Operational Resilience Guideline

Synopsis of the Operational Resilience guideline of MAS- Monetary Authority of Singapore

Vinod Menon
Vinod Menon
Chief Product Officer
Vinod Menon
Vinod Menon
Chief Product Officer

Operational disruptions, if not recovered speedily, may compromise the ability of financial institutions (“FIs”) to meet their business obligations, resulting in financial and reputational damage, as well as inconvenience to customers.

MAS is concerned with both the soundness of individual FIs and the stability of the financial system. FIs are thus expected to have controls in place to minimise the occurrence of operational disruptions, including the identification of potential single points of failure early on and their elimination, where possible.

Application of Guideline

This set of MAS BCM (Business Continuity Management) Guidelines (hereafter referred as “the Guidelines”) contains sound BCM principles that FIs are encouraged to adopt. FIs are ultimately responsible for their business continuity preparedness and recovery from operational disruptions. FIs should establish policies, plans and procedures to ensure that their critical business services and functions can be promptly resumed following a disruption.

The Guidelines is applicable to all FIs as defined in Section 27A(6) of the Monetary Authority of Singapore Act.

Critical Business Services and Functions

Functions underpin the provision of business services to an FI’s customers. When a business function is disrupted, all the business services that are dependent on it could be disrupted, and as a result, amplify the operational or business impact to the FI. There may also be some business functions that do not directly contribute to business services, but their disruption could impact an FI’s safety and soundness.

Service Recovery Time Objective

The FI should establish a Service Recovery Time Objective (SRTO) for each critical business service. The SRTO, being a time-based metric, provides clarity within the FI on the expected recovery timelines for each business service. This will help to guide the prioritisation of resources during the planning and facilitate decision-making and monitoring of the recovery progress in a disruption.

Dependency Mapping

The financial sector has become increasingly interconnected with the growing reliance on common IT systems and third parties. As a first step to mitigate the risks arising from these linkages, the FI should identify and map the end-to-end dependencies covering people, processes, technology and other resources7 (including those involving third parties) that support each critical business service.

Concentration Risk

While there are economic benefits to be gained through the centralisation of operations, concentration risk may arise when there is concentration of people, technology or other required resources in the same zone. FIs may also be exposed to concentration risk when several of its critical business services and/or functions are outsourced to a single service provider.

Continuous Review and Improvement

BCM is an ongoing effort to ensure that the measures put in place are able to address operational risks posed by the latest threats, as well as plausible threats in the future. The FI should adopt a proactive business continuity posture by embedding BCM into its business-as-usual operations and establish BCPs that address a range of severe and plausible disruption scenarios, which may evolve over time.

Testing

Testing is crucial in validating an FI’s BCM preparedness. The FI should conduct regular and comprehensive testing to gain assurance that its response and recovery arrangements are robust, and enable them to continue the delivery of critical business services and functions in a timely and reliable manner following a disruption.

Audit

BCM audit is an important means to provide the FI with an independent assessment on the adequacy and effectiveness of the implementation of its BCM framework. The FI should ensure that its audit programme adequately covers the assessment of BCM preparedness based on the level of operational risks that it is exposed to.

Incident and Crisis Management

The FI should have robust processes to manage incidents in order to resume critical business services and functions within the stipulated SRTOs/RTOs. Where the delivery of a business service depends on multiple business functions, an overall coordinator should be appointed to coordinate incident management and recovery across affected functions.

Responsibilities of Board and Senior Management

The Board and senior management are ultimately responsible for the FI’s business continuity. A prolonged disruption in the performance of the FI’s critical business services and functions could significantly impair its reputation, financial safety and soundness, or in some instances, the proper functioning of the financial ecosystem.

You can read the full report in the link below:

https://www.mas.gov.sg/regulation/guidelines/guidelines-on-business-continuity-management

Recent Blog’s

Share

Explore more

SOP Digitization

Top Reasons to Switch to a Digital Standard Operating Procedure (SOPs)

Digital Standard Operating Procedure (SOPs) are documents having set of instructions which are maintained in an electronic way. Every company requires SOPs to circulate it …

SOP Digitization

Enhancement of Organizational Culture and Employee Engagement Through SOP Digitization

Importance Of Sop Digitization: Within business operations, Standard Operating Procedures (SOPs) have traditionally served as the foundation for enhancing efficiency, ensuring uniformity, and maintaining quality …

Compliance Assurance

The Role Of Technology In Automating Policy Compliance

WHAT IS COMPLIANCE? Compliance is a multifaceted process that ensures an organization follows applicable laws, regulations, and internal norms. Understanding and interpreting critical legal requirements …

Operational Resilience

Process Mapping – The What, Why and How?

