BNM Consults on Basel Requirements, Issues Business Continuity Policy

The proposed framework on CCP exposures under Basel III requires financial institutions to capitalize their trade and default fund exposures to CCPs, where the capital requirements are differentiated based on qualifying CCP (QCCP) and non-qualifying CCP. The requirements in this policy document shall apply to financial institutions’ exposures to CCP arising from over-the-counter (OTC) derivatives transactions, exchange-traded derivatives transactions, securities financing transactions, and long settlement transactions. The proposed policy document is part of the Capital Adequacy Framework and will come into effect no earlier than [July 01, 2023]. Taking into the account the implementation roadmap of the overall Basel III regulatory reforms, BNM is proposing the following transitional arrangements:

• The exposure value will be calculated based on the existing method to calculate counterparty credit risk capital, namely the Current Exposure Method (CEM) as set out in the risk weighted assets treatment of the Capital Adequacy Framework. The CEM will be replaced by the Standardized 
  Approach to Counterparty Credit Risk (SA-CCR) framework when the latter is finalized by BNM. Financial institutions will be given sufficient time to prepare for the implementation of SA-CCR
• A standardized 2% risk-weight will be applied for the computation of capital requirements for the default fund exposures to Bursa Malaysia Derivatives Clearing Berhad (BMDC). This will be replaced by the full-fledged approach stipulated in paragraph 10 after the SA-CCR comes into effect. For default fund exposures to other QCCPs, financial institutions shall apply the full-fledged approach specified in paragraph 10 on the effective date of this policy document.

The exposure draft on hajah and darurah sets out the proposed requirements and expectations for the application of hajah (need) and darurah (dire necessity) by Islamic financial institutions in carrying out Islamic banking and takaful business. Hajah and darurah concepts have been applied in Islamic financial business to address hardship or difficulties in executing financial transactions or arrangements based on Shariah principles. The application of hajah and darurah arises during unfavorable circumstances or distress situations facing an Islamic financial institution to prevent harm (mafsadah) and ultimately attain benefit (maslahah). The exposure draft aims to seek feedback from Islamic financial institutions on the following:

• Parameters of hajah and darurah and their scope of application
• Requirements relating to responsibilities of the board, Shariah committee, senior management, and control functions of the Islamic financial institutions in ensuring a comprehensive and robust assessment as well as effective implementation of the application of hajah and darurah
• Requirements and policy guidance relating to the processes and procedures that facilitate Shariah deliberation and decision-making concerning hajah and darurah in the Islamic financial institutions

The policy on business continuity management aims to facilitate the development and implementation of a robust business continuity management framework; it also aims to facilitate policies and processes by financial institutions, which are integrated with their overall risk appetite and reinforce sound risk management practices. Another aim is to strengthen the capacity and preparedness of financial institutions to respond and recover from operational disruptions and to preserve the continuity of critical business functions and essential services within a specified timeframe in the event of an operational disruption. The policy applies to all financial institutions and will come into effect on December 19, 2023, with the exception of the requirement on the testing of disaster recovery plan as specified in paragraph 9.48, which comes into effect on December 19, 2025. A financial institution is permitted to implement requirements in paragraph 9.48 earlier than December 19, 2025. The policy document is accompanied by a post-consultation feedback statement and two attachments in the form of templates—Level of Disruption (LoD) Reporting Form for non-cyber incidents and Cyber Incident Scoring System (CISS) Form for cyber incidents.

Related Links

• Exposure Draft on Capital Adequacy Rules
• Press Release on Hajah and Darurah
• Proposed Rules on Hajah and Darurah (PDF)
• Policy on Business Continuity (PDF)
• Business Continuity Related Documents

Keywords: Asia Pacific, Malaysia, Banking, Business Continuity, Operational Risk, Islamic Banking, Basel, Regulatory Capital, OTC Derivatives, Operational Resilience, Cyber Risk, Cyber Incident Reporting, SA CCR, Regtech, BNM