Business Continuity Plan Overview

Operations & Procedures Risk Management Last reviewed: 2025-07-30 Owner: Business Continuity

Purpose

This document provides an overview of the Bank's Business Continuity Plan (BCP). The BCP ensures that the Bank can maintain or rapidly restore critical business operations in the event of a significant disruption, whether caused by natural disaster, technology failure, pandemic, civil disturbance, or other adverse event.

Scope

The BCP covers all of the Bank's business lines, branches, data centres, and support functions across all jurisdictions of operation. It addresses continuity of operations, staff safety, client service delivery, and regulatory compliance during disruption events.

Governance Structure

RoleResponsibility
Board of DirectorsOverall oversight of BCP; annual review and approval of the BCP framework
Chief Operating Officer (COO)Executive sponsor of the BCP; chairs the Crisis Management Team (CMT)
Head of Business ContinuityDay-to-day management of the BCP programme; coordination of BCP testing; maintenance of BCP documentation
Business Line BCP CoordinatorsDevelopment and maintenance of business line-specific continuity plans; participation in BCP exercises
Crisis Management Team (CMT)Activation and management of the BCP during a disruption event; decision authority for recovery actions

Critical Business Functions

The Bank has identified the following Critical Business Functions (CBFs), which must be restored within defined Recovery Time Objectives (RTOs):

Critical Business FunctionRTORecovery Priority
Payment Processing (Domestic and International)4 hoursPriority 1
Core Banking System Operations4 hoursPriority 1
Treasury and Liquidity Management4 hoursPriority 1
SWIFT and Correspondent Banking4 hoursPriority 1
Client Services (Telephone and Digital)8 hoursPriority 2
Branch Operations24 hoursPriority 2
Compliance and Regulatory Reporting24 hoursPriority 2
Human Resources and Payroll48 hoursPriority 3
Marketing and Corporate Communications48 hoursPriority 3
Facilities Management72 hoursPriority 3

Recovery Strategies

Technology Recovery

  • The Bank operates a primary data centre and a geographically separated secondary (disaster recovery) data centre. Both sites operate in an active-passive configuration with real-time data replication.
  • The Recovery Point Objective (RPO) for Priority 1 systems is zero data loss (synchronous replication). The RPO for Priority 2 and 3 systems is a maximum of one (1) hour.
  • Detailed technology recovery procedures are documented in the Disaster Recovery Procedures.

Workplace Recovery

  • The Bank maintains dedicated alternate work sites in each major operating region, equipped with workstations, telephony, and network connectivity.
  • Remote working arrangements are available for all head office staff, with secure VPN access to core systems.
  • Branch-level disruptions are managed through client redirection to the nearest operational branch and enhanced digital channel capacity.

Staff Communication and Safety

  • An automated mass notification system (MNS) is used to communicate with all staff during a disruption event.
  • Staff contact lists are maintained and updated quarterly in the BCP management platform.
  • Staff safety is the Bank's first priority in any disruption scenario. Evacuation procedures and assembly points are posted in all premises and reviewed during annual fire and safety drills.

BCP Activation

  1. The BCP is activated by the COO (or designated alternate) upon recommendation from the Head of Business Continuity or the Incident Commander.
  2. Activation triggers include: loss of a critical facility (data centre, head office, major branch), prolonged technology outage (exceeding 2 hours for Priority 1 systems), pandemic declaration affecting staff availability, natural disaster or security threat impacting operations.
  3. Upon activation, the CMT convenes (physically or virtually) and assumes decision authority for all recovery actions.

Testing Programme

Test TypeFrequencyScope
Tabletop exerciseQuarterlyScenario-based discussion exercise with CMT and BCP Coordinators
Technology failover testSemi-annuallyFull failover of Priority 1 systems to DR data centre
Workplace recovery testAnnuallyActivation of alternate work sites with live staff deployment
Full-scale simulationAnnuallyComprehensive end-to-end BCP exercise simulating a major disruption scenario

Test results are documented, reviewed by the Head of Business Continuity, and reported to the Board Risk Committee. Identified gaps are addressed through a formal remediation plan.

Related Documents

  • Disaster Recovery Procedures
  • Incident Escalation Matrix
  • Operational Risk Reporting
  • Pandemic Response Plan

Related Articles

Disaster Recovery Procedures

Technical procedures for recovering the Bank's critical IT systems and infrastructure following a disaster event, including failover protocols, data restoration, and system validation steps.

Updated 2025-08-18

Incident Escalation Matrix

Defines the escalation pathways, notification timelines, and decision authority levels for operational incidents across all severity classifications.

Updated 2025-11-05

Operational Risk Reporting

Framework for identifying, recording, and reporting operational risk events, including loss data collection, key risk indicators, and reporting timelines to senior management and regulatory authorities.

Updated 2026-01-15