What is Process Mapping? Let us break down the words. Process means “a series of actions you do for a particular purpose that produce an …

Operational Resilience

The Role of Process Mapping in Change Management

Change is constant in the fast-paced world of business. Companies must frequently adjust operations to respond to market developments, technology advancements, or internal reorganisation. Process …

Operational Resilience Regulatory Guidelines
Operational Resilience

Overview of the Australian Operational Resilience Regulatory Guidelines

The objective of this Prudential Standard CPS 230 is to establish and uphold operational resilience for APRA (Australian Prudential Regulation Authority) regulated entities. Such entities …

Incident Management

How Financial Institutions can benefit from Incident Management Solution?

Financial institutions, such as banks, insurance companies, and investment firms, face various challenges in their daily operations. They have to deal with complex regulations, high …

Risk Management

From Spreadsheets to Success: Advantages of Operational Risk Management Software for Financial Organizations

Many financial organizations still rely on spreadsheets to manage their operational risk data. While spreadsheet is a powerful and versatile tool, it has some limitations …

Operational Resilience

Building Resilience: The Crucial Role of Policy Management Solutions in Compliance with the Digital Operational Resilience Act(DORA)

A policy management solution is of utmost importance from a Digital Operational Resilience Act (DORA) regulation perspective. The DORA regulation aims to ensure the operational …

SOP Digitization Solution
SOP Digitization

How to Choose the Right SOP Digitization Solution?

Standard operating procedures (SOPs) are essential for any business that wants to ensure quality, consistency and compliance in its processes. However, managing SOPs can be …

SOP Digitization
SOP Digitization

Why is it Important for the Financial Institution to Digitize its Standard Operating Procedure?

The financial sector is undergoing a rapid transformation due to the emergence of new technologies, changing customer expectations, and increasing regulatory demands. In this context, …

6 step operational resilience blog
Operational Resilience

6 Simple Steps for Implementing an Operational Resilience Framework

On March 29, 2021, the Bank of England (BoE), Prudential Regulation Authority (PRA), and Financial Conduct Authority (FCA) jointly issued policy and supervisory statements to …

DORA Blog
Operational Resilience

Digital Operational Resilience Act (DORA) – A Brief Overview

The use of information and technology is essential in the modern era as it supports complex systems used for daily activities. It plays a critical …

Operational Resilience

Operational Resilience Program – Steps to Conduct a Failure Modes and Effect Analysis (FMEA)

Basel defines Operational Resilience as a bank`s ability to deliver critical operations even at times of disruption. This would mean that the bank should have …

Impact Tolerance
Operational Resilience

Impact Tolerance – Setting Impact Tolerance is a Vital Step to Build and Enhance Operational Resilience of an Organisation.

Impact Tolerance is quantifying the level of disruption, a critical business service can accommodate or absorb, before such disruption creates a significant impact or harm …

Risk & Resilience Approach
Risk Management

Improve your Organisation’s Decision Making and Response Mechanism through an Integrated Risk & Resilience Approach

During last twelve to twenty four months we have all experienced extraordinary uncertainty primarily due to natural calamity, COVID-19 pandemic, unstable global economy,  political differences …

Operational Resilience Programme
Operational Resilience

Operational Resilience Programme – Digitize your BIA (Business Impact Analysis) – An Important Step

Let’s first try and understand what is a BIA? Business Impact Analysis is a methodology which allows to predict the impact of disruption on your …

Business Process Model and Notation
BPMN

The What and Why of BPMN – Business Process Model and Notation

The Business Process Model Notation (BPMN) is a graphical representation for specifying business processes in a business process model. The objective of BPMN is to …

strengthening-operational-risk-management blog
Risk Management

Key Highlights of APRA`s Discussion Paper on Strengthening Operational Risk Management

Events of recent years like COVID-19, cyber-attacks, flood and storms etc. has reinforced the importance of managing and responding to operational risks. To ensure that …

