About the guidelines
On 6 June 2022, the Monetary Authority of Singapore (MAS) launched the revised Business Continuity Management (BCM) Guidelines for Financial Institutions (FIs) in Singapore.
Quoting MAS,
“The revised Guidelines provide new insights on measures that FIs can take to better manage the increasingly complex operating environment and threat landscape to enable the continuous delivery of services to their customers. Under the revised Guidelines, FIs should:
- adopt a service-centric approach through timely recovery of critical business services facing customers;
- identify end-to-end dependencies that support critical business services, and address any gaps that could hinder the effective recovery of such services; and
- enhance threat monitoring and environmental scanning, and conduct regular audits, tests, and industry exercises.”
Summary of key changes
1. Reframe existing BCM programmes for a customer service-centric approach
To become more customer service-centric, FIs have to re-frame their existing BCM programme around their customers.
2. Introducing Service Recovery Time Objectives (SRTO)
SRTO is the time taken to restore a disrupted business service back to an operational state. FIs should implement recovery strategies to enable the FI to meet the SRTO of business services.
3. Focus on third party providers
FIs should identify third party providers and obtain assurance from them that SRTOs can be met, and prepare for unforeseen circumstances such as the failure or termination of third party providers by having backup arrangements.
4. Audit requirements
BCM audits should be performed for each critical business service at least once every three years and auditors should be qualified and possess BCM knowledge.
5. Enhancing crisis management (CM) and communications
FIs should create a CM structure with predefined roles, responsibilities and triggers. This is so that the BCP and CM structure can be preemptively activated before the performance of a critical business service is reduced or intermittent.
Key considerations for FIs: Immediate way forward
- Perform a gap assessment of their current BCM structure against the requirements of the new guideline to determine the extent of effort required.
- Identify internal competency and capacity and determine resources needed to implement the new guidelines.
