![BB OR [A] 10](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20A/BB%20OR%20%5BA%5D%2010.jpg?width=2000&height=1333&name=BB%20OR%20%5BA%5D%2010.jpg "BB OR [A] 10")
Chapter 19
Conduct Independent Quality Review – Stage 5 of the Sustain Phase of BSN’s Operational Resilience Planning Methodology
Introduction
![[OR] [BSN] [E2] [C19] Conducting Independent Quality Reviews](https://no-cache.hubspot.com/cta/default/3893111/38b0f4ab-20ed-42c0-b9d1-e29cce4798f1.png)
In the Sustain phase of Bank Simpanan Nasional’s Operational Resilience Planning Methodology, the “Conduct Independent Quality Review” stage plays a crucial role in ensuring that all resilience activities—spanning planning, implementation, and monitoring—meet expected quality standards and industry best practices.
This review process ensures objectivity, identifies gaps, and drives continual improvement.
As BSN continues to provide critical services to individuals, government entities, and businesses across Malaysia, conducting an independent quality review ensures that its resilience strategies remain robust, relevant, and aligned with regulatory expectations.
Objective of Independent Quality Review
The primary objectives of conducting an independent quality review are to:
- Validate the integrity and effectiveness of resilience plans and controls.
- Provide an impartial assessment of BSN’s preparedness to respond to disruptions.
- Ensure alignment with Bank Negara Malaysia (BNM) and other relevant regulatory guidelines.
- Recommend actionable improvements for strategic and operational resilience.
Implementation Steps
1. Define the Scope and Objectives of the Review
Clearly define what will be reviewed (e.g., specific Critical Business Functions or entire resilience plans) and what the review aims to achieve.
Example
BSN may initiate an independent quality review of CBS-4 (Digital Banking) and CBS-8 (Core Banking System) due to the increasing reliance on digital platforms and the criticality of uninterrupted system availability.
2. Appoint Independent Reviewers
Engage internal audit teams that are functionally independent, or external subject matter experts (SMEs) with no operational involvement in the day-to-day BCM/ITRM functions.
Example
A third-party consultancy with expertise in operational resilience could be commissioned to conduct a review of CBS-1 (Retail Banking Services) and CBS-6 (Agent Banking), assessing their continuity plans under various disruptive scenarios.
3. Conduct Documentation Review
Review all resilience-related documentation, including:
- Business Impact Analysis (BIA)
- Risk Assessments
- Business Continuity Plans (BCPs)
- Crisis Management Frameworks
- Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)
Example
During the review of CBS-10 (Regulatory Reporting and Compliance), documentation must demonstrate how BSN ensures timely and accurate regulatory submissions during system outages or crises.
4. Perform Validation Exercises and Interviews
Conduct validation through:
- Stakeholder interviews
- Walkthroughs
- Site inspections
- Review of recent incident response cases or test reports
Example
To assess CBS-3 (ATM and Self-Service Banking Infrastructure), reviewers may visit branches or data centres to inspect failover mechanisms and validate response actions during unplanned ATM outages.
5. Evaluate Against Standards and Best Practices
Use standards such as:
- ISO 22301 (Business Continuity)
- ISO 27001 (Information Security)
- ISO 22361 (Crisis Management)
- Bank Negara Malaysia’s Operational Resilience Guidelines
Example
A review of CBS-7 (Treasury and Liquidity Management) should confirm that the function’s continuity procedures align with BNM’s expectations for financial stability during systemic disruptions.
6. Identify Gaps and Non-Conformities
List observations by priority level (Critical, Major, Minor), noting where current practices diverge from stated procedures, standards, or best practices
Example
A critical finding may emerge if CBS-9 (Customer Complaint and Dispute Resolution) lacks a backup system for complaint tracking during system outages, potentially leading to regulatory penalties or reputational damage.
7. Report Findings and Recommendations
Deliver a formal report to BSN’s Operational Resilience Steering Committee and senior management, outlining:
- Summary of findings
- Risk exposure analysis
- Recommended corrective actions
- Timelines and the responsible owner
Example:
The review of CBS-5 (Loan Disbursement and Repayment Processing) may result in a recommendation to strengthen data backup frequency to reduce data loss risk within the 24-hour recovery window.
8. Track and Monitor Corrective Actions
Implement a follow-up process to ensure that recommendations are addressed within agreed-upon timelines. Use dashboards or compliance tracking tools for visibility.
Example
Post-review of CBS-2 (Government Aid and Disbursement Services), an internal team may be assigned to oversee process improvements that ensure timely disbursements during state emergencies.
Integration with Continuous Improvement
This independent review process should be embedded into BSN’s annual review cycle and triggered:
- After major changes (e.g., new digital services launched)
- Following significant incidents or near misses
- When regulatory guidelines are updated
Summing Up ...
Conducting an Independent Quality Review is a crucial element of BSN’s commitment to continuous improvement in operational resilience.
It ensures that each critical business function—from digital banking and core systems to regulatory reporting—is regularly assessed for quality, reliability, and resilience.
By maintaining objectivity and transparency in this review process, BSN strengthens its ability to anticipate, absorb, and adapt to future disruptions, thereby safeguarding public trust and financial stability.
![[OR] [BSN] [E2] [C14] Five Stages of the "Sustain" Phase](https://no-cache.hubspot.com/cta/default/3893111/19244967-77c7-4b1a-9f99-ed65fb8ab4d5.png)
![[OR] [BSN] [E2] [C15] Introducing Cultural Change Management](https://no-cache.hubspot.com/cta/default/3893111/e62ca31e-de83-4ad8-9a58-f8b82f5a4e7d.png)
![[OR] [BSN] [E2] [C16] Developing a Communication Strategy](https://no-cache.hubspot.com/cta/default/3893111/ffc59ebf-45c6-47b7-8c7c-57b1428a3525.png)
![[OR] [BSN] [E2] [C17] Implementing Training and Awareness](https://no-cache.hubspot.com/cta/default/3893111/9b22a18e-8379-4c3a-a1f5-eac70c865c53.png)
![[OR] [BSN] [E2] [C18] Providing Self-Assessment](https://no-cache.hubspot.com/cta/default/3893111/6d299181-a6c8-402e-bb3d-4cc6e5d6fd16.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
