Invocation Decision Announcement

The MD & CEO / Delegate maintains the authority to take the following decisions, upon occurrence of an event causing business interruption:

• Declare disaster and announce BCP invocation (full / partial)
• Activate the Call Tree process (attached)
• Decide on fundamental issues of strategy and policy
• Update the Board of Directors and regulators of the disaster situation, recovery progress and plans

Based on the type of business interruption, intensity and impact, the invocation decision determines the level of services to be continued:

• Level 1 – Complete services with full or reduced staff strength
• Level 2 – Critical activities with reduced staff strength
• Level 3 – No banking services

Checklist of activities that should take place upon invocation / restoration to normalcy detailing responsible parties. Appendix 7

Each plan owner is responsible for immediate escalation of any incident incurring in relative area, whether the impact only affects one area / certain areas / the whole bank and regardless if leading to partial / full disaster recovery invocation.

The exact situation should be escalated to the Line of Business Head and further to the Country BCP Coordinator, who will report to O&T Head and MD & CEO.

O&T Head handles communication with the CEO & MD / Senior Management, whereas, the Country BCP Coordinator acts as the focal point of contact for exchange of notifications / announcements / requirements between Senior Management, different business users and support groups.

As soon as the decision to invoke the Plan is taken, following roles and responsibilities should be affected:

Escalation of an incident

Country BCP Coordinator

Business Owner

Circulation of notifications / announcements

MD & CEO

O&T Head

Country BCP Coordinator

Business Owners

Staff inquiries should be addressed to any of the following, according to subject: