience risk appetite is foundational to building a robust and transparent resilience framework.

It enables the Bank to manage disruptions within acceptable limits while continuing to safeguard customer trust, financial integrity, and regulatory compliance.

Submitted by:

Head, Operational Resilience Office
OCBC Bank

 

  "Plan" Phase of the Operational Resilience Planning Methodology
  Management Report for Completion of Phase and Stage
New call-to-action New call-to-action [OR] [OCBC] [E3] [Report] [P1] [S1] [C3] Assessing Capability and Maturity [OR] [OCBC] [E3] [Report] [P1] [S2] [C4] Analysing Gap [OR] [OCBC] [E3] [Report] [P1] [S3] [C5] Developing Strategy and Roadmap [OR] [OCBC] [E2] [Report] [P1] [S4] [C6] Confirming Risk Appetite [OR] [OCBC] [E2] [Report] [P1] [S5] [C7] Developing and Embed Governance
 

OR Planning Methodology Phases

 Plan Implement Sustain  
New call-to-action OR What is Operational Resilience? OR Embarking the Operational Resilience Journey New call-to-action OR Sustaining Your Operational Resilience Program  

More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300

If you have any questions, click to contact us.Email to Sales Team [BCM Institute]

 FAQ BL-OR-5 OR-5000
New call-to-action New call-to-action New call-to-action

 

Comments

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2025