Building Resilience in Banking and Financial Services: Third-Party, Cyber & Business Continuity Risks - Risk Management

This programme equips professionals in the financial services industry with the essential knowledge and capabilities to strengthen operational resilience across the organisation.

As financial institutions become increasingly reliant on technology, outsourcing arrangements, and digital ecosystems, disruptions from third-party failures, cyber incidents, and operational breakdowns pose significant risks to business continuity.

Participants will learn how to identify actionable tools, templates and practical skills to enhance resilience planning, improve cross-functional coordination and strengthen their institution’s preparedness and resilience.

Programme Outline

Learning Objectives

By the end of the programme, participants will be able to:

Understand the operational resilience expectations for Malaysian banks
Identify and assess third-party / vendor risks across the outsourcing lifecycle
Strengthen cyber resilience by understanding technology risks, common attack vectors & controls
Integrate third-party, cyber and BCM risks into a unified operational resilience framework

Programme Outline

Introduction to Operational Resilience for Malaysian Banks
Why operational resilience is a top regulatory and board priority
Key drivers: digitalisation, outsourcing, cyber threats, regulatory pressure
BNM expectations: outsourcing guidelines, RMiT, IT risk governance, BCP requirements
Case studies: local and regional disruption events

Activity: Group discussion – “What would cause the biggest disruption to your bank tomorrow?”
Third-Party & Outsourcing Risk Management
Understanding Third-Party Risks
Definition of critical vs non-critical service providers
Common risks: concentration, subcontractors, data risk, exit risk, financial soundness
Issues seen in Malaysian banks (e.g., cloud providers, managed service vendors, fintech partners)

Outsourcing Lifecycle
Due diligence requirements
Risk assessment templates
Contracting requirements (SLAs, exit clauses, cybersecurity clauses)
Ongoing monitoring and performance review
Termination / exit management

Regulatory Expectations
BNM Outsourcing Policy Document
RMiT requirements for cloud, data access & technology service providers

Exercise: Assess a hypothetical vendor using a TPRM checklist
Business Continuity Management & Crisis Response
BCM Foundations
Business Impact Analysis (BIA)
Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Crisis Management Team (CMT) roles

Developing Continuity Plans
IT Disaster Recovery
People and facilities continuity
Voice and communication readiness
Backup arrangements and alternative sites

Testing & Exercising
Scenario testing
Call-tree rehearsals
Simulation and tabletop exercises
Post-incident lessons learned

Activity: Draft a simple BIA for a business unit (e.g., Trade Finance)

Integrating Third-Party, Cyber & BCM into a Resilience Framework
Mapping dependencies (internal + third-party + technology)
Understanding operational impact tolerances
Coordinating cyber teams, vendor management, BCM, operations
Incident command structure
Reporting and dashboards for senior management
Aligning with global best practices

Case Studies and Group Discussions
Cloud outage affecting banking apps
Third-party data breach at a vendor
Major cyberattack on a regional bank
Branch-level disruption (power, flood, telecom outage)
Lessons from MAS, HKMA, PRA enforcement cases

Group Work: “Design a 24-hour response plan for a cyber + vendor outage scenario

METHODOLOGY

Lectures, including presentations, case studies and discussions

Participant profile

Risk, compliance and audit managers, Operational Risk Management teams, Cybersecurity & Technology Risk professionals, IT Governance & IT Operations teams, Business Continuity Management (BCM) practitioners, Compliance & Regulatory Affairs officers, Internal Audit and Assurance teams and Business Unit Heads and Managers responsible for critical business services.

Trainer

Cheah Wee Leong

Director of Next Gen Banking,

Asian Banking School

Found a programme that you think would be suitable for your organisation?

Many of our courses can be customised and delivered in-house. We also provide consultancy services to create tailor-made training programmes that are specifically aligned with your organisation’s strategic learning requirements. Contact us today to learn more about how we can support your team’s development by completing the In-House Request Form here or Emailing Us here.

Other programmes

Invest in a lifelong learning journey

As the industry’s preferred partner in learning and development, ABS offers customised and open enrolment training programmes that cover a comprehensive list of banking areas.

Need help? Ask ABBY

Sustainable Finance

8/15/2024 12:00:00 AM

ESG and Sustainability for Capital Markets and Investment Banking

Professionalism & Ethics

3/4/2026 12:00:00 AM

Introduction to Ethics in Banking

Digital Banking

11/6/2024 12:00:00 AM

Machine Learning for Credit Scoring and Risk Management

Language

8/21/2025 12:00:00 AM

Kursus Penyegaran Bahasa Melayu

Sustainable Finance

11/25/2025 12:00:00 AM

Renewable Energy Financing in Malaysia

Cheah Wee Leong

Director of Next Gen Banking, Asian Banking School

Cheah Wee Leong has more than 25 years’ experience working in the banking industry with local and foreign banks in various roles and capacities. A seasoned professional, Wee Leong brings with him broad experience as a former banker and management consultant.

Wee Leong started his career at Citibank in 1993 before joining US management consultancy firm Accenture in 1997. At Accenture, he was involved in managing large bank merger-integration, process re-engineering and transformation projects. He has worked in projects in various countries including Hong Kong, China, Singapore, Indonesia, Thailand, Mauritius and Saudi Arabia.

In 2003, Wee Leong joined CIMB as its Head of Operational Risk Management and led the implementation of the bank’s operational risk management and Basel 2 – Operational Risk framework. Subsequently, he assumed various senior roles in Trade Finance, Regional Transaction Banking, Corporate Banking, Treasury and Markets division and Group CEO office at CIMB. His last role at CIMB was as Director, Group Strategy.

Wee Leong holds a Bachelor of Business Administration from the USA and a Master of Business Administration (with Distinction) from the Anglia Ruskin University, UK. He obtained training from Citibank Asia Pacific Banking Institute in Singapore in 1995. He is a certified Chartered Banker, Certified Expert in ESG and Impact Investing (awarded by Frankfurt School of Finance and Management), and a holder of the “Certificate in Climate Risk” and “Certificate in Digital & AI Evolution in Banking” (awarded by Chartered Body Alliance, UK) and PRINCE2 Foundation and Practitioner Certificate in Project Management.

Wee Leong completed the “Leading the Sustainability in Transformation in Banking” programme with the Frankfurt School of Finance and Management (Germany) in October, 2022 and the “Global Shifts and Risk for Banking Leaders” at Said Business School, University of Oxford (UK) in September, 2024. Wee Leong completed the “Creating Value with AI & Data for Banking and Finance Leaders” with the Essec Business School in Paris in July, 2025.