The Monetary Authority of Singapore (MAS) issued a second consultation on revisions to the guidelines on business continuity management, with the feedback period ending on November 15, 2021. This second consultation includes revisions to address feedback received from the first consultation published in 2019 and incorporates key lessons learned from the COVID-19 pandemic. It builds on policy intent from the first consultation to further emphasize the need for financial institutions to take an end-to-end view in ensuring the continuous delivery of critical business services and introduce principles and practices that financial institutions can implement to strengthen operational resilience. While this second consultation is ongoing, financial institutions are directed to continue to refer to the 2003 guidelines and supplementary guidance.
The proposals cover guidance on third-party dependencies; exposure to concentration risk when several of an institution's critical business functions are outsourced to a single provider; threat monitoring, review, and reporting; testing of business continuity management frameworks and undertake effective remedial actions; and responsibilities of Board and senior management. The guidelines stipulate that, in establishing recovery strategies, a financial institution should adopt an end-to-end view of the critical business services’ dependencies, to not only consider the recovery of individual processes, but the complete set of processes supporting the delivery of the service. This will minimize the degree of disruption, safeguard customer interests, and maintain the safety and soundness of financial institutions. Financial institutions should also ensure clear accountability and responsibility for the overall business continuity of each critical business service. Where the delivery of a business service depends on multiple business functions, an overall manager should be appointed to coordinate incident management across the affected functions and oversee the resumption of the business service in the event of a disruption.
Comment Due Date: November 15, 2021
Keywords: Asia Pacific, Singapore, Banking, Business Continuity, Guidance, Operational Risk, Cyber Risk, Outsourcing Arrangements, Cloud Service Providers, Regtech, MAS
Previous ArticleBDF Updates Documentation for AnaCredit Reporting
The European Banking Authority (EBA) launched the 2023 European Union (EU)-wide stress test, published annual reports on minimum requirement for own funds and eligible liabilities (MREL) and high earners with data as of December 2021.
The European Banking Authority (EBA) proposed implementing technical standards on the interest rate risk in the banking book (IRRBB) reporting requirements, with the comment period ending on May 02, 2023.
The U.S. Federal Reserve Board (FED) set out details of the pilot climate scenario analysis exercise to be conducted among the six largest U.S. bank holding companies.
The Board of Governors of the Federal Reserve System (FED) adopted the final rule on Adjustable Interest Rate (LIBOR) Act.
The European Central Bank (ECB) published an updated list of supervised entities, a report on the supervision of less significant institutions (LSIs), a statement on macro-prudential policy.
The Hong Kong Monetary Authority (HKMA) published a circular on the prudential treatment of crypto-asset exposures, an update on the status of transition to new interest rate benchmarks.
The European Commission (EC) adopted the standards addressing supervisory reporting of risk concentrations and intra-group transactions, benchmarking of internal approaches, and authorization of credit institutions.
The China Banking and Insurance Regulatory Commission (CBIRC) issued rules to manage the risk of off-balance sheet business of commercial banks and rules on corporate governance of financial institutions.
The Hong Kong Monetary Authority (HKMA) made announcements to address sustainability issues in the financial sector.
The European Banking Authority (EBA) published regulatory standards on identification of a group of connected clients (GCC) as well as updated the lists of identified financial conglomerates.