The Monetary Authority of Singapore (MAS) issued a second consultation on revisions to the guidelines on business continuity management, with the feedback period ending on November 15, 2021. This second consultation includes revisions to address feedback received from the first consultation published in 2019 and incorporates key lessons learned from the COVID-19 pandemic. It builds on policy intent from the first consultation to further emphasize the need for financial institutions to take an end-to-end view in ensuring the continuous delivery of critical business services and introduce principles and practices that financial institutions can implement to strengthen operational resilience. While this second consultation is ongoing, financial institutions are directed to continue to refer to the 2003 guidelines and supplementary guidance.
The proposals cover guidance on third-party dependencies; exposure to concentration risk when several of an institution's critical business functions are outsourced to a single provider; threat monitoring, review, and reporting; testing of business continuity management frameworks and undertake effective remedial actions; and responsibilities of Board and senior management. The guidelines stipulate that, in establishing recovery strategies, a financial institution should adopt an end-to-end view of the critical business services’ dependencies, to not only consider the recovery of individual processes, but the complete set of processes supporting the delivery of the service. This will minimize the degree of disruption, safeguard customer interests, and maintain the safety and soundness of financial institutions. Financial institutions should also ensure clear accountability and responsibility for the overall business continuity of each critical business service. Where the delivery of a business service depends on multiple business functions, an overall manager should be appointed to coordinate incident management across the affected functions and oversee the resumption of the business service in the event of a disruption.
Comment Due Date: November 15, 2021
Keywords: Asia Pacific, Singapore, Banking, Business Continuity, Guidance, Operational Risk, Cyber Risk, Outsourcing Arrangements, Cloud Service Providers, Regtech, MAS
Previous ArticleBDF Updates Documentation for AnaCredit Reporting
The European Banking Authority (EBA) published four draft principles to support supervisory efforts in assessing the representativeness of COVID-19-impacted data for banks using the internal ratings based (IRB) credit risk models.
The Bank for International Settlements (BIS) Innovation Hub updated its work program, announcing a set of projects across various centers.
Certain members of the U.S. Senate Committee on Banking, Housing, and Urban Affairs issued a letter to the Securities and Exchange Commission (SEC)
The European Insurance and Occupational Pensions Authority (EIOPA) published a consultation paper on the advice on the review of the securitization prudential framework in Solvency II.
The Prudential Regulation Authority (PRA) issued a statement on PRA buffer adjustment while the Bank of England (BoE) published a notice on the statistical reporting requirements for banks.
The Federal Financial Supervisory Authority of Germany (BaFin) proposed to amend the “Capital Investment Conduct And Organization Ordinance” and issued a draft circular on the minimum resolvability requirements for resolution planning.
The European Banking Authority (EBA) proposed guidelines, for the resolution authorities, on the publication of the write-down and conversion and bail-in exchange mechanic, with the comment period ending on September 07, 2022.
The Financial Services Authority of Indonesia (OJK) is strengthening cooperation with the Australian Prudential Regulation Authority (APRA) and the Japanese Financial Services Agency (JFSA)
The European Parliament and the Council published Regulation 2022/868 on European data governance (Data Governance Act).
The European Banking Authority (EBA) published phase 2 of its reporting framework 3.2. The technical package supports the implementation of the updated reporting framework by providing standard specifications