PwC Singapore's perspectives on the MAS Revised BCM Guidelines

Setting sound practices with the latest MAS guidelines

About the guidelines

On 6 June 2022, the Monetary Authority of Singapore (MAS) launched the revised Business Continuity Management (BCM) Guidelines for Financial Institutions (FIs) in Singapore.

Quoting MAS,

“The revised Guidelines provide new insights on measures that FIs can take to better manage the increasingly complex operating environment and threat landscape to enable the continuous delivery of services to their customers. Under the revised Guidelines, FIs should:

  • adopt a service-centric approach through timely recovery of critical business services facing customers;
  • identify end-to-end dependencies that support critical business services, and address any gaps that could hinder the effective recovery of such services; and
  • enhance threat monitoring and environmental scanning, and conduct regular audits, tests, and industry exercises.”

Summary of key changes

1. Reframe existing BCM programmes for a customer service-centric approach

To become more customer service-centric, FIs have to re-frame their existing BCM programme around their customers.

2. Introducing Service Recovery Time Objectives (SRTO)

SRTO is the time taken to restore a disrupted business service back to an operational state. FIs should implement recovery strategies to enable the FI to meet the SRTO of business services.

3. Focus on third party providers

FIs should identify third party providers and obtain assurance from them that SRTOs can be met, and prepare for unforeseen circumstances such as the failure or termination of third party providers by having backup arrangements.

4. Audit requirements

BCM audits should be performed for each critical business service at least once every three years and auditors should be qualified and possess BCM knowledge.

5. Enhancing crisis management (CM) and communications

FIs should create a CM structure with predefined roles, responsibilities and triggers. This is so that the BCP and CM structure can be preemptively activated before the performance of a critical business service is reduced or intermittent.

Key considerations for FIs: Immediate way forward

  1. Perform a gap assessment of their current BCM structure against the requirements of the new guideline to determine the extent of effort required.
  2. Identify internal competency and capacity and determine resources needed to implement the new guidelines.

Contact us

Jayme Metcalfe

Partner, Digital Solutions, PwC Singapore

+65 8729 0306

Email

Leslie Leow

Senior Manager, Digital Solutions, PwC Singapore

+65 9837 4713

Email

Follow us
Hide

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.