Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management



Similar documents
Business Continuity Management

Prudential Standard CPS 232 Business Continuity Management

INSURANCE REGULATORY AUTHORITY IRA/PG/ GUIDELINE TO THE INSURANCE INDUSTRY ON THE BUSINESS CONTINUITY MANAGEMENT

Business Continuity Management

External Supplier Control Requirements BCM

Prudential Practice Guide

Prudential Practice Guide

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

How To Manage A Disruption Event

Business Continuity Management Policy

The PNC Financial Services Group, Inc. Business Continuity Program

Guidance Note XGN XXX.1

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Objective and key requirements of this Prudential Standard

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Business Continuity Management

Statement of Guidance

Global Statement of Business Continuity

November 2007 Recommendations for Business Continuity Management (BCM)

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Business Continuity & Crisis Management

Guidance Note on Outsourcing/Delegation of Functions

Guideline on Business Continuity Management

Business Continuity Management

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

ގ ވ އ ދ ނ ނ ބ ރ : 170-R/2015

The PNC Financial Services Group, Inc. Business Continuity Program

Business continuity management policy

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

Business continuity management policy

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

GUIDELINES ON OUTSOURCING

Business Continuity Management Policy

Clearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

OUTSOURCING INVOLVING SHARED COMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015

Checklist of ISO Mandatory Documentation

BUSINESS CONTINUITY STRATEGY

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Business Continuity Policy

Business Continuity Management

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

August 2013 Recommendations for Business Continuity Management (BCM)

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Business Continuity and Disaster Recovery Policy

Business Continuity Policy and Business Continuity Management System

BUSINESS CONTINUITY POLICY

Business Continuity Policy

Business Continuity Policy

ASX SETTLEMENT OPERATING RULES Guidance Note 10

BCP and DR. P K Patel AGM, MoF

OUTSOURCING POLICY

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For

Business Continuity (Policy & Procedure)

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

Board Risk & Compliance Committee Charter

COMCARE BUSINESS CONTINUITY MANAGEMENT

Business Continuity Planning and Disaster Recovery Planning

Supervisory Policy Manual

Supervisory Policy Manual

Guidelines. Guidelines on registration of life companies. Australian Prudential Regulation Authority. 27 May 2010

BUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers

BS BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT POLICY

Guidelines. ADI Authorisation Guidelines. Australian Prudential Regulation Authority. April 2008

Guidance note on Outsourcing/Delegation of Functions and inward outsourcing

Business Continuity Management Framework

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE

BUSINESS CONTINUITY MANAGEMENT POLICY

Proposal for Business Continuity Plan and Management Review 6 August 2008

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Statement of Principles

Business Continuity Management (BCM) Policy

AUSTRACLEAR REGULATIONS Guidance Note 10

#316 The Security Elements of Business Continuity & Disaster Recovery Plans

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

Solihull Clinical Commissioning Group

Supervisory Policy Manual

REGISTER OF DELEGATIONS COUNCIL TO CEO Environmental Protection Act 1994

Business Continuity Planning

Guideline - Business Continuity Plan

Transcription:

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management Issued under Section 27 of the Banks and Financial Institutions Act 2000

Overview and Key Requirements Business Continuity Management (BCM) is a whole-of-business approach that includes policies, standards and procedures for ensuring that critical business operations can be maintained or recovered in a timely fashion, in the event of a disruption. Its purpose is to minimise the financial, legal, regulatory, reputational and other material consequences arising from a disruption. This prudential standard aims to ensure that each AI or group, implements a whole-ofbusiness approach to business continuity management, appropriate to the nature and scale of its operations. BCM increases resilience to business disruption arising from internal and external events and may reduce on the AI or group s business operations, reputation, profitability, depositors and other stakeholders. The key requirements include: Board approved and documented BCM Policy that sets out its objectives and approach in relation to BCM; a Business Continuity Plan (BCP) that documents procedures and information which enable the AI to manage business disruption in accordance with the BCM policy; review and test the BCP on an annual basis or more frequently as required as well as periodic review by the internal audit function or an external expert; and notify BPNG in the event of certain disruptions and provide certain reports. BPS251 1

