AfrAsia Bank Limited and its Group Entities
Annual Report 2015
page 103
Where, the Risk Matrix/Measurement at the Bank being
Absolute/
Inherent Level of
Risk
Exposure
1
2
3
4
5
>10
C
B
B
A
A
8 to 10
C
C
B
B
A
5 to 7
C
C
C
B
B
3 to 4
D
C
C
C
B
0 to 2
D
D
C
C
C
A - High
B - Medium to High
C - Low to Medium
D - Low
We note improvements in the Business Operations department in the various Inherent Level of Risk, overall. In another area where
we have seen some Inherent Level of Risk increasing, namely the Treasury Department, the Bank tested several systems and a
new Treasury system (Front Office) is currently being implemented to cater for the higher volume of trades and also based on
new products we are offering to clients. A new ALM (Asset & Liability Management) system is under testing for implementation.
The two systems will enhance the level of controls and risk monitoring capabilities. A new system for higher controls has also been
implemented for AML monitoring and detection.
BUSINESS CONTINUITY MANAGEMENT (BCM)
Business Continuity Management Policy has been put in place, with appropriate plans to mitigate operational risks, and as a
commitment to continue business to our shareholders, customers and employees. The BCM framework has been implemented to
provide for a Disaster Recovery site with data being updated as per preset recovery time objectives. This minimizes operational,
financial, legal, reputational and other material consequences arising from any disruption to the primary IT infrastructure.
The BCM Framework in place has the following in-built principles:
responsibility rests on the Bank’s Board of Directors and Senior Management;
explicitly consider and plan for major operational disruptions;
recovery objectives are in line with the criticality of the operation of the banking system;
in the “worst case scenario”, the recovery time objective (RTO) is set as 4 hours for the core banking application with a Recovery
Point Objective (RPO) of 15 minutes;
certain non-critical functions may be recovered within a maximum threshold of 24 hours (RTO) after declaring the crisis. The RPO
for these systems is set to the state of business as of previous end of day;
preparation for clear and regular communication during a major operational disruption;
highlights on cross-border communications during a major operational disruption, as the Bank has global reach;
ensuring that business continuity plans are effective and identify necessary modifications through periodic testing; and
ensuring that appropriate procedures for business continuity management reflecting that recovery objectives are adopted and
reviewed periodically.
The Bank has put in place a BCM Steering Committee to review the processes after each testing exercise and to review the policy
every year with a view to continuously improving resilience. The ultimate objective is to cater for any eventual disruption of operations
to be restored within a minimum lapse of time such that the Bank resumes to normal operations within a reasonable time frame.