This stage systematically captures, evaluates, and applies lessons from previous disruption events, simulations, and incident management exercises to strengthen OCBC’s operational resilience capabilities across all critical business services.
To establish a structured and continuous improvement approach to learning from past experiences (real events, simulations, and near misses) and integrating those insights into policies, processes, and response plans for enhanced resilience.
Action: Develop a digital knowledge base to store insights from all incident reviews, simulations, and crisis events.
Example: A SharePoint-based repository tagged by service type (e.g., Digital Banking, Treasury) and event type (e.g., cyber incident, third-party failure).
Purpose: To ensure visibility and accessibility of documented learnings across departments.
Action: Formalise and standardise the PIR process for all disruptions and test exercises.
Approach: Use a consistent PIR template that captures:
Event summary
Root cause analysis
Response effectiveness
Stakeholder communication gaps
Improvement opportunities
Example: After a simulated Distributed Denial-of-Service (DDoS) attack on the mobile banking platform, the PIR identified delays in customer communication and gaps in cloud resource scaling.
Action: Link each lesson learned to a responsible department and establish follow-up actions with deadlines.
Tool: Integrate with OCBC’s internal risk register and issue-tracking tools (e.g., ServiceNow or Jira).
Example: The Technology Infrastructure team was assigned to implement an enhancement in automated traffic redirection to mitigate similar DDoS impacts in future.
Action: Every quarter, analyse collected lessons to identify recurring patterns or systemic weaknesses.
Purpose: To develop strategic insights that inform risk management priorities.
Example: Trend analysis over three quarters revealed repeated issues related to third-party vendor coordination during crises.
Action: Refresh training content and update scenario testing scripts based on the identified lessons.
Example: Enhancing the annual business continuity exercise with a cross-border scenario that includes regulatory communication requirements, prompted by a past regional service outage.
Action: Present synthesised lessons and associated actions during quarterly risk and resilience governance meetings.
Metrics Tracked:
Number of PIRs conducted
Percentage of lessons closed with verified improvements
Number of updated procedures/processes resulting from lessons
Example: A dashboard tracking lesson closure rates is shared with the Operational Resilience Steering Committee.
Continuous Improvement: Ensures OCBC remains agile and adaptable to evolving threats.
Culture of Learning: Promotes accountability and proactive learning across departments.
Informed Decision-Making: Enables management to prioritise resilience investments based on real data and insights.
Regulatory Alignment: Supports compliance with regulatory expectations from MAS on operational resilience and post-incident reviews.
Support resourcing for dedicated lessons learned analysts and platform enhancement.
Mandate participation in PIRs for all relevant units.
Ensure governance through periodic reviews by the Operational Resilience Committee.
Prepared by:
Operational Resilience Office
OCBC Bank
Reviewed by:
Head of Enterprise Risk Management
Chief Information Security Officer
Chief Operating Officer
Submission to: Monetary Authority of Singapore
Reporting Period: [Insert Period, e.g., Q1 202X]
| Ref. No. | Date of Event / Exercise | Critical Business Service | Description of Event / Scenario | Key Lesson Learned | Action Taken | Owner | Completion Date | Status | Evidence of Implementation |
|---|---|---|---|---|---|---|---|---|---|
| LL-2025-001 | 2025-01-10 | Real-Time Payment Services | Latency issue in SWIFT gateway caused delays in international remittances | Root cause not escalated promptly, delaying workaround implementation | Enhanced escalation SOP and automated alert thresholds for gateway monitoring | Payment Operations | 2025-02-15 | Closed | Updated SOP; screenshots of new alerting rules |
| LL-2025-002 | 2025-01-25 | Digital & Mobile Banking Platforms | Cyber simulation: ransomware attack on mobile app backend | Lack of clear role delineation during technical response led to duplicated efforts | Developed and tested revised incident response playbooks with clear R&R matrices | Technology Risk | 2025-03-01 | Closed | Playbook V2.0, post-simulation review minutes |
| LL-2025-003 | 2025-02-12 | Treasury & Capital Markets | Unplanned failover test revealed outdated third-party contact details | Vendor response delays due to outdated DR contact registry | Instituted quarterly vendor contact verification process | Procurement & Vendor Risk | 2025-03-15 | In Progress | Email to vendors requesting updates; workflow approval logs |
| LL-2025-004 | 2025-02-20 | ATM & Branch Cash Services | Incident: ATM cash loading vendor stuck at closed branch site | Miscommunication due to lack of real-time branch access updates | Integrated ATM operations app with real-time branch status tracker | Branch Ops | 2025-04-01 | Closed | Screenshot of system integration and user guide |
| LL-2025-005 | 2025-03-05 | Corporate Cash Management | Exercise: Major outage affecting bulk payments | Recovery procedures not aligned across regions, causing processing discrepancies | Harmonized recovery procedures and conducted global alignment workshop | Cash Management | 2025-04-10 | In Progress | Workshop attendance log, new procedure manual draft |
Total Lessons Logged: 5
Closed Lessons: 3
In Progress: 2
Overdue Items: 0
% with Updated Procedures/Controls: 100%
% Applied to Future Scenarios or Training: 60%
| Operational Resilience in Action: A Practical Guide for OCBC Bank | |||||
|
"Implement" Phase of its Operational Resilience Planning Methodology |
|||||
|
OR Planning Methodology Phases |
Plan | Implement | Sustain | ||
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.