[OR] [AB] [E1] [C4] Composing the OR Team

Operational Resilience at Alliance Bank: A Strategic Implementation Guide

Chapter 4

What Should the Composition of Alliance Bank Malaysia's Operational Resilience Team Be?

Operational resilience has become a cornerstone of sustainable banking in the modern era.

With increasing cyber threats, supply chain disruptions, pandemics, and natural disasters, banks must ensure they can prevent, withstand, and recover from operational shocks.

In its commitment to risk-aware and customer-centric banking, Alliance Bank should formalise an Operational Resilience Team (ORT) structured to meet regulatory expectations and market demands while maintaining agility and responsiveness.

This chapter proposes a comprehensive structure for Alliance Bank's Operational Resilience Team, outlining key functions, roles, and reporting lines tailored to the bank’s size, complexity, and strategic priorities.

Guiding Principles of the ORT Structure

Before detailing the composition, the following principles should underpin the team’s structure:

• Regulatory Compliance: Adheres to Bank Negara Malaysia (BNM) operational risk and resilience guidelines.
• Business Continuity and Recovery Focus: Ensures all critical operations can continue or resume rapidly during disruptions.
• Clear Accountability and Governance: Distinct roles and escalation paths.
• Integration with Enterprise Risk Management (ERM): Synergy with broader risk frameworks.
• Cross-Functional Collaboration: Effective coordination with IT, Compliance, Legal, and Business Units.

Proposed Organisational Structure

Operational Resilience Oversight Committee (OROC)

Role

Strategic oversight and executive governance.

Members

• Chief Risk Officer (Chair)
• Chief Operating Officer
• Chief Information Security Officer
• Chief Compliance Officer
• Heads of Business Units
• Head of Internal Audit (as observer)

Responsibilities

• Approving resilience strategies and frameworks
• Reviewing risk exposure reports
• Endorsing stress testing and simulation exercises

Head of Operational Resilience (HOR)

Position

Reports to Chief Risk Officer

Key Responsibilities

• Leads the ORT
• Develops and updates the Operational Resilience Framework
• Coordinates organisation-wide risk and impact assessments
• Oversees the implementation of business continuity (BC) plans and disaster recovery (DR) programs
• Drives compliance with BNM guidelines and international standards (e.g., ISO 22301, Basel principles)

Core Functional Teams within the ORT

Business Continuity & Crisis Management Unit

Lead

Manager, Business Continuity

Functions

• Develops BC Plans and crisis communication plans
• Conducts business impact analyses (BIAs)
• Leads incident response and post-event reviews
• Conducts crisis simulation drills

IT Resilience & Cybersecurity Coordination Unit

Lead

Manager, IT Resilience

Functions

• Collaborates with IT and Cybersecurity to ensure resilient systems architecture
• Coordinate disaster recovery planning (DRP)
• Test the system recovery processes
• Monitors critical IT infrastructure availability

Third-Party Risk & Supply Chain Resilience Unit

Lead

Manager, Third-Party Risk

Functions

• Conducts due diligence and ongoing assessments of critical vendors
• Ensures third-party BCP/DR alignment
• Monitors SLAs during crisis events

Operational Risk & Scenario Testing Unit

Lead

Manager, Risk Analytics

Functions

• Conducts severe but plausible scenario analyses
• Runs stress-testing exercises
• Integrates findings into enterprise risk assessments

Training & Awareness Unit

Lead

Manager, Resilience Training

Functions

• Delivers periodic staff training on resilience protocols
• Maintains awareness programs and readiness campaigns
• Coordinates with HR for onboarding and refresher courses

Reporting and Escalation Flows

• The Head of Operational Resilience reports to the Chief Risk Officer and provides quarterly updates to the Operational Resilience Oversight Committee.
• Functional leads report to the Head of Operational Resilience and maintain dotted-line relationships with other relevant departments (e.g., IT, Procurement).
• Escalation pathways are pre-defined in crisis management playbooks and BC Plans to ensure rapid decision-making during emergencies.

Integration with Existing Frameworks

The ORT should not operate in isolation but rather integrate seamlessly with the following functions:

• Enterprise Risk Management (ERM)
• Information Security Governance
• Internal Audit (for assurance)
• Compliance & Legal
• Business Strategy and Transformation

This cross-functional alignment enables a holistic approach to operational resilience, ensuring consistency, accountability, and strategic alignment.

Skills and Competency Requirements

Each unit within the ORT should be staffed with professionals possessing:

• Strong analytical and crisis management skills
• Deep understanding of financial operations
• Knowledge of regulatory standards (BNM, MAS, ISO, Basel, etc.)
• Experience with continuity planning, IT recovery, and operational risk
• Communication and training abilities for staff engagement

Summing Up … 

A well-structured Operational Resilience Team is vital for Alliance Bank Malaysia to uphold its promise of stability and trust. The proposed structure addresses regulatory demands and fortifies the bank’s internal capabilities to navigate a dynamic risk environment.

By embedding resilience into the organisational fabric, Alliance Bank can safeguard its operations, protect its customers, and uphold stakeholder confidence in times of crisis.

Operational Resilience at Alliance Bank: A Strategic Implementation Guide
Understanding the Organisation: Alliance Bank

OR Planning Methodology Phases		Plan	Implement	Sustain

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer and OR-5000 Operational Resilience Expert Implementer courses.

	If you have any questions, click to contact us.