Business Continuity Management is to ensure timely resumption of the Licensed Person’s business in the event of a disruption by minimising the consequential damages. The Licensed Person must implement appropriate Business Continuity Management and comply with the following standards at a minimum.

1. 15.1.1The Licensed Person must identify, define and analyse all types of risk that may result in a business disruption and assess the impact thereof; and
2. 15.1.2The Licensed Person must implement an appropriate Business Continuity Plan to ensure the continuity of the business during a disruption.

1. 15.2.1Business Continuity Plan must include:
   1. a)Identification and assessment of potential crises, disasters and risks including their impact on the business;
   2. b)Ways and means to deal with such crises, disasters and risks;
   3. c)Plans to provide protection to the Licensed Person and its employees in case of unforeseen disasters;
   4. d)Plans to avoid suspension of operations or plans to minimize the period of suspension of operations to minimise losses;
   5. e)Tools and processes for storing sensitive information and the recovery thereof to avoid loss of information during the occurrence of disasters; and
   6. f)Guidelines to contact relevant authorities and partners (i.e. the Central Bank, foreign correspondents, etc.) to inform them about the disaster and suspension of operations, if necessary.
2. 15.2.2The Licensed Person must follow the below standards while implementing the Business Continuity Plan:
   1. a)A sufficient number of experienced employees must be available for the purpose of recovery and resumption of the business;
   2. b)Roles, responsibilities and powers of employees in relation to the Business Continuity Plan must be clearly defined;
   3. c)Resumption priorities must be clearly agreed and documented; and
   4. d)Appropriate training must be provided to employees for the effective implementation of the Business Continuity Plan.

1. 15.3.1Testing of the Business Continuity Plan must be undertaken at regular intervals in order to assess the capability of the Licensed Person to resume business after a disruption;
2. 15.3.2Accordingly, the Licensed Person must:
   1. a)Test the Business Continuity Plan at least annually;
   2. b)Testing must also be undertaken considering any key changes in the business model, products, systems and relevant infrastructure; and
   3. c)Testing details and results must be documented for verification by the Central Bank Examiners during an examination.
3. 15.3.3Testing results must be reviewed by the Manager in Charge and by the Board of Directors (or by the Owner/Partners where there is no Board of Directors); and
4. 15.3.4The Business Continuity Plan must be reviewed and updated based on the results of such testing.