2022-06-06
Added
The Monetary Authority of Singapore issued revised Guidelines on Business Continuity Management to require financial institutions to adopt an end-to-end service-centric approach for ensuring the continuous delivery of critical services. These guidelines supersede previous 2003 and 2006 documents by incorporating lessons from the COVID-19 pandemic and addressing evolving threats such as cyber-attacks and terrorism. Financial institutions are mandated to establish a BCM audit plan within 12 months of issuance and conduct their first audit within 24 months.
Guidelines
Published Date: 06 June 2022
Guidelines on Business Continuity Management
The Guidelines on Business Continuity Management (BCM) set out the need for financial institutions (FIs) to take an end-to-end service-centric view in ensuring the continuous delivery of critical business services to their customers. The revised Guidelines issued on 6 June 2022 supersedes the previous version that was published in June 2003, as well as the circular titled “Further Guidance on BCM” that was issued in January 2006. FIs should meet the new Guidelines and establish a BCM audit plan within 12 months following its issuance. The first BCM audit should be conducted within 24 months of the Guidelines' issuance.
View Document
Guidelines on Business Continuity Management
(387.1 KB)
The guidelines introduce principles and practices that financial institutions can implement to strengthen their operational resilience.
Resources:
Response to Feedback Received on Second Consultation Paper on Business Continuity Management (321.2 KB)
Annexes to Response to Second Consultation Paper on BCM Guidelines (370.5 KB)
Instructions on Incident Notification and Reporting to MAS
This circular provides guidance on how financial institutions should report incidents to MAS under the various acts, regulations, notices, circulars and guidelines.
MAS has issued a second consultation on proposed revisions to its Guidelines on Business Continuity Management (BCM). This second consultation includes revisions to address feedback received from the first consultation published in 2019 and incorporates key learnings from the COVID-19 pandemic. It builds on the policy intent from the first consultation to further emphasise the need for financial institutions to take an end-to-end view in ensuring the continuous delivery of critical business services, and introduce principles and practices that financial institutions can implement to strengthen operational resilience. While this second consultation is on-going, financial institutions should continue to refer to the 2003 guidelines and supplementary guidance.
Consultation number:
P015 - 2021
Start date:
15 October 2021
Closing date:
15 November 2021
MAS response date:
06 June 2022
MAS consulted the public on proposed revisions to our Guidelines on Business Continuity Management (BCM) issued in 2003. The revised guidelines will also encompass the guidance on pandemic and physical security measures in our 2006 circular to FIs. The latest updates seek to address developments in the evolving threat landscape, such as in the areas of cyber-attacks and terrorism, and guide FIs on the best practices to maintain their business continuity and resilience against disruptive events. Following the review, MAS published a set of revised guidelines in June 2022.
Start date:
07 March 2019
Closing date:
08 April 2019
MAS response date:
15 October 2021
Guidelines for a financial institution’s operational risk management framework, including business continuity and outsourcing.