MAS Business Continuity Management Guidelines (June 2022)

 

The Monetary Authority of Singapore (MAS) issued the revised Business Continuity Management Guidelines (Guidelines) on 6 June 2022 and will take effect on 6 June 2023. The overarching requirements include:

1. Adopt a service-centric approach through timely recovery of critical business services facing customers
2. Identify end-to-end dependencies that support critical business services, and address any gaps that could hinder the effective recovery of such services
3. Enhance threat monitoring and environmental scanning, and conduct regular audits, tests, and industry exercises

 

Some of the key takeaways include:

1. Identify critical business services and set Service Recovery Time Objectives (SRTO)
2. Map out “end-to-end dependencies” covering the people, processes, technology, and other resources that support each critical service
3. For partial disruptions to critical business services, set out the criteria for activation
4. Identify third party providers and ensure SRTO can be met
5. Mitigate the risk of concentration and reduce the impact in the event of a disruption
6. Monitor and identify external threats and developments, and conduct environmental scanning
7. Review critical business services and functions and dependencies at least annually, or whenever there are material changes that affect them
8. Conduct testing periodically that commensurate with the criticality of the business services and functions
9. Establish a crisis management structure with clearly defined roles
10. Audits on business continuity plans at least once every three years, with the first audit due in June 2024
11. Provide an annual attestation to the Board

The extent and degree to which a financial institution implements the Guidelines should be commensurate with the nature, size, risk profile and complexity of its business operations.

For details, please refer to https://www.mas.gov.sg/regulation/guidelines/guidelines-on-business-continuity-management

Disclaimer: The information, views or opinions expressed are provided for general information and should not be relied upon as legal or professional advice.