The Monetary Authority of Singapore (MAS) issued a second consultation on revisions to the guidelines on business continuity management, with the feedback period ending on November 15, 2021. This second consultation includes revisions to address feedback received from the first consultation published in 2019 and incorporates key lessons learned from the COVID-19 pandemic. It builds on policy intent from the first consultation to further emphasize the need for financial institutions to take an end-to-end view in ensuring the continuous delivery of critical business services and introduce principles and practices that financial institutions can implement to strengthen operational resilience. While this second consultation is ongoing, financial institutions are directed to continue to refer to the 2003 guidelines and supplementary guidance.
The proposals cover guidance on third-party dependencies; exposure to concentration risk when several of an institution's critical business functions are outsourced to a single provider; threat monitoring, review, and reporting; testing of business continuity management frameworks and undertake effective remedial actions; and responsibilities of Board and senior management. The guidelines stipulate that, in establishing recovery strategies, a financial institution should adopt an end-to-end view of the critical business services’ dependencies, to not only consider the recovery of individual processes, but the complete set of processes supporting the delivery of the service. This will minimize the degree of disruption, safeguard customer interests, and maintain the safety and soundness of financial institutions. Financial institutions should also ensure clear accountability and responsibility for the overall business continuity of each critical business service. Where the delivery of a business service depends on multiple business functions, an overall manager should be appointed to coordinate incident management across the affected functions and oversee the resumption of the business service in the event of a disruption.
Comment Due Date: November 15, 2021
Keywords: Asia Pacific, Singapore, Banking, Business Continuity, Guidance, Operational Risk, Cyber Risk, Outsourcing Arrangements, Cloud Service Providers, Regtech, MAS
Previous ArticleBDF Updates Documentation for AnaCredit Reporting
The Australian Prudential Regulation Authority (APRA) found that Heritage Bank Limited had incorrectly reported capital because of weaknesses in operational risk and compliance frameworks, although the bank did not breach minimum prudential capital ratios at any point and remains well-capitalized.
The Office of the Superintendent of Financial Institutions (OSFI) released the annual report for 2020-2021.
The Australian Prudential Regulation Authority (APRA) released the final Prudential Practice Guide on management of climate change financial risks (CPG 229) for banks, insurers, and superannuation trustees.
The European Banking Authority (EBA) Single Rulebook Question and Answer (Q&A) tool updates for this month include answers to 10 questions.
The European Commission (EC) has adopted a package of measures related to the Capital Markets Union.
The European Council adopted its position on two proposals that are part of the digital finance package adopted by the European Commission in September 2020, with one of the proposals involving the regulation on markets in crypto-assets (MiCA) and the other involving the Digital Operational Resilience Act (DORA).
The Prudential Regulation Authority (PRA) is proposing, via the consultation paper CP21/21, to apply group provisions in the Operational Resilience Part of the PRA Rulebook (relevant for the Capital Requirements Regulation or CRR firms) to holding companies.
The Board of Governors of the Federal Reserve System (FED) published a report that summarizes banking conditions in the United States, along with the supervisory and regulatory activities of FED.
The European Banking Authority (EBA) published the final report on draft regulatory technical standards for the calculation of risk-weighted exposure amounts of collective investment undertakings or CIUs, in line with the Capital Requirements Regulation (CRR).
The Australian Prudential Regulation Authority (APRA) recently completed two pilot initiatives in its 2020-2024 Cyber Security Strategy, which was published in November 2020.