![BB OR [B] 14](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20B/BB%20OR%20%5BB%5D%2014.jpg?width=2000&height=1333&name=BB%20OR%20%5BB%5D%2014.jpg "BB OR [B] 14")
Chapter 13
Improving Lessons Learned – Stage 4 of the Implement Phase of BSN’s Operational Resilience Planning Methodology
Introduction
![[OR] [BSN] [E2] [C13] Improving Lessons Learnt](https://no-cache.hubspot.com/cta/default/3893111/35a4faf2-ffcb-4e5f-9596-d90482e8e1fd.png)
The "Improving Lessons Learned" stage in the Implement phase is a critical mechanism for institutionalising operational resilience at Bank Simpanan Nasional (BSN).
This chapter explores how BSN can systematically capture, analyse, and act upon lessons from resilience exercises, disruption events, and testing activities.
It ensures that insights are not only documented but translated into actionable improvements across critical business services (CBS).
This stage focuses on developing an adaptive learning culture and a continuous improvement feedback loop that strengthens BSN's preparedness, response, and recovery capabilities.
Lessons learned feed directly into risk mitigation strategies, training programs, and updates to response playbooks, strengthening resilience at all organisational levels.
Objectives of the “Improving Lessons Learned” Stage
- Institutionalise a repeatable process for capturing lessons from real incidents, tabletop exercises, and scenario tests.
- Translate findings into actionable improvements for CBS-1 to CBS-10.
- Improve leadership decision-making and front-line response through feedback mechanisms.
- Promote a culture of continuous learning and adaptive resilience.
Implementation Steps and Examples
Step 1: Establish a Lessons Learned Framework
Action:
Develop a standardised framework and governance structure for capturing and reviewing lessons post-incident or exercise. Assign roles (e.g., Incident Lead, CBS Coordinators, Risk Team) for documentation and follow-up.
Example (CBS-4 Digital Banking):
After a major system latency issue affecting the myBSN mobile app, BSN initiates a structured after-action review. The framework ensures all stakeholders—including IT Ops, Call Centre, and Customer Service—submit impact observations within 48 hours.
Step 2: Conduct Structured After-Action Reviews (AAR)
Action:
Hold AARs within 1–2 weeks of each disruptive event, testing exercise, or simulated scenario. Use structured templates that include:
- Event description and timeline
- Impact on CBS functions
- Decisions made and their effectiveness
- Gaps in coordination or communication
- Recommendations
Example (CBS-2 Government Aid & Disbursement):
Following a nationwide cash assistance rollout delay, an AAR revealed dependency on a single payment gateway. The outcome led to onboarding a secondary provider to ensure future resilience.
Step 3: Analyse Systemic and Process Weaknesses
Action:
Assess if the issue was a one-off or part of a broader systemic challenge. Analyse root causes and recurring patterns across CBS domains using risk dashboards and incident logs.
Example (CBS-8 Core Banking System):
Frequent slowdowns during peak hours prompted a deep dive, uncovering outdated queuing configurations. This insight drove a phased system modernisation plan prioritised in the following budget cycle.
Step 4: Track and Assign Action Items
Action:
Log all corrective actions in a centralised Operational Resilience Action Tracker. Assign owners and deadlines, and align with audit and compliance monitoring.
Example (CBS-10 Regulatory Reporting & Compliance):
An exercise revealed inconsistent data timestamping across reporting modules. IT and Compliance teams are assigned an action plan to align data logging systems, with a 60-day implementation deadline.
Step 5: Update Documentation and Resilience Playbooks
Action:
Update Business Continuity Plans (BCPs), scenario response playbooks, training materials, and system protocols with insights gained.
Example (CBS-6 Agent Banking):
After identifying communication breakdowns with remote banking agents during a flood event, BSN revised its communication protocol, including SMS-based fallback systems and revised agent training kits.
Step 6: Share Knowledge and Promote Learning Culture
Action:
Conduct organisation-wide knowledge-sharing sessions and resilience briefings. Establish “Resilience Insights Newsletters” and include lessons in new hire onboarding and manager training.
Example (CBS-1 Retail Banking Services):
A cyber-attack simulation led to improved password reset procedures. Insights were shared via an internal video briefing by the CISO, followed by a compulsory quiz for front-line staff.
Step 7: Monitor for Continuous Improvement
Action:
Establish metrics and key performance indicators (KPIs) to track the effectiveness of implemented improvements over time. Revisit and reassess lessons every 6–12 months.
Example (CBS-9 Customer Complaint & Dispute Resolution):
Post-implementation tracking showed a 35% drop in unresolved customer cases after revising escalation protocols learned from prior disruptions. This reinforced the value of lessons learned in customer experience.
Benefits to Bank Simpanan Nasional
Implementing a robust "Improving Lessons Learned" stage provides BSN with the following advantages:
- Proactive Risk Mitigation: Recurrent risks are addressed before they evolve into future disruptions.
- Operational Excellence: Enhances the maturity of operational processes across CBS-1 to CBS-10.
- Cultural Resilience: Promotes a learning culture that improves decision-making at all levels.
