Firms not ready for Bank Negara disaster recovery mandates
December 07 2005
By ROZIANA HAMSAWI
LESS than 50 per cent of the local financial services organisations are complying with Bank Negara Malaysia’s business continuity and disaster recovery mandates, despite admitting that they are aware of the mandates. A study done by leading international market research firm Financial Insights revealed that in the organisations’ recovery objectives, business processes and infrastructure are being less protected in reality than as perceived.
The study showed that on average, system failures from hardware/software and information technology (IT) system malfunctions have occurred one to three times within the last 12 months for all six banks, 40 per cent for the five insurance firms and 71 per cent for the seven securities companies. “Yes, they are familiar with the central bank’s guidelines but the truth is, they are not ready for them,” said Financial Insights managing director for Asia Pacific Cyrus Daruwala in a press briefing to disclose the findings in Kuala Lumpur yesterday. He said three organisations have got no contigency plans should a calamity like the 2001’s September 11 occur.
Bank Negara’s guidelines on management on IT environment require business resumption and contingency plan testing to be conducted at least twice a year to ensure continued effectiveness and uncover any potential weaknesses. Daruwala said twice-a-year testing is not enough.
“It should be increased to four times a year because one system failure could cost up to US$250,000 (US$1 = RM3.78) a minute. Bank Negara should put on more definitive and tighter parameters. In fact it should incorporate a penalty clause to its mandates,” he said.
According to the study, 83 per cent of Malaysia’s banks and 80 per cent of insurers are conducting the testing of the business continuity measures twice a year, while securities companies are laggards, reviewing their business contigency plans only annually.
Daruwala said the findings of the study will be distributed to all the participating parties including Bank Negara. However, it would not forward any recommendations to the central bank. The research was the first major study to see the levels of compliance with the existing Bank Negara regulatory mandates.
The research was sponsored by EMC Corp, a leader in information management and storage whose infrastructure is being used by 95 per cent of the Fortune 500 financial services companies.