This chapter explores how BSN can systematically capture, analyse, and act upon lessons from resilience exercises, disruption events, and testing activities.
It ensures that insights are not only documented but translated into actionable improvements across critical business services (CBS).
This stage focuses on developing an adaptive learning culture and a continuous improvement feedback loop that strengthens BSN's preparedness, response, and recovery capabilities.
Lessons learned feed directly into risk mitigation strategies, training programs, and updates to response playbooks, strengthening resilience at all organisational levels.
Action:
Develop a standardised framework and governance structure for capturing and reviewing lessons post-incident or exercise. Assign roles (e.g., Incident Lead, CBS Coordinators, Risk Team) for documentation and follow-up.
Example (CBS-4 Digital Banking):
After a major system latency issue affecting the myBSN mobile app, BSN initiates a structured after-action review. The framework ensures all stakeholders—including IT Ops, Call Centre, and Customer Service—submit impact observations within 48 hours.
Action:
Hold AARs within 1–2 weeks of each disruptive event, testing exercise, or simulated scenario. Use structured templates that include:
Example (CBS-2 Government Aid & Disbursement):
Following a nationwide cash assistance rollout delay, an AAR revealed dependency on a single payment gateway. The outcome led to onboarding a secondary provider to ensure future resilience.
Action:
Assess if the issue was a one-off or part of a broader systemic challenge. Analyse root causes and recurring patterns across CBS domains using risk dashboards and incident logs.
Example (CBS-8 Core Banking System):
Frequent slowdowns during peak hours prompted a deep dive, uncovering outdated queuing configurations. This insight drove a phased system modernisation plan prioritised in the following budget cycle.
Action:
Log all corrective actions in a centralised Operational Resilience Action Tracker. Assign owners and deadlines, and align with audit and compliance monitoring.
Example (CBS-10 Regulatory Reporting & Compliance):
An exercise revealed inconsistent data timestamping across reporting modules. IT and Compliance teams are assigned an action plan to align data logging systems, with a 60-day implementation deadline.
Action:
Update Business Continuity Plans (BCPs), scenario response playbooks, training materials, and system protocols with insights gained.
Example (CBS-6 Agent Banking):
After identifying communication breakdowns with remote banking agents during a flood event, BSN revised its communication protocol, including SMS-based fallback systems and revised agent training kits.
Action:
Conduct organisation-wide knowledge-sharing sessions and resilience briefings. Establish “Resilience Insights Newsletters” and include lessons in new hire onboarding and manager training.
Example (CBS-1 Retail Banking Services):
A cyber-attack simulation led to improved password reset procedures. Insights were shared via an internal video briefing by the CISO, followed by a compulsory quiz for front-line staff.
Action:
Establish metrics and key performance indicators (KPIs) to track the effectiveness of implemented improvements over time. Revisit and reassess lessons every 6–12 months.
Example (CBS-9 Customer Complaint & Dispute Resolution):
Post-implementation tracking showed a 35% drop in unresolved customer cases after revising escalation protocols learned from prior disruptions. This reinforced the value of lessons learned in customer experience.
Implementing a robust "Improving Lessons Learned" stage provides BSN with the following advantages:
|
CBS |
Critical Business Service |
Event/ Exercise Name |
Date of Event/Review |
Key Lessons Identified |
Root Cause Summary |
Corrective Action(s) |
Action Owner |
Target Completion Date |
Status |
|
CBS-1 |
Retail Banking Services |
Retail Branch Cyber Drill |
05 May 202X |
Delayed escalation to the Risk Team |
Lack of role clarity in branch escalation |
Update the branch playbook; conduct refresher training |
Retail Ops Lead |
30 Jun 202X |
In Progress |
|
CBS-2 |
Government Aid and Disbursement Services |
Disbursement Delay (Real Incident) |
12 Mar 202X |
Over-reliance on a single payment vendor |
Vendor dependency |
Engage secondary vendor; update vendor policy |
Procurement Head |
15 Jul 202X |
Completed |
|
CBS-3 |
ATM and Self-Service Banking Infrastructure |
Nationwide ATM Outage Simulation |
22 Apr 202X |
Inadequate offline transaction fallback mechanism |
Technical system constraint |
Upgrade ATM firmware; implement offline queue buffer |
IT Infrastructure |
31 Aug 202X |
In Progress |
|
CBS-4 |
Digital Banking (myBSN Online and Mobile Banking App) |
Latency Incident on myBSN App |
14 Jan 202X |
Late notification to Call Centre teams |
Weak alerting protocols |
Integrate real-time alerting tools; update notification SOP |
Digital Banking |
30 Jun 202X |
Completed |
|
CBS-5 |
Loan Disbursement and Repayment Processing |
Loan Simulation Exercise |
28 Feb 202X |
Mismatch in customer repayment data between systems |
Data synchronisation lag |
Automate sync cycle; improve reconciliation process |
Loan Ops Head |
31 Jul 202X |
In Progress |
|
CBS-6 |
Agent Banking (BSN Banking Agents) |
Flash Flood Impact on Rural Agents |
10 Dec 202X |
Poor two-way communication with field agents |
Absence of redundancy in the communication channel |
Implement SMS-based fallback and agent hotline |
Channel Mgmt |
15 Jun 202X |
Completed |
|
CBS-7 |
Treasury and Liquidity Management |
Liquidity Crisis Simulation |
18 Mar 202X |
Delay in liquidity reporting during the stress window |
Manual reporting dependencies |
Automate liquidity dashboards; cross-train the backup team |
Treasury Lead |
31 Jul 202X |
In Progress |
|
CBS-8 |
Core Banking System (CBS Infrastructure) |
Scheduled Stress Test (CBS Load Test) |
20 Apr 202X |
System slowdowns during concurrent processing windows |
The infrastructure is not scaled for the load |
Upgrade server capacity and review batch job schedules |
Core Infra Team |
30 Sep 202X |
Planned |
|
CBS-9 |
Customer Complaint and Dispute Resolution |
Complaint Surge Simulation |
06 May 202X |
Complaint resolution exceeded SLA |
Overload due to manual triage |
Introduce an auto-classification AI model |
Customer Service |
15 Jul 202X |
In Progress |
|
CBS-10 |
Regulatory Reporting and Compliance |
MAS/BNS Stress Test |
10 Mar 202X |
Errors in regulatory report timestamps |
System configuration inconsistency |
Reconfigure reporting software; enforce data timestamp |
|
|
|
The "Improving Lessons Learned" stage is not merely a post-mortem activity—it is a proactive, forward-looking discipline that ensures BSN grows stronger with every disruption faced or simulated.
By embedding a structured and accountable approach to capturing and applying insights, BSN ensures that operational risks are continuously mitigated and response frameworks remain relevant and robust.
For a diversified banking institution like BSN—spanning digital services, rural banking agents, government disbursements, and regulatory reporting—the stakes are high. Each CBS requires tailored insights to evolve based on real-world learning.
When fully embraced, this learning loop strengthens institutional memory, enhances crisis leadership, and propels the organisation toward operational excellence.
As the financial services industry advances into an era defined by volatility and digital interconnectivity, BSN’s resilience will depend not only on its systems and processes but on its capacity to learn, adapt, and respond.
Through this chapter, BSN sets a benchmark in operational maturity, transforming lessons into long-term value.
| Operational Resilience for Financial Services: The BSN Malaysia Approach | ||||||
| "Implement" Phase of the Operational Resilience Planning Methodology | ||||||
|
OR Planning Methodology Phases |
Plan | Implement | Sustain | ||
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|