Application This Prudential standard applies to each Bank and Licensed Financial Institution authorized under the Banks and Financial Institutions Act 2000 (BFIA), collectively referred to as Authorised Institutions (AIs) for the purposes of this prudential standard. Definitions 1. Refer to BPS 001 Bank of Papua New Guinea Prudential Standards Glossary and Definitions for a complete set of definitions and glossary of terms used in this Prudential Standard. Defined terms are hyperlinked in the electronic version of this Prudential Standard. Critical Business 2. Critical business operations are the business functions, resources and infrastructure that may, if disrupted, have a material impact on the regulated institution s business functions, reputation, profitability, depositors and other stakeholders. Principles and Prudential Requirements Approval, management and administration 3. The Board of directors (Board) is responsible for the risk management of potential business continuity risks to ensure that the AI is able to meet its financial and service obligations to its depositors and other creditors. 4. The Board remains responsible for business continuity management (BCM) whether or not business operations are outsourced or are provided as part of a group. 5. An AI s BCM must be documented, appropriate to its nature, size and complexity and at a minimum include: a. a BCM Policy that sets out its objectives and approach in relation to BCM; b. recovery objectives and strategies; c. a business continuity plan (BCP) including crisis management and recovery; and d. programs for: reviewing and testing of BCP; and training and awareness of staff in relation to BCM. Business Impact Analysis 6. A BIA involves identifying, and addressing the impact of a disruption on all critical business functions, resources and infrastructure of the AI. 7. When conducting the BIA, the AI must consider: a. plausible disruption scenarios over varying periods of time; BPS251 2

b. the period of time for which the AI could not operate without each of its critical business operations; c. the extent to which a disruption to the critical business operations might have a material impact on the interests of depositors of the AI; and d. the financial, legal, regulatory and reputational impact of a disruption to an AI s critical business operations over varying periods of time. Recovery Objectives and Strategies 8. An AI must identify and document appropriate recovery objectives and implementation strategies based on the results of the BIA and the size and complexity of the AI. Business Continuity Planning 9. An AI must maintain at all times a documented BCP that meet the objectives of the BCM Policy. 10. The BCP must document the procedures and information that enable the regulated institution to: a. manage an initial business disruption (crisis management); and b. recover critical business operation. 11. The BCP must reflect the specific requirements of the AI and must identify: a. critical business operations; b. recovery levels and time targets for each critical business operation; c. recovery strategies for each critical business operation; d. infrastructure and resources requires to implements the BCP; e. roles, responsibilities and authorities to act in relation to the BCP; and f. communication plans with staff and external stakeholders. Review and Testing of BCP 12. An AI must review and test its BCP at least annually, or more frequently if there are material changes to business operations, to ensure that the BCP can meet the BCM objectives. 13. Test results must be formally reported to the Board or delegated management. 14. The BCM and supporting plan must be updated if shortcomings are identified as a result of the review and testing required under paragraph 12. 15. To facilitate its understanding of an AI s BCM and BCP measures, BPNG may send observers to an AI s BCP testing exercise. BPS251 3

Audit Arrangements 16. An AI s internal audit function, or an external expert, must periodically review the BCP and provide an assurance to the Board or to delegated management that: a. the BCP is in accordance with the regulated institution s BCM Policy and addresses the risks it is designed to control; and b. testing procedures are adequate and have been conducted satisfactorily. Notification Requirements 17. An AI must notify BPNG as soon as possible and no later than 24 hours after experiencing a major disruption that has the potential to have a material impact on the AI s risk profile or affect its financial soundness. The notification must address the nature of the disruption, the action being taken, the likely effect and timeframe for return to normal of operations. BPNG may require additional reporting or updates during the disruption. 18. The AI must notify BPNG when normal operations resume and provide a report on the disruption identifying problem, root cause and action plan for policy and procedures amendments and testing. Reporting 19. A copy of the test results reported to the Board under paragraph 16 must be provided to BPNG. Remedial measures and sanctions 20. BPNG may request the external auditor of an AI, or an appropriate external expert, to provide an assessment of the AI s BCM arrangements Such reports will be paid for by the AI and must be made available to BPNG. 21. If BPNG is not satisfied with the adequacy of an AI s BCM arrangements, BPNG may require the AI to make other arrangements as soon as practicable. 22. BPNG may also vary the conditions of the AI s licence under section 14 of the BFIA. Such conditions may include, but are not limited, to: a. prohibit certain transaction or a class of transactions; b. require appointment of additional staff or third party support to address weaknesses identified; or c. suspend or require the removal of any directors, managers or the chief executive officer. Commencement 23. This prudential standard is effective immediately. BPS251 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information