Credo Bank (Georgia) inteds to implement a Business Continuity Plan to ensure operations and core business functions are not impacted by a potential disaster or unplanned incident that may take critical systems offline. Credo Bank is supported by the scope of Eastern Neighborhood TA Program for Financial Inclusion (ENTAFI), funded by European Investment Bank (EIB) and implemented by Agricultural & Finance Consultants GMBH (AFC).
The consultant is expected to lead the process of implementation of business continuity plan within three following steps:
1. Risk Assessment
A) Preliminary work
On this stage a relevant team inside Credo bank should be appointed. A business continuity planning (BCP) manager should be put in charge. The BCP should be developed under operational risk supervision. Involvement of senior management in implementing the process should be obtained.
B) Risk evaluation
The first stage should start with identifying all critical processes and functions, as well as identifying all needed resources, that are vital to the Credo bank’s operations. Tasks include further identifying responsible positions/managers for estimated critical processes and functions. Identifying all needed resources for the processes/function for continues operations.
The interdependence of the processes should be assessed on the risk evaluation stage.
Identifying events which may have negative impact on critical processes/function. The risks should be grouped in three categories natural disasters, willful damage and accidental damage; as well as identifying existing controls that protects, mitigates the risks or defining knew ones in case of absence.
C) Business impact analysis (BIA)
After all critical processes/functions are identified as well as possible negative events are listed the business impact analysis (BIA) should be applied. BIA includes both quantitative and qualitative assessment; impact shall be categorised as regulatory, legal and reputational. After the analysis critical function should be prioritized and for the functions that were not included in BCP should be done relative descriptions.
RTO and RPO are two key metrics that organizations must consider in order to develop an appropriate disaster recovery plan that can maintain business continuity after an unexpected event.
2. Develop and Document Business Continuity Plan;
Based on the previous tasks of evaluation and business impact analyses, Credo Bank’s Senior Management will decide the level of risk to treat, mitigate, protect or accept. The decision will be made through cost benefit analysis and gap analysis.
After the decision on strategy, relevant actions should be developed. The detailed procedure should be implemented as a response to protect critical processes. Strategy development should include protection of three main banks resources: 1. People, 2. Buildings and 3. Infrastructure. Process owners will be involved in the response development. The process shall be documented.
Strategy should include threats to critical operations, disaster recovery and crisis management plan.
3. Test, Approve and Implement Business Continuity Plan.
- Test programs should be developed and scheduled twice a year to increase overall success of the BCP plan.
- Maintenance program which includes updating BCP after implementing new products, systems or processes
- Develop training program for both critical staff and all staff.
- All programs should be approved by senior management on that stage.
- Test results should be documented and present to Central Bank.
- University Degree
- At least 5 years of experience and track record in design and implementation of Business Continuity Plan in banking industry
- Proficiency in English language. Knowledge of Russian or Georgian language will be an advantage.
- Knowledge of local regulatory requirements
- Relevant certifications required for validity of implementation
- At least 2 recommendations from previously implemented projects
We anticipate approximately three month for implementing the project. Exact time for consulting services will be defined based on consultant’s experience and initial analysis of the scope of work. The consultant is welcomed to describe anticipated timeline in the cover letter.