Implementing Operational Resilience for KWAP
Chapter 11
Setting Impact Tolerance: Defining KWAP's Operational Resilience Thresholds
Having identified Critical Business Services (CBS) and mapped their supporting processes, Kumpulan Wang Persaraan (Diperbadankan) (KWAP) must now establish clear boundaries for acceptable disruption through an Impact Tolerance setting.
This third stage of the implementation phase determines how much stress KWAP's essential services can withstand before consequences become unacceptable - a crucial requirement under Bank Negara Malaysia's Operational Risk Management framework.
This article examines KWAP's methodology for setting impact tolerances, their role in resilience measurement, and practical approaches for implementation.
The Critical Role of Impact Tolerance in Pension Fund Resilience
As custodian of Malaysia's public sector retirement funds, KWAP must define precisely:
- Maximum allowable downtime for pension processing
- Thresholds for financial/data loss in investment operations
- Service degradation limits affecting stakeholders
Well-calibrated impact tolerances serve as:
- Measurable benchmarks for resilience testing
- Early warning indicators for crisis response
- Board-level metrics for governance oversight
KWAP's Framework for Establishing Impact Tolerances
1. Categorize Impact Dimensions
For each Critical Business Service, define tolerance levels for:
|
Dimension |
Example Metrics |
|
Financial |
Maximum allowable loss per incident |
|
Operational |
Downtime thresholds (minutes/hours) |
|
Data |
Tolerable data loss/inaccuracy |
|
Reputational |
Media/Social media impact thresholds |
|
Regulatory |
Reporting deadline compliance |
2. Quantitative vs Qualitative Thresholds
- Quantitative: "Pension disbursements must process 95% of transactions within 4 business hours of disruption"
- Qualitative: "No incident should generate more than 3 mainstream media negative reports"
3. Stakeholder Alignment Process
- Risk team proposes initial thresholds
- Business units validate operational feasibility
- Board Risk Committee approves final tolerances
4. Regulatory Alignment
Ensure tolerances meet:
- BNM's Policy Document on Operational Risk
- SC's Guidelines on Business Continuity
- ISO 22301 (BCMS) standards
Implementation Challenges & Solutions
Challenge 1
Balancing stringent tolerances with practical feasibility
➔ Solution: Graduated tiers (e.g., "Green/Amber/Red" thresholds)
Challenge 2
Dynamic market conditions affecting thresholds
➔ Solution: Quarterly reviews with investment teams
Challenge
Third-party service dependencies
➔ Solution: Contractual SLA alignment with vendors
Expected Outcomes
- Board-approved impact tolerance statements for all CBS
- Clear escalation triggers for incident management
- Regulator-ready documentation demonstrating compliance
- Baseline metrics for upcoming scenario testing
Best Practices for KWAP
- Segment tolerances by CBS criticality level
- Implement monitoring tools for real-time threshold tracking
- Conduct war games to validate thresholds
- Integrate with ERM systems for a holistic risk view
Next Steps: Scenario Testing
With impact tolerances established, KWAP progresses to stress-testing these limits through realistic disruption scenarios - the crucial validation stage before continuous improvement.
Summing Up ...
For KWAP, setting precise impact tolerances transforms resilience from an abstract concept to a measurable operational reality.
By defining exactly how much disruption each critical service can endure, the organisation creates an objective framework to:
- Guide resilience investments
- Trigger timely responses
- Demonstrate regulatory compliance
- Ultimately safeguards pensioners' interests
This stage provides the crucial benchmarks that make resilience actionable and accountable at all organisational levels.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To further enhance your expertise, explore the OR-5000 Operational Resilience Expert Implementer course by BCM Institute. This expert-level certification program provides the skills and strategies to build and sustain a resilient organisation.
The course is also claimable by HRD Corp, making it an excellent opportunity for professionals looking to upskill with financial support.
To learn more about the course and schedule, click the buttons below for the [OR-3] OR-300 Operational Resilience Implementer course and the [OR-5] OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/e4287b59-1a43-4e10-8e43-c73b27b3ca39.png?width=172&height=50&name=e4287b59-1a43-4e10-8e43-c73b27b3ca39.png)
![[BL-OR] [3] FAQ OR-300](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/294e989f-8613-4bf3-96a5-a89408cfb9ca.png?width=150&height=150&name=294e989f-8613-4bf3-96a5-a89408cfb9ca.png)
![Email to Sales Team [BCM Institute]](https://blog.bcm-institute.org/hs-fs/hubfs/hub_generated/resized/850988ce-aa7d-4953-95cf-797635341edd.png?width=100&height=100&name=850988ce-aa7d-4953-95cf-797635341edd.png)
