High-level principles include:
1. Financial market participants and supervisory authorities should have an effective and comprehensive Business Continuity Management program at their disposal. Ultimate responsibility for Business Continuity Management lies with an organization’s Board of Directors and Senior Management.
2. Financial market participants and supervisory authorities are advised to integrate the risk of significant operational disruptions into their Business Continuity Management program.
3. Financial market participants are advised to define recovery time objectives (RTOs) that take account of their systemic relevance and the resulting risk for the financial system.
4. Financial market participants and supervisory authorities are advised that their Business Continuity Plans should define internal and external communication measures for use in major business interruptions.
5. Where business interruptions may have international implications, it is advised that the corresponding communication measures address in particular communication with foreign supervisory authorities.
6. Financial market participants and supervisory authorities are advised to test their Business Continuity Plans, evaluate their effectiveness and amend their Business Continuity Management processes accordingly where necessary.
7. Supervisory authorities are called upon to incorporate Business Continuity Management reviews into their frameworks for the ongoing surveillance of the financial institutions for which they are responsible.