Making operational resilience a strategic priority for financial institutions

Traditional approaches to disruption management—such as business continuity management (BCM) and disaster recovery (DR)—have often focused on individual assets in isolation and tended to be reactive. At its core, operational resilience requires moving beyond a technology-centric mindset toward a business-led view—one that focuses on protecting critical services, proactively managing disruption, and ensuring continuity across the full service value chain. ​ ​

In 2021, the Basel Committee set global standards with its Principles on Operational Resilience, which accept disruptions as inevitable and focus on strengthening FIs’ capacity to identify, adapt, recover, and learn. As a result, operational resilience gained momentum, with major regulatory frameworks such as the EU’s Digital Operational Resilience Act (DORA) and Australia’s APRA Operational Risk Management Prudential Standard reshaping approaches to resilience.​ 

Navigating complexity: The next step for Malaysian FIs

Locally, Bank Negara Malaysia (BNM) has included operational disruption measures into its BCM policy document and recently issued a discussion paper outlining its emerging regulatory direction and key considerations to further strengthen the operational resilience of FIs. Although Malaysia has yet to formalise a standalone operational resilience framework, FIs should take a proactive and holistic approach to anticipate and mitigate risks in today’s increasingly complex financial landscape.  ​ ​

This report examines why operational resilience matters for FIs, the challenges faced, and practical steps to kickstart the journey toward a more resilient future.​