KUALA LUMPUR:Financial institutions have been taking steps to further enhance existing business continuity plans (BCPs) to specifically incorporate measures to respond to a pandemic event, said Bank Negara Malaysia (BNM).

In its First Half 2020 Financial Stability Review report released today, the central bank said the BCPs have been extended to incorporate measures to respond to a pandemic event, including preparations for a prolonged or widespread disruption to business, readiness for a full shutdown of the headquarters, reliance on critical third-party service providers and Robustness of Security Operations Centre (SOC).

It said the pandemic presented new operational challenges which tested the agility of financial institutions’ BCPs, and in spite of the current scenario, financial institutions successfully activated BCPs which enabled the continued provision of essential financial services to the public, while protecting the health and well-being of staff and customers.

"There were no operational disruptions amidst heightened operational risks during the pandemic as financial institutions are taking further steps to strengthen BCPs," said BNM.

However, as financial institutions prepare for prolonged or widespread disruptions to business, BNM highlighted that financial institutions will need to review their risk assessments under a pandemic scenario to identify the potential impact on their resources, IT capacity and capability to support large-scale remote working arrangements and the increased usage of online banking services over a prolonged period.

On the readiness for a full shutdown of the headquarters, BNM pointed out that financial institutions also need to ensure that they maintain and regularly review their list of critical activities and staff, including pre-identified replacement staff who should be provided with continuous practical training to ensure their readiness to perform such activities at all times.

"The pandemic revealed instances where the industry's increasing reliance on third party service providers to support critical business operations had not been adequately acknowledged and addressed in the BCPs.

"Hence, financial institutions will need to holistically review their existing arrangements for communicating and coordinating with third party service providers to secure assurances on the state of BCP-preparedness of these entities, and assess their own ability to move critical functions in-house or to alternative service providers when necessary," BNM added.

Lastly, BCPs will also need to incorporate appropriate contingency plans to ensure continued surveillance over cyber and end-point security, as connectivity has notably increased due to greater reliance on remote working arrangements, higher number of end-point devices and external connections, and the rising volume of online financial transactions.

As such, this requires financial institutions to review the capability and coverage of SOC surveillance.

BNM iterated that despite the operational challenges arising from the pandemic and movement control order, operational risk losses have remained broadly stable.

"(There has been) no spike in operational risk losses and incidents, but emerging risks warrant continued vigilance, and the bank and financial institutions remain vigilant to risks associated with operational adjustments that financial institutions have made to conform to new norms of physical distancing," it said.

-- BERNAMA