Effective governance ensures that clear leadership, roles, accountability, and oversight mechanisms are established to support the bank’s resilience posture and compliance with regulatory expectations, such as those issued by the Monetary Authority of Singapore (MAS) and other jurisdictions.
Define and formalise the governance structure for operational resilience.
Clarify roles, responsibilities, and accountability for resilience activities across business units.
Embed operational resilience oversight into existing enterprise governance frameworks.
Align with Board expectations and regulatory requirements.
Ensure sustainability, ownership, and top-down engagement.
The governance structure supporting OCBC’s Operational Resilience includes the following layers:
Provide strategic direction and approve the OR policy framework.
Oversee management’s implementation of OR initiatives.
Review operational resilience reports and emerging risks quarterly.
Accountable for endorsing the resilience strategy.
Ensure OR is aligned with business objectives and risk appetite.
Allocate resources and approve critical tolerance levels.
Composed of senior leaders from Risk, Technology, Operations, Compliance, Legal, and Business Lines.
Provide cross-functional oversight of OR activities.
Review key decisions, including impact tolerance breaches, critical service identification, and scenario testing outcomes.
Act as the central coordinating body for the implementation of the OR framework.
Develop methodology, tools, training, and guidance.
Monitor progress, conduct assurance activities, and prepare reports for the GORSC and Board.
Act as key resilience contacts within respective business units.
Implement OR processes, maintain service-level documentation, and support scenario testing.
Report status and issues to the ORPO and Steering Committee.
| Document | Purpose |
|---|---|
| Operational Resilience Policy | Defines OCBC’s approach, principles, and requirements for OR. |
| Operational Resilience Governance Charter | Outlines the roles, responsibilities, and reporting structures. |
| Board and Committee Terms of Reference (Updated) | Updated to include oversight of OR performance and issues. |
| ORPO Operating Procedures | Formalise the processes for tracking milestones, issues, and reporting. |
The governance structure is supported by a detailed RACI (Responsible, Accountable, Consulted, Informed) matrix for core activities:
| Activity | ORPO | BU Leads | GORSC | GEC | Board |
|---|---|---|---|---|---|
| Approve OR Policy | C | C | A | R | A |
| Identify Critical Services | R | R | C | I | I |
| Set and Approve Impact Tolerances | C | R | A | R | A |
| Monitor Tolerance Breaches | R | R | A | I | I |
| Conduct Scenario Testing | R | R | C | I | I |
Operational resilience governance has been integrated into the broader Enterprise Risk Management (ERM) and Business Continuity Management (BCM) frameworks through the following actions:
OR is now a standing agenda item in Risk Management Committee meetings.
Operational Resilience metrics are part of Key Risk Indicators (KRIs).
BCM Steering Committee has been repositioned under the GORSC to ensure alignment.
Internal Audit is engaged in periodic OR reviews.
Targeted awareness sessions delivered to the Board, senior management, and business heads (Q1 2025).
OR governance handbook developed and distributed bank-wide.
An online learning module on governance roles has been released for all resilience stakeholders.
| Action | Owner | Target Completion |
|---|---|---|
| Conduct an effectiveness review of governance implementation | ORPO | Q3 2025 |
| Refine KPIs for governance performance | GORSC | Q2 2025 |
| Align international subsidiaries’ governance with a group-level framework | Group Risk | Q3 2025 |
A robust governance framework for operational resilience has been developed and embedded into OCBC Bank’s enterprise structure.
This framework ensures strategic oversight, operational accountability, and sustained momentum in building a resilient organisation capable of withstanding disruptions and meeting regulatory obligations.
| "Plan" Phase of the Operational Resilience Planning Methodology | ||||||
| Management Report for Completion of Phase and Stage | ||||||
|
OR Planning Methodology Phases |
Plan | Implement | Sustain | ||
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.