Yesterday (14 May), the Securities Commission (SC) Malaysia issued its Guiding Principles on Business Continuity for capital market entities, as part of its ongoing efforts to enhance the systemic resiliency of the capital market.
These principles define the SC's expectations of how capital market entities approach business continuity management, so as to ensure timely continuity of critical services and the fulfilment of business obligations, in the event of any disruptions.
Human Resources highlights the key points of the Principles for HR leaders to note:
Roles and responsibilities of the board and senior management
As the authority figures and lead decision makers in an organisation, the board of directors and senior management are accountable for the entity's business continuity preparedness.
In line with that, their responsibilities minimally include:
- Approving the organisation's business continuity framework, strategies and policies;
- Ensuring the framework is effectively implemented in the organisation;
- Allocating sufficient manpower resources and training to increase organisational awareness on business continuity and preparedness;
- Ensuring that everyone's roles, responsibilities, authorities and succession plans are clearly articulated to the organisation;
- Making sure matters related to business continuity are reported to the board of directors, at least annually;
- Having testing of the approach conducted on a yearly basis at minimum, as well as that related documents and processes are regularly updated. This can be done either internally or by relevant external parties;
- Lastly, these leaders also have to ensure the compliance of the framework with relevant regulatory and legal requirements, together with any directives that may have been issued by the regulatory authorities.
Possible factors considered for recovery arrangements
Apart from the above, HR leaders should also be aware of the need for recovery objectives and strategies, which should be developed according to risk-based principles.
These objectives and strategies should include the identification of recovery levels and recovery time objectives for specific business lines, in order to provide assurance in the event of an operational disruption.
As such, capital market entities are encouraged to have access to at least one or more recovery sites, whenever the primary site is inaccessible.
Some factors that could be considered in making these recovery arrangements are as follows:
- The availability of sufficient staff allocated in numbers and expertise, to recover critical operations and services;
- The adequacy of current data, equipment and system; and
- The proximity of the recovery site's location to the primary site.
Photo / 123RF