Business Continuity Management Policy
The main goals of business continuity management are:
1) formation of ability to ensure the continuity of the Bank activities which satisfies the changing needs of business and corresponds to the sizes, complexity, nature, geography, significance of economic activity, culture, interdependence and the Bank operation environment;
2) determination of requirements for processes, compliance with which ensures that measures to ensure the continuity of activities will continue to meet the needs of the Bank when incidents that may affect the Bank's financial stability occur;
3) creation of the well-defined system for maintaining the constant ability of the Bank to manage the continuity of activities, perform the assumed obligations to depositors, creditors and other clients in terms of timely payments settlement, anticipate and prevent possible disturbance of the Bank's daily operations, reduce the effects of such disturbances (including the extent of financial losses, loss of business reputation);
4) maintaining the Bank's management level, which allows to provide the conditions for making adequate decisions, their timely and complete implementation in unforeseen circumstances.
The main objectives of business continuity management are:
1) organizational activities, including establishment of requirements and full cycle of continuous activities from the development, implementation, and to the initial testing of the Bank's ability to ensure the continuity of activities in accordance with Appendix 5 to this Policy;
2) maintaining the ability to ensure the continuity of activities, which include:
business continuity management;
conduct of regular exercise on the application of business continuity plans;
updating of business continuity plan, especially in cases of substantial changes in the production and technological processes, market/external conditions.
minimization of risks and consequences of abnormal and emergency situations associated with the implementation of basic scenarios of abnormal or emergency situations, including, but not limited to, failures of IT systems and IT infrastructure, unavailability of infrastructure buildings and facilities, loss of much of the staff, failure to perform obligations by suppliers and other abnormal or emergency situations applicable to the Bank.
minimization of risks and consequences of abnormal and emergency situations associated with the financial and economic, operational and other sanctions.
The main principles of the implementation of business continuity management system are:
1) continuity – a principle of business continuity management system which ensures the continuous operation of the set of organizational and technical measures and protection means without interruptions and failures;
2) timeliness, which involves early identification of threats to the continuity of the Bank's activities on the basis of risk analysis, development of effective measures to address and minimize the risks, requires an adequate assessment of the impact of risks and threats on the achievement of business process goals;
3) economic efficiency – comparability of the possible damage to expenses for ensuring the continuity of activities (the criterion is "efficiency - cost"). In all events, the cost of business continuity management system should be less than the extent of possible damage caused by realization of any types of risk;
4) centralization of management, which involves the centralized system management in the light of changing conditions and existing risk factors, and operation of business continuity management system in the Bank and its branches on the uniform regulatory, organizational and technological principles.
The Bank applies various approaches and measures to ensure and maintain the business continuity during incident events to provide the required number of:
properly qualified staff with the adequate skills and knowledge,
reserve platforms, when the main platform is not available,
maintaining, replacement or repair of the specialized or customized technologies which provide the long-term production cycle;
approaches to ensure protection and recoverability of critical information for business processes,
keeping reserve (emergency) stocks, which are necessary for the continuous business processes through applying one or more strategies on stocks.
The Bank regularly performs analysis of negative effects on the Bank based on the subjective estimate of probability of an incident, damage and effects on the activities in view the relevant risk level.
The Bank has plans for ensuring the continuity and restoration of activities, which are periodically tested and updated.