A CCP shall have a business continuity policy and a disaster recovery plan which are approved by the board. The business continuity policy and the disaster recovery plan shall be subject to independent reviews which are reported to the board.

The business continuity policy shall identify all critical business functions and related systems, and include the CCP’s strategy, policy, and objectives to ensure the continuity of these functions and systems.

The business continuity policy shall take into account external links and interdependencies within the financial infrastructure including trading venues cleared by the CCP, securities settlement and payment systems and credit institutions used by the CCP or a linked CCP. It shall also take into account critical functions or services which have been outsourced to third-party providers.

The business continuity policy and disaster recovery plan shall contain clearly defined and documented arrangements for use in the event of a business continuity emergency, disaster or crisis which are designed to ensure a minimum service level of critical functions.

The disaster recovery plan shall identify and include recovery point objectives and recovery time objectives for critical functions and determine the most suitable recovery strategy for each of these functions. Such arrangements shall be designed to ensure that in extreme scenarios critical functions are completed on time and that agreed service levels are met.

A CCP’s business continuity policy shall identify the maximum acceptable time for which critical functions and systems may be unusable. The maximum recovery time for the CCP’s critical functions to be included in the business continuity policy shall not be higher than two hours. End of day procedures and payments shall be completed on the required time and day in all circumstances.

A CCP shall take into account the potential overall impact on market efficiency in determining the recovery times for each function.