![BB OR [A] 3](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20A/BB%20OR%20%5BA%5D%203.jpg?width=2000&height=1333&name=BB%20OR%20%5BA%5D%203.jpg "BB OR [A] 3")
Key Governance Requirements and Expectations
Introduction
Operational resilience has become a cornerstone of regulatory expectations for financial institutions worldwide. In light of increasing systemic disruptions—ranging from cyber threats to geopolitical instability.
Regulators such as the Bank for International Settlements (BIS) through the BASEL Committee, and central banks including Bank Negara Malaysia (BNM), Monetary Authority of Singapore (MAS), and the Bank of England, have heightened their focus on how banks govern their ability to withstand, adapt to, and recover from operational disruptions.
A critical area of scrutiny is governance, which determines how resilience is integrated into the bank’s leadership structures, decision-making processes, and risk oversight mechanisms.
This prompt explores the regulatory requirements and best practices in the governance domain, with a focus on how Board oversight, senior management accountability, and risk committee involvement are expected to function to ensure sustained resilience across critical operations and services.
When a bank reports on its operational resilience implementation, particularly to comply with BASEL operational resilience principles and central bank regulatory frameworks (such as those from the Bank of England, MAS, BNM, etc.), governance is a foundational pillar.
This is a breakdown of key governance requirements and expectations, especially in the areas of Board oversight, senior management accountability, and risk committee involvement:
Governance Requirements for Operational Resilience
Governance underpins all aspects of operational resilience. Regulators expect a clear governance framework that ensures operational resilience is integrated into the bank’s overall risk management and strategic planning.
Core Expectations
-
Clearly defined roles and responsibilities across the three lines of defence.
-
Integration of resilience with enterprise risk management (ERM) and business strategy.
-
Regular reporting to the Board and senior executives on resilience posture and key vulnerabilities.
-
Governance structures that enable timely decision-making during disruptions.
Board Oversight
Regulatory Expectations
-
The Board of Directors must have ultimate accountability for operational resilience.
-
The Board must set the tone from the top by endorsing the bank's resilience strategy, tolerance levels (impact tolerances), and priorities.
-
Approve and review:
-
Impact tolerance statements.
-
Critical business services (CBS) identified.
-
Major disruptions and recovery outcomes.
-
-
Ensure adequate resources (financial, technological, and human) are allocated to support resilience efforts.
Focus Areas for the Board
-
Strategic alignment: Ensuring that operational resilience aligns with the bank’s overall business strategy and risk appetite.
-
Monitoring: Review resilience metrics, self-assessments, and scenario test results to ensure ongoing evaluation.
-
Accountability: Hold senior management accountable for resilience implementation.
Senior Management Accountability
Responsibilities
-
Day-to-day responsibility for implementing the operational resilience framework.
-
Translate Board-approved policies into actionable plans and operational execution.
-
Own the impact tolerance setting process and ensure business services remain within these tolerances during disruption scenarios.
-
Oversee the development of:
-
Business impact analyses (BIAs),
-
Mapping of dependencies,
-
Testing scenarios and remediation.
-
Regulatory Focus
-
Ensure cross-functional coordination (Ops, IT, Risk, Compliance).
-
Deliver comprehensive reporting to the Board and relevant committees.
-
Embed operational resilience into existing risk and control frameworks.
Role of the Risk Committees (Board-Level or Senior Executive Committees)
Key Roles
-
Review resilience risks and their interconnection with broader operational and enterprise risks.
-
Challenge assumptions around resilience capabilities and dependencies.
-
Oversee the effectiveness of scenario testing and lessons learned processes.
-
Provide risk-based assurance to the Board regarding the adequacy of operational resilience arrangements.
Expectations
-
Maintain oversight of critical third-party and technology risks, which often underpin critical business services (CBS).
-
Regularly review the bank’s ability to remain within its impact tolerances.
Table 1-1: Regulatory Frameworks Referenced
| Regulator | Governance-Related Requirements |
|---|---|
| BASEL (BCBS 2021) | Principle 1: Governance – Board and senior management must promote a strong culture of operational resilience and provide clear roles and accountability. |
| Bank of England (CP29/19, SS1/21) | The board must approve impact tolerances and oversee testing results. Accountability must be assigned at the executive level. |
| MAS Notice PSN06/Guidelines | Board to ensure effective oversight of operational resilience and resource allocation; Senior Management to implement and monitor resilience posture. |
| BNM BCM Guidelines (2022) | Straightforward assignment of accountability to the Board and Senior Management, and periodic review of crisis and continuity plans. The board must be actively involved in decision-making during crisis events. |
Table 1-2: Summary of Best Practices
| Area | Best Practice |
|---|---|
| Board Oversight | Approves strategy, impact tolerances, and reviews regular resilience reporting. Holds Senior Management accountable. |
| Senior Management Accountability | Leads implementation, embeds resilience into operations, ensures business service continuity. |
| Risk Committees | Provide assurance, challenge resilience plans, monitor emerging risks and testing. |
Summing Up ...
In conclusion, effective governance is not just a regulatory checkbox but the foundation upon which operational resilience is built and maintained.
Regulators expect banks to demonstrate a clear chain of accountability, active Board and committee engagement, and strategic alignment of resilience objectives with business priorities.
The Board of Directors must lead from the top by endorsing resilience strategies and overseeing performance against impact tolerances.
At the same time, senior management must operationalise those directives through structured implementation and oversight.
Equally important is the role of risk committees in challenging assumptions, monitoring resilience risks, and ensuring continuous improvement.
By aligning governance practices with regulatory expectations under BASEL and national frameworks, banks can not only remain compliant but also better safeguard their operations, customers, and reputation during times of disruption.
More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
![[OR] [P1-S5] Key Governance Requirements and Expectations](https://3893111.fs1.hubspotusercontent-na1.net/hubfs/3893111/Operational%20Resilience%20OR/OR%20Diagram/OR%20Roadmap%20Diagram/Updated%20OR%20PM%20Diagram/OR%20PM%20%5B1%5D_Develop%20and%20Embed%20Governance.png)
![[OR] [P2-S4] [1] What is Severe but Plausible Scenarios in Operational Resilience](https://3893111.fs1.hubspotusercontent-na1.net/hubfs/3893111/BCMPedia%20MorePost%20OR%20%5BOperational%20Resilience%5D/IC_OR_BCMPedia_Sever%20but%20Plausible%20Scenarios.png)
![[OR] Disclaimers and Usage of eBook](https://3893111.fs1.hubspotusercontent-na1.net/hubfs/3893111/Disclaimer%20and%20Proper%20Usage%20Morepost/IC_OR_Legal%20Disclaimer.png)
![[OR] [ISO] [C4] 22316:2017 Evaluating Resilience](https://3893111.fs1.hubspotusercontent-na1.net/hubfs/3893111/CM%20ISO22316%20Morepost/IC_CM_ISO22316_2017_Evaluating%20Resilience.png)
