Header Top Bar

WhatsApp Us +65 8699 8821

What Are the Revised Guidelines on Business Continuity Management (BCM)?

What Are the Revised Guidelines on Business Continuity Management (BCM)?

The financial sector in Singapore relies on trust and confidence in the ecosystem’s ability to protect assets and process transactions efficiently for its proper functioning. If not quickly resolved, operational disruptions may affect the ability of Financial Institutions (FIs) to meet their business obligations, leading to financial and reputational damage, and inconvenience to customers.

Given the high interconnectivity of FIs, severe disruptions may trigger a broader spread of the detrimental effects on the financial system. The Monetary Authority of Singapore (MAS) is focused on both the soundness of individual FIs and the overall stability of the financial system.

Hence, FIs are expected to implement controls to minimise operational disruptions, including the early identification and elimination of potential single points of failure. Despite the best efforts of FIs to achieve operational resilience, disruptions can still occur due to various factors, some beyond their control.


Why is Business Continuity Management (BCM) Important?

An effective BCM framework is crucial in reducing the impact of any operational disruptions, such as cyber-attacks or pandemics, ensuring that FIs can continue delivering financial services consistently.

The implementation of the BCM Guidelines by an FI should be proportionate to the nature, size, risk profile, and complexity of its business operations.

Engage Reliable BCM Audit Service

What Are the Revised MAS Business Continuity Management Guidelines?

The revised MAS business continuity management guidelines were released on 6 June 2022. These guidelines set out the need for FIs to take an end-to-end service-centric view to ensure the continuous delivery of critical business services to their customers.

FIs are expected to meet the new Guidelines, establish a BCM audit plan within 12 months of its issuance, and conduct the first BCM audit within 24 months of the Guidelines’ issuance.

What Does the BCM Audit Cover?

The BCM audit covers the following focus areas:

  • Critical Business Services and Functions
  • Service Recovery Time Objective
  • Dependency Mapping
  • Concentration Risk
  • Continuous Review and Improvement
  • Testing
  • Audit Requirement
  • Incident and Crisis Management
  • Responsibilities of Board and Senior Management

Key Learning Outcomes of BCM Audits Conducted by InCorp

Based on the BCM audits that our risk assurance team at InCorp has conducted, we summarised these key learning outcomes:

Maintain Documentation

To mitigate the risks arising from critical business system linkages, documentation showing that the FIs have identified and mapped the end-to-end dependencies covering people, processes, technology, and other resources (including those involving third parties) that support each critical business service should be maintained.

Formalise BCP Policies and Procedures

The BCP policies and procedures should be formalised and include pre-defined criteria for the Business Continuity Plan (BCP) and Crisis Management activation. This move allows the FIs to respond quickly and effectively when a disruption occurs, thereby minimising downtime, financial losses, and other negative impacts on the business.

Review Potential Operational Disruptions

Financial institutions can strengthen their BCP by reviewing possible operation disruptions or studies from other organisations to enhance their business continuity preparedness. It is also crucial to consider participating in industry and cross-sector exercises organised by government agencies, regulatory bodies, industry associations, and financial market infrastructure operators. This allows the FIs to identify gaps and gain useful insights to improve their BCM policies, plans, and procedures.

Apply Relevant Threat Monitoring and Reporting Practices

Implementing relevant practices for threat monitoring and reporting, such as subscribing to MAS’ news and updates and circulating them across FIs, assists in keeping relevant personnel updated about emerging threats.

Establish Regular BCP Tests

Formalise requirements to set up periodic BCP tests for recovery strategies of critical business services by considering scenario testing about the vulnerabilities identified in FI’s Business Continuity Plan. This familiarises FIs and service providers with recovery processes and improves coordination between parties. This can also surface potential issues of the BCP’s feasibility at the execution stage.


Let InCorp Manage Your BCM Audit

At InCorp, our experienced risk assurance team helps ensure your organisation is fully prepared to handle any disruptions with minimal impact. We bring extensive knowledge and a thorough understanding of BCM standards, enabling us to identify potential vulnerabilities and recommend effective solutions.

We tailor our approach to fit your unique operational needs, ensuring compliance with regulatory requirements and industry best practices. By entrusting InCorp with your BCM audit, you can focus on your core business activities and stay confident that your organisation is well-equipped to maintain resilience in the face of any challenges.

Contact our team to find out more today!

FAQs about Business Continuity Management (BCM)

  • A Business Continuity Plan (BCP) is a plan that establishes the roles and responsibilities, resources, and processes needed to recover and fulfil the FI’s business obligations after an operational disruption and restore its operations.
  • Since FIs must conduct the first BCM audit within 24 months of the Guidelines' issuance, they must have done so by 6 June 2024.
  • A BCM is a management process that integrates various strategies, plans, and procedures to ensure an organisation can continue its critical operations during and after a disruption. On the other hand, a BCP is a key component of BCM that involves creating detailed plans and procedures to ensure the continuity of critical business functions during and after a disruption.

Engage Us

Leave your BCM audit to the experts!

About the Author

Ruby Rouben

Ruby brings over 16 years of extensive experience in the audit field to the role, the majority of which was spent leading the internal audit and risk advisory engagements across publicly listed companies, institutions of higher learning, MNCs, statutory boards, ministries, and more. In recent years, Ruby has focused on advancing sustainability consultancy services, leading internal evaluations of the sustainability reporting processes for publicly listed companies. This shift underscores Ruby's commitment to enhancing corporate responsibility and environmental stewardship in the business landscape.

More on Business Blogs

Contact Us