Self-Assessment Questionnaire on Operational Resilience
![[OR][BSP Framework] Self-Assessment Questionnaire](https://no-cache.hubspot.com/cta/default/3893111/808fca4c-e301-47ae-baf8-cea747da6ee6.png)
The evolving regulatory landscape requires financial institutions to continually strengthen their operational resilience (OR) frameworks.
In this context, the Self-Assessment Questionnaire (SAQ) provides a structured tool to help BSP-supervised financial institutions (BSFIs) evaluate their preparedness for operational disruptions.
This article explains the SAQ's key objectives, structure, and timeline and is a practical example for professionals navigating their institution's OR journey.
Objectives of the Self-Assessment Questionnaire
- Evaluate OR Capabilities. The SAQ offers an overview of the BSFI's current OR capabilities and pinpoints areas for further development.
- Support Leadership and Supervision. It aids the Board, senior management, and bank supervisors understand the organisation's operational resilience readiness.
- Capture the OR Journey. The SAQ documents the institution's progress toward achieving operational resilience, serving as a benchmark and a roadmap for future enhancements.
Timeline for Compliance
BSFIs must submit a transition plan, comprising a gap analysis and action plan, to the BSP's supervising department within one year of the Circular’s effectivity.
The SAQ forms the basis of this submission.
Critical Elements of the Self-Assessment Questionnaire
The SAQ comprises multiple sections designed to guide financial institutions through a systematic evaluation of their operational resilience framework.
Part I: Gap Analysis
For the detailed guided questions, refer to Appendix II, "Self-Assessment Questionnaire (SAQ) on the Operational Resilience Framework. "
The Gap Analysis focuses on assessing compliance with the BSP's circular and identifying areas that need improvement. It involves three key steps:
- Assessment of Compliance. The institution evaluates whether it is entirely, partially, or non-compliant with the requirements.
- Identifying Gaps. This step pinpoints the areas where the institution falls short of the requirements.
- Action Plans. The institution proposes specific measures to address the identified gaps and enhance its OR capabilities.
A. Governance Structure
Critical questions for this section include:
- Does the BSFI have a dedicated Board-level committee overseeing the integration of operational resilience?
- Have roles and responsibilities for operational resilience been defined for senior management, business units, and risk management functions?
- For foreign banks, has the head office implemented an OR framework applicable to the Philippine branch?
Actionable Insight. A strong governance structure is essential for implementing a robust OR framework. Financial institutions must establish apparent leadership oversight and articulate roles and responsibilities across different departments.
B. Vital Elements of Operational Resilience
Identify Critical Operations
- Has the institution identified and gained Board approval for critical operations?
- Have changes been made to the business model or processes following the identification of these operations?
Set Tolerance for Disruption
- What is the institution’s tolerance for disruption, and how is it set?
- Which personnel are responsible for ensuring that operations remain within the set tolerance levels?
Determine Severe but Plausible Scenarios
- Has the institution identified scenarios that could significantly impact critical operations?
- Are “severe and plausible” scenarios included, such as coordinated cyberattacks or natural disasters like the "Big One"?
Map Interconnections and Interdependencies
- Has the institution mapped the interconnections and interdependencies of critical operations?
- Are vulnerabilities identified during the mapping process? What action plans are in place to address them?
Plan for and Manage Risks
- Have disruptions or vulnerabilities been identified that could affect critical operations?
- What measures are in place to ensure that critical operations can continue throughout a disruption?
Business Continuity Management (BCM) and Testing
- Is BCM integrated into the institution’s operational resilience framework?
- Has the institution conducted business continuity exercises for severe and plausible scenarios, ensuring alignment with identified critical operations?
Respond to and Recover from Disruptive Events
- How will response and recovery strategies mitigate harm to customers and the financial system?
- Are internal and external communication plans in place for operational disruptions?
Review, Refine, and Update the OR Framework
- Does the institution maintain a database of disruptions affecting critical operations?
- How often does the institution review and update its OR framework, and who is responsible?
Action Steps for BSFIs
BSFIs should leverage the SAQ to:
- Engage Leadership. Ensure active involvement of the Board and senior management in overseeing operational resilience efforts.
- Identify Critical Gaps. Use the gap analysis to highlight weaknesses and non-compliance with the regulatory requirements.
- Develop Action Plans. Proactively develop and implement measures to address governance, operational processes, and risk management gaps.
- Test Continuity Plans. Regularly test business continuity and recovery plans against severe scenarios to ensure operational resilience.
Summing Up...
The Self-Assessment Questionnaire offers a comprehensive framework for BSFIs to assess and enhance their operational resilience capabilities.
By systematically addressing governance structures, identifying critical operations, and preparing for severe but plausible scenarios, financial institutions can ensure they are well-prepared to navigate operational disruptions.
The SAQ is a regulatory requirement and a vital tool in the institution’s broader risk management strategy.
![[OR][BSP Guidelines] Key Implementation and Components](https://no-cache.hubspot.com/cta/default/3893111/cceda0e6-1ccc-48c6-8ecc-682910430f1a.png)
![[OR][BSP Guidelines] Key OR Definition](https://no-cache.hubspot.com/cta/default/3893111/8dd61913-65fe-44ad-97f8-47238d1f8b4b.png)
![[OR][BSP Guidelines] Integrate with RM Functions](https://no-cache.hubspot.com/cta/default/3893111/37691436-8d68-41be-a5a8-581ec9f2fe05.png)
![[OR][BSP Guidelines] Key OR Elements](https://no-cache.hubspot.com/cta/default/3893111/f2158ca9-da8f-480f-8363-61de808980ff.png)
![[OR][BSP Guidelines] Reporting, Notification and Supervisory Requirements](https://no-cache.hubspot.com/cta/default/3893111/e3798ac3-ed8d-4cc0-8924-601cfd0790d1.png)
![[OR][BSP Framework] Summary Self-Assessment Questionnaire](https://no-cache.hubspot.com/cta/default/3893111/68471eaf-e58a-4161-8652-522eb6f446b4.png)
![[OR][BSP Framework] SAQ Part 1 & 2](https://no-cache.hubspot.com/cta/default/3893111/f37ce406-f6b6-47ab-b169-fa3cd1212070.png)
![[OR][BSP] Guidelines on Operational Resilience](https://no-cache.hubspot.com/cta/default/3893111/ac2b5dca-cbb2-493d-bc3c-67439a8b91f5.png)
More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/e4287b59-1a43-4e10-8e43-c73b27b3ca39.png?width=172&height=50&name=e4287b59-1a43-4e10-8e43-c73b27b3ca39.png)
![[BL-OR] [3] FAQ OR-300](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/294e989f-8613-4bf3-96a5-a89408cfb9ca.png?width=150&height=150&name=294e989f-8613-4bf3-96a5-a89408cfb9ca.png)
![Email to Sales Team [BCM Institute]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/850988ce-aa7d-4953-95cf-797635341edd.png?width=100&height=100&name=850988ce-aa7d-4953-95cf-797635341edd.png)
