Those interested to find out more can download the guidelines here. (Note that it's an Adobe PDF file spanning 42 pages.) The document number is BNM/RH/GL 013-3, but I couldn't find it anywhere on the BNM Web site.
There are 17 principles in five categories that banks must follow: BCM framework (four principles) and methodology (10 principles), communication with internal and external constituencies, internal audit review of a bank's plan and responsibility for outsourced functions. There is also a glossary of terms and several appendices.
In that glossary, BNM resurrects yet another abbreviation--Maximum Tolerable Downtime (MTD)--which means the same thing as the Business Continuity Institute's obscure Maximum Tolerable Period of Disruption (MTPD). Neither term should be confused with the commonly-used "Recovery Time Objective" (RTO), which is shorter than MTD, as shown in this BNM diagram.
Do you see the "DRP" and "System Recovered" in that diagram? Even in 2008, after a decade of lexicographic struggle between IT and business professionals, BCM principles are still illustrated by examples of system recovery instead of business processes recovery. Will BCP ever breathe free of its technical past?
Clearly stated in a cover letter that I received, though not found in the actual guidelines, BNM specifies a four-hour MTD's for credit card transaction authorization systems, ATM systems cash withdrawals and cheque cashing services at bank branches and SPICK (Malaysia's National Cheque Image Clearing System) operations.
BCP blueprint
BNM's promulgation of new BCM guidelines years, even decades after their adoption and enforcement in many first world countries, is significant for two reasons.
First, Malaysia joins a very short list of countries in Asia that have made clear BCM guidelines available in English. There are many financial institutions in Malaysia, both local and foreign. Transparent corporate governance is a perennial issue for investors in Malaysia, and guidelines that conform to internationally-recognized standards (the re-introduction of a little-used acronym like "MTD" notwithstanding) can only be helpful.
Second, Malaysia is East Asia's political and cultural bridge between the West and Islam, as Turkey is at the western end of the continent. Kuala Lumpur is the cosmopolitan center of a nation with a population of 24 million (about 20 percent more people than Australia, for example).
Malaysia's adoption of standards that originated in the Occident is a perfect example of how, in my opinion, global standards of governance will eventually penetrate the Orient and the rest of the developing world. Malaysia is just leading the way.
No comments:
Post a Comment