Business Continuity Planning (BCP) requirements by Monetary Authority of Singapore (MAS) in Singapore have been operational since 2003. However, in June 2022, the requirements were revised and updated to take into account the deluge of changes in the last two decades. The thrust of the new framework is the requirement to consider an end-to-end service-centric view on operational risks in order to ensure continuous delivery of critical business services to customers.
Action required: The new Guideline will be effective on 6 June 2023 where an audit plan must also be ready. The audit must be conducted by 6 June 2024.
As the Compliance Officer, what does this mean for you?
Ten months have already passed since the final requirements were published. Will you be ready if not now, with the next month or two to comply with the new requirements of the Business Continuity Management Guidelines (“BCMG”) ?
Have you scheduled training not just for those involved in BCP, but also for your Board and senior management so they all understand the intent and implications of the BCMG as it applies to your firm?
Have you clearly articulated how the BCMG applies to your firm, and put in place records of all Suspicious Transactions Reporting Office (STRO) and strategies, taken into account all dependences and reliances on third parties?
Most importantly, is the audit plan formulated as this must be ready by 6 of June 2023?
How Reglex can help
In partnership with Leaman Crellin, we have designed a Business Continuity Management Template (“BCM Template”) that is Singapore-centric to help guide you to navigate the BCMG, and serves as a master document from which you will be able to use as a definitive source of record of compliance.
Used correctly, it is dynamic and will serve as your most current and definitive source for BCP Management thus enabling it to be used unquestionably during a crisis or sent promptly to MAS upon request without having to carry out major updating.
The BCMG’s are not just a requirement to draw up policy and procedures for BCP. It is about how you have put together an end-to-end holistic plan which will kick into action when a disruption occurs. It is about getting all critical services and functions which you have pre-identified as critical business services recovered within a pre-set time period (aka STRO). Our BCM Template includes:
- Business Continuity Management Framework (Framework)– an overarching base template policy that can serve as the backbone of your BCP.
- Business Continuity Management Schedules (Schedules) – a set of 15 schedules including templates for reporting purposes to support your framework. Our selection of templates will help you decide what records you need.
- A complimentary ‘Tip Sheet’ with comments and guidance on not only how to use the Framework and Schedules, but insight and market considerations from our in-house experts as this can be a complicated and tricky exercise.
Do use the internal experts you have to make this BCM Template work for you. This way, you will hit the Goldilocks ratio.
We will also provide you with updates and changes free of charge.
Your next steps
- Work with your internal teams, such as your heads of business lines for impact analysis on their business and customers during a disruption. Check in with your IT and Operations teams for risk assessments, and with relevant heads of functions and business for crisis management planning.
- Secure the engagement of your senior management and Board of Directors, and make sure you communicate the BCM policy and provide training so that everyone knows their role.
- Work with your auditor to see areas need to be fleshed out by June 2024, which is when you will need to complete your first audit.
- You may wish to approach an independent expert to review your BCM policy, to help you identify any gaps in the requirements and decide on clear actions to put in place. If you do not have an independent internal auditor or reviewer, you may need to seek outside experts such as a compliance consultancy firm.
“Find out how we are democratizing compliance, visit www.reglex.io“