- Regulatory Alignment: Strengthens BSN’s alignment with BNM and global regulatory resilience expectations.
Table 13-1 Lessons Learned Across CBS
Table: Improving Lessons Learned – Review Summary for CBS-1 to CBS-10
|
CBS |
Critical Business Service |
Event/ Exercise Name |
Date of Event/Review |
Key Lessons Identified |
Root Cause Summary |
Corrective Action(s) |
Action Owner |
Target Completion Date |
Status |
|
CBS-1 |
Retail Banking Services |
Retail Branch Cyber Drill |
05 May 202X |
Delayed escalation to the Risk Team |
Lack of role clarity in branch escalation |
Update the branch playbook; conduct refresher training |
Retail Ops Lead |
30 Jun 202X |
In Progress |
|
CBS-2 |
Government Aid and Disbursement Services |
Disbursement Delay (Real Incident) |
12 Mar 202X |
Over-reliance on a single payment vendor |
Vendor dependency |
Engage secondary vendor; update vendor policy |
Procurement Head |
15 Jul 202X |
Completed |
|
CBS-3 |
ATM and Self-Service Banking Infrastructure |
Nationwide ATM Outage Simulation |
22 Apr 202X |
Inadequate offline transaction fallback mechanism |
Technical system constraint |
Upgrade ATM firmware; implement offline queue buffer |
IT Infrastructure |
31 Aug 202X |
In Progress |
|
CBS-4 |
Digital Banking (myBSN Online and Mobile Banking App) |
Latency Incident on myBSN App |
14 Jan 202X |
Late notification to Call Centre teams |
Weak alerting protocols |
Integrate real-time alerting tools; update notification SOP |
Digital Banking |
30 Jun 202X |
Completed |
|
CBS-5 |
Loan Disbursement and Repayment Processing |
Loan Simulation Exercise |
28 Feb 202X |
Mismatch in customer repayment data between systems |
Data synchronisation lag |
Automate sync cycle; improve reconciliation process |
Loan Ops Head |
31 Jul 202X |
In Progress |
|
CBS-6 |
Agent Banking (BSN Banking Agents) |
Flash Flood Impact on Rural Agents |
10 Dec 202X |
Poor two-way communication with field agents |
Absence of redundancy in the communication channel |
Implement SMS-based fallback and agent hotline |
Channel Mgmt |
15 Jun 202X |
Completed |
|
CBS-7 |
Treasury and Liquidity Management |
Liquidity Crisis Simulation |
18 Mar 202X |
Delay in liquidity reporting during the stress window |
Manual reporting dependencies |
Automate liquidity dashboards; cross-train the backup team |
Treasury Lead |
31 Jul 202X |
In Progress |
|
CBS-8 |
Core Banking System (CBS Infrastructure) |
Scheduled Stress Test (CBS Load Test) |
20 Apr 202X |
System slowdowns during concurrent processing windows |
The infrastructure is not scaled for the load |
Upgrade server capacity and review batch job schedules |
Core Infra Team |
30 Sep 202X |
Planned |
|
CBS-9 |
Customer Complaint and Dispute Resolution |
Complaint Surge Simulation |
06 May 202X |
Complaint resolution exceeded SLA |
Overload due to manual triage |
Introduce an auto-classification AI model |
Customer Service |
15 Jul 202X |
In Progress |
|
CBS-10 |
Regulatory Reporting and Compliance |
MAS/BNS Stress Test |
10 Mar 202X |
Errors in regulatory report timestamps |
System configuration inconsistency |
Reconfigure reporting software; enforce data timestamp |
|
|
|
Summing Up ...
The "Improving Lessons Learned" stage is not merely a post-mortem activity—it is a proactive, forward-looking discipline that ensures BSN grows stronger with every disruption faced or simulated.
By embedding a structured and accountable approach to capturing and applying insights, BSN ensures that operational risks are continuously mitigated and response frameworks remain relevant and robust.
For a diversified banking institution like BSN—spanning digital services, rural banking agents, government disbursements, and regulatory reporting—the stakes are high. Each CBS requires tailored insights to evolve based on real-world learning.
When fully embraced, this learning loop strengthens institutional memory, enhances crisis leadership, and propels the organisation toward operational excellence.
As the financial services industry advances into an era defined by volatility and digital interconnectivity, BSN’s resilience will depend not only on its systems and processes but on its capacity to learn, adapt, and respond.
Through this chapter, BSN sets a benchmark in operational maturity, transforming lessons into long-term value.
![[OR] [BSN] [E2] [C8] Five Stages of the "Implement" Phase](https://no-cache.hubspot.com/cta/default/3893111/bccc6742-067a-468a-bdc1-cbb2e1f67000.png)
![[OR] [BSN] [E2] [C9] Identifying Critical Business Services](https://no-cache.hubspot.com/cta/default/3893111/397bed2b-ad4e-4707-812a-3bd747fd4470.png)
![[OR] [BSN] [E2] [C10] Mapping of Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/23518034-ce47-4782-9a05-c9606b02cc91.png)
![[OR] [BSN] [E2] [C12] Performing Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/b2e7e3d2-0e92-460f-acdf-9dc193b02589.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
