Operational Resilience Management Report
"Plan" Phase – Stage 5: Develop and Embed Governance
Completion Report
Introduction
![[OR] [OCBC] [E2] [Report] [P1] [S5] [C7] Developing and Embed Governance](https://no-cache.hubspot.com/cta/default/3893111/1e6566b8-c92c-403a-b29e-ea4e091cf815.png)
The Develop and Embed Governance stage represents a foundational component of OCBC Bank’s Operational Resilience (OR) Planning Methodology under the “Plan” phase.
Effective governance ensures that clear leadership, roles, accountability, and oversight mechanisms are established to support the bank’s resilience posture and compliance with regulatory expectations, such as those issued by the Monetary Authority of Singapore (MAS) and other jurisdictions.
Objectives
-
Define and formalise the governance structure for operational resilience.
-
Clarify roles, responsibilities, and accountability for resilience activities across business units.
-
Embed operational resilience oversight into existing enterprise governance frameworks.
-
Align with Board expectations and regulatory requirements.
-
Ensure sustainability, ownership, and top-down engagement.
Governance Framework Overview
The governance structure supporting OCBC’s Operational Resilience includes the following layers:
Board of Directors and Board Risk Committee
-
Provide strategic direction and approve the OR policy framework.
-
Oversee management’s implementation of OR initiatives.
-
Review operational resilience reports and emerging risks quarterly.
Group Executive Committee (GEC)
-
Accountable for endorsing the resilience strategy.
-
Ensure OR is aligned with business objectives and risk appetite.
-
Allocate resources and approve critical tolerance levels.
Group Operational Resilience Steering Committee (GORSC)
-
Composed of senior leaders from Risk, Technology, Operations, Compliance, Legal, and Business Lines.
-
Provide cross-functional oversight of OR activities.
-
Review key decisions, including impact tolerance breaches, critical service identification, and scenario testing outcomes.
Operational Resilience Program Office (ORPO)
-
Act as the central coordinating body for the implementation of the OR framework.
-
Develop methodology, tools, training, and guidance.
-
Monitor progress, conduct assurance activities, and prepare reports for the GORSC and Board.
Business Unit and Function-Level OR Leads
-
Act as key resilience contacts within respective business units.
-
Implement OR processes, maintain service-level documentation, and support scenario testing.
-
Report status and issues to the ORPO and Steering Committee.
Key Policies and Charters Established
Accountability Model (RACI)
The governance structure is supported by a detailed RACI (Responsible, Accountable, Consulted, Informed) matrix for core activities:
| ORPO | BU Leads | GORSC | GEC | Board |
|---|---|---|---|---|
| C | C | A | R | A |
| R | R | C | I | I |
| C | R | A | R | A |
| R | R | A | I | I |
| R | R | C | I | I |
Integration with Enterprise Governance
Operational resilience governance has been integrated into the broader Enterprise Risk Management (ERM) and Business Continuity Management (BCM) frameworks through the following actions:
-
OR is now a standing agenda item in Risk Management Committee meetings.
-
Operational Resilience metrics are part of Key Risk Indicators (KRIs).
-
BCM Steering Committee has been repositioned under the GORSC to ensure alignment.
-
Internal Audit is engaged in periodic OR reviews.
Training and Awareness
-
Targeted awareness sessions delivered to the Board, senior management, and business heads (Q1 2025).
-
OR governance handbook developed and distributed bank-wide.
-
An online learning module on governance roles has been released for all resilience stakeholders.
Next Steps
Conclusion
A robust governance framework for operational resilience has been developed and embedded into OCBC Bank’s enterprise structure.
This framework ensures strategic oversight, operational accountability, and sustained momentum in building a resilient organisation capable of withstanding disruptions and meeting regulatory obligations.
![[OR] [OCBC] [E3] [Report] [P1] [S1] [C3] Assessing Capability and Maturity](https://no-cache.hubspot.com/cta/default/3893111/cafe1ca3-cd65-4a0e-8921-4928cb4a1eda.png)
![[OR] [OCBC] [E3] [Report] [P1] [S2] [C4] Analysing Gap](https://no-cache.hubspot.com/cta/default/3893111/daeb2bee-0064-4f25-baa4-b259ffd09767.png)
![[OR] [OCBC] [E3] [Report] [P1] [S3] [C5] Developing Strategy and Roadmap](https://no-cache.hubspot.com/cta/default/3893111/4310a83d-c4a2-4043-aaf1-612e492be8d6.png)
![[OR] [OCBC] [E2] [Report] [P1] [S4] [C6] Confirming Risk Appetite](https://no-cache.hubspot.com/cta/default/3893111/0480e87d-364c-43f4-9b41-ef62417afcd9.png)
More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/e4287b59-1a43-4e10-8e43-c73b27b3ca39.png?width=172&height=50&name=e4287b59-1a43-4e10-8e43-c73b27b3ca39.png)
![[BL-OR] [3] FAQ OR-300](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/294e989f-8613-4bf3-96a5-a89408cfb9ca.png?width=150&height=150&name=294e989f-8613-4bf3-96a5-a89408cfb9ca.png)
![Email to Sales Team [BCM Institute]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/850988ce-aa7d-4953-95cf-797635341edd.png?width=100&height=100&name=850988ce-aa7d-4953-95cf-797635341edd.png)