Integrated Risk and Resilience Framework blog
Risk Management

An Integrated Risk and Resilience Framework – A Better Approach to Manage Uncertainty

Businesses across the globe have, in the last couple of years, seen exceptional uncertainty due to political tensions, economic turmoil, COVID-19 pandemic and others.   Markets …

Risk Management Process
Risk Management

The Seven Steps to Implementing an Effective Risk Management Process

Risk Management Process is a methodology by which risks are formally identified, measured and treated to ensure that risk is avoided, transferred or mitigated. As …

Simple steps to Automate and Standardise your Risk & Control Self Assessment (RCSA)
Risk Management

Simple steps to Automate and Standardise your Risk & Control Self Assessment (RCSA)

Risk and Control Self Assessment process is a widely accepted methodology used by banks, financial companies, insurance companies and others to identify and assess the …

Key Risk Indicators -A Powerful Tool to Anticipate Your Risk Within the Enterprise
Risk Management

Key Risk Indicators -A Powerful Tool to Anticipate Your Risk Within the Enterprise

In simple terms, Key Risk Indicator (KRI) is a metric used to measure the level of exposure to risk. These are indicators that denote the …

Hongkong’s Regulations for Operational Resilience
Operational Resilience

Hongkong’s Regulations for Operational Resilience

On 22nd December, 2021 HKMA (Hong Kong Monetary Authority) came up with a Supervisory Policy Manual for Operational Resilience to provide Authorized Institutions (AI) with …

Irelands’ Financial Service Sector Guidance on Operational Resilience
Operational Resilience

Irelands’ Financial Service Sector Guidance on Operational Resilience

The Central Bank of Ireland`s objective of this guidance is to communicate to industry how to prepare for, respond to and recover and learn from …

New Operational Resilience Regulation
Operational Resilience

New Operational Resilience Regulation for Financial Institutions in United States (USA)

The Federal Reserve, the Central Bank of the United States in August 2021 has released a paper intended to help community banks assess threats when …

Process Mapping is an important step in building an Operational Resilience Framework
Operational Resilience

Process Mapping is an important step in building an Operational Resilience Framework

The Covid -19 pandemic has clearly shown two trends within firms: The intensified use of technology and Operations can be managed through digital work force …

What is Game-Based Employee Onboarding? Tips and tricks to implement the right gamification strategy
Game-based Learning

What is Game-Based Employee Onboarding? Tips and tricks to implement the right gamification strategy

Learning begins with joining. Effective Onboarding contributes to a newbie commencing with confidence, feeling supported, and acclimatizing much sooner. Conversely, employees who spend weeks and …

Strategies for Improving Banks’ Operating Efficiency
Digital Transformation

Strategies for Improving Banks’ Operating Efficiency

Banks occupy a place of pride because of its structure of undivided attention and contemporary functions. They have come an extended way from merely performing …

Get started with Digital Identity Verification
Digital Identity

Get started with Digital Identity Verification

In a growing interconnected digital economy, identity verification of an individual’s real-world identity against their digital one has become ever critical in fraud detection. The …

Growing Importance of Operational Resilience in the Digital Era
Operational Resilience

Growing Importance of Operational Resilience in the Digital Era

Operational Resilience assumes that things will go wrong, and it will force organizations to plan on how to recover from the disruption. It is a …

Why are organizations jumping onto the AI-enabled Identity verification bandwagon?
Digital Identity

Why are organizations jumping onto the AI-enabled Identity verification bandwagon?

Who has not experienced being asked to show some kind of government ID, be it to receive your courier, or check into a hotel, or …

What is Identity Proofing?
Digital Identity

What is Identity Proofing?

As per the Digital Identity Guidelines published by NIST, a US agency, Identity Proofing is verifying the claimed identity of an applicant by authenticating the …

New Amendment to KYC Regulation by RBI
Digital Identity

New Amendment to KYC Regulation by RBI – 10th May, 2021

In Jan 2020, Reserve Bank of India amended the KYC norms allowing banks and other lending institutions to use Video based Customer Identification Process (VCIP) …

5 Steps to a Successful Execution of a Digital Transformation Project
Digital Transformation

5 Steps to a Successful Execution of a Digital Transformation Project

Digital Transformation is bringing about a radical shift in the way you run your business, deliver services or manage your customers. The objective of digital …