![BB OR [B] 18](https://blog.bcm-institute.org/hs-fs/hubfs/OR%20picture/OR%20Pictures%20A/OR%20Folder%20B/BB%20OR%20%5BB%5D%2018.jpg?width=2000&height=1333&name=BB%20OR%20%5BB%5D%2018.jpg "BB OR [B] 18")
Operational Resilience Management Report
"Implement" Phase
Stage 5: Improving Lessons Learned
Completion Report
Chapter 13
Executive Summary
This report outlines the implementation of the "Improving Lessons Learned" stage in the Operational Resilience Planning Methodology for OCBC Bank.
This stage systematically captures, evaluates, and applies lessons from previous disruption events, simulations, and incident management exercises to strengthen OCBC’s operational resilience capabilities across all critical business services.
2. Objective
To establish a structured and continuous improvement approach to learning from past experiences (real events, simulations, and near misses) and integrating those insights into policies, processes, and response plans for enhanced resilience.
3. Implementation Steps
Step 1: Establishing a Centralised Lessons Learned Repository
-
Action: Develop a digital knowledge base to store insights from all incident reviews, simulations, and crisis events.
-
Example: A SharePoint-based repository tagged by service type (e.g., Digital Banking, Treasury) and event type (e.g., cyber incident, third-party failure).
-
Purpose: To ensure visibility and accessibility of documented learnings across departments.
Step 2: Conducting Structured Post-Incident Reviews (PIRs)
-
Action: Formalise and standardise the PIR process for all disruptions and test exercises.
-
Approach: Use a consistent PIR template that captures:
-
Event summary
-
Root cause analysis
-
Response effectiveness
-
Stakeholder communication gaps
-
Improvement opportunities
-
-
Example: After a simulated Distributed Denial-of-Service (DDoS) attack on the mobile banking platform, the PIR identified delays in customer communication and gaps in cloud resource scaling.
Step 3: Assigning Ownership and Tracking Improvements
-
Action: Link each lesson learned to a responsible department and establish follow-up actions with deadlines.
-
Tool: Integrate with OCBC’s internal risk register and issue-tracking tools (e.g., ServiceNow or Jira).
-
Example: The Technology Infrastructure team was assigned to implement an enhancement in automated traffic redirection to mitigate similar DDoS impacts in future.
Step 4: Thematic Analysis and Trend Identification
-
Action: Every quarter, analyse collected lessons to identify recurring patterns or systemic weaknesses.
-
Purpose: To develop strategic insights that inform risk management priorities.
-
Example: Trend analysis over three quarters revealed repeated issues related to third-party vendor coordination during crises.
Step 5: Incorporating Lessons into Training and Scenario Testing
-
Action: Refresh training content and update scenario testing scripts based on the identified lessons.
-
Example: Enhancing the annual business continuity exercise with a cross-border scenario that includes regulatory communication requirements, prompted by a past regional service outage.
Step 6: Senior Management Reporting and Oversight
-
Action: Present synthesised lessons and associated actions during quarterly risk and resilience governance meetings.
-
Metrics Tracked:
-
Number of PIRs conducted
-
Percentage of lessons closed with verified improvements
-
Number of updated procedures/processes resulting from lessons
-
-
Example: A dashboard tracking lesson closure rates is shared with the Operational Resilience Steering Committee.
4. Benefits to OCBC Bank
-
Continuous Improvement: Ensures OCBC remains agile and adaptable to evolving threats.
-
Culture of Learning: Promotes accountability and proactive learning across departments.
-
Informed Decision-Making: Enables management to prioritise resilience investments based on real data and insights.
-
Regulatory Alignment: Supports compliance with regulatory expectations from MAS on operational resilience and post-incident reviews.
5. Recommendations to Management
-
Support resourcing for dedicated lessons learned analysts and platform enhancement.
-
Mandate participation in PIRs for all relevant units.
-
Ensure governance through periodic reviews by the Operational Resilience Committee.
Prepared by:
Operational Resilience Office
OCBC Bank
Reviewed by:
Head of Enterprise Risk Management
Chief Information Security Officer
Chief Operating Officer
OCBC Bank – Lessons Learned Improvement Log
Submission to: Monetary Authority of Singapore
Reporting Period: [Insert Period, e.g., Q1 202X]
| Ref. No. | Date of Event / Exercise | Critical Business Service | Description of Event / Scenario | Key Lesson Learned | Action Taken | Owner | Completion Date | Status | Evidence of Implementation |
|---|---|---|---|---|---|---|---|---|---|
| LL-2025-001 | 2025-01-10 | Real-Time Payment Services | Latency issue in SWIFT gateway caused delays in international remittances | Root cause not escalated promptly, delaying workaround implementation | Enhanced escalation SOP and automated alert thresholds for gateway monitoring | Payment Operations | 2025-02-15 | Closed | Updated SOP; screenshots of new alerting rules |
| LL-2025-002 | 2025-01-25 | Digital & Mobile Banking Platforms | Cyber simulation: ransomware attack on mobile app backend | Lack of clear role delineation during technical response led to duplicated efforts | Developed and tested revised incident response playbooks with clear R&R matrices | Technology Risk | 2025-03-01 | Closed | Playbook V2.0, post-simulation review minutes |
| LL-2025-003 | 2025-02-12 | Treasury & Capital Markets | Unplanned failover test revealed outdated third-party contact details | Vendor response delays due to outdated DR contact registry | Instituted quarterly vendor contact verification process | Procurement & Vendor Risk | 2025-03-15 | In Progress | Email to vendors requesting updates; workflow approval logs |
| LL-2025-004 | 2025-02-20 | ATM & Branch Cash Services | Incident: ATM cash loading vendor stuck at closed branch site | Miscommunication due to lack of real-time branch access updates | Integrated ATM operations app with real-time branch status tracker | Branch Ops | 2025-04-01 | Closed | Screenshot of system integration and user guide |
| LL-2025-005 | 2025-03-05 | Corporate Cash Management | Exercise: Major outage affecting bulk payments | Recovery procedures not aligned across regions, causing processing discrepancies | Harmonized recovery procedures and conducted global alignment workshop | Cash Management | 2025-04-10 | In Progress | Workshop attendance log, new procedure manual draft |
Summary Metrics for Reporting Period
-
Total Lessons Logged: 5
-
Closed Lessons: 3
-
In Progress: 2
-
Overdue Items: 0
-
% with Updated Procedures/Controls: 100%
-
% Applied to Future Scenarios or Training: 60%
![[OR] [OCBC] [E2] [Report] [P2] [S3] [C11] Setting Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/be2a4eb1-118f-46f7-ae85-07cbefd8f206.png)
More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/e4287b59-1a43-4e10-8e43-c73b27b3ca39.png?width=172&height=50&name=e4287b59-1a43-4e10-8e43-c73b27b3ca39.png)
![[BL-OR] [3] FAQ OR-300](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/294e989f-8613-4bf3-96a5-a89408cfb9ca.png?width=150&height=150&name=294e989f-8613-4bf3-96a5-a89408cfb9ca.png)
![Email to Sales Team [BCM Institute]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/850988ce-aa7d-4953-95cf-797635341edd.png?width=100&height=100&name=850988ce-aa7d-4953-95cf-797635341edd.png)
