Article 17 Strategy and policy
1. A CCP shall have a business continuity policy and a disaster recovery plan which are approved by the board. The business continuity policy and the disaster recovery plan shall be subject to independent reviews which are reported to the board.
2. The business continuity policy shall identify all critical business functions and related systems, and include the CCP's strategy, policy, and objectives to ensure the continuity of these functions and systems.
3. The business continuity policy shall take into account external links and interdependencies within the financial infra structure including trading venues cleared by the CCP, securities settlement and payment systems and credit institutions used by the CCP or a linked CCP. It shall also take into account critical functions or services which have been outsourced to third-party providers.
4. The business continuity policy and disaster recovery plan shall contain clearly defined and documented arrangements for use in the event of a business continuity emergency, disaster or crisis which are designed to ensure a minimum service level of critical functions.
5. The disaster recovery plan shall identify and include recovery point objectives and recovery time objectives for critical functions and determine the most suitable recovery strategy for each of these functions. Such arrangements shall be designed to ensure that in extreme scenarios critical functions are completed on time and that agreed service levels are met.