This plan has been designed to prepare P2P Nusa Kapital Sdn Bhd to cope with the effects of
an emergency or crisis. It is intended that this document will provide the basis for a
relatively quick and painless return to “business as usual” regardless of the cause.
A. Emergency Contact Persons
P2P Nusa Kapital sees two emergency contact persons. Namely:
(1) Chief Executive Officer
(2) Chief Financial Officer
P2P Nusa Kapital will promptly notify the Securities Commission of any changes within 30
days following the change. We will review and update this information within 21 business
days following the end of each calendar year.
B. Firm’s Policy
In the event of a Significant Business Disruption (SBD), we expect this document to- Minimize the risk of damage to the firm’s property and injuries or deaths of the firm’s employees and to
- Minimize disruption to the firm’s operations by quickly recovering and resuming business operations.
This includes allowing our clients to transact and protecting all of the firm’s books
and
records. Should circumstances dictate that we are unable to resume operations
permanently,
we will assure customers prompt access to their funds and securities. This plan will be
executed on the authority of the Managing Partner and will be stored in hard copy at our
offices and in soft copy on the cloud server. All employees will have access to this
plan
online or otherwise.
1) Significant Business Disruptions (“SBD”)
Our plan anticipates two kinds of SBDs, internal and external. Internal SBDs affect
only
our
firm’s ability to communicate and do business, such as a fire in our building.
External
SBDs
prevent the operation of the securities markets or a number of firms, such as any
event
of
Force Majeure, being any event beyond the reasonable control of the obligated party,
including but not limited to, acts of God, extreme weather or acts of third parties.
Our
response to an external SBD relies more heavily on other organizations and systems,
especially on the capabilities of our Trustee.
2) Approval and Execution Authority
Dr. Shahridan Faiez, Chief Executive Officer, is responsible for approving the plan
and for conducting the required annual review Dr. Shah has the authority to execute
this Business Continuity Plan (“BCP”).
3) Plan Location and Access
Our firm will maintain copies of its BCP plan and the annual reviews, and the
changes that have been made to it for inspection. An electronic copy of our plan is
located on our physical backup server and cloud server, as provided by Dropbox, Inc.
in the Emergency Information folder.
C. Business Description
Our firm conducts business in the provision of Shariah-compliant financing to firms through peer-to-peer networks. Financing is provided to the issuers through a Murabahah or a Mudharabah structure. As P2P Nusa Kapital is an introducing firm, we do not perform transactions for ourselves or others. Instead, this role is fulfilled by a trustee organization, Pacific Trustees Berhad (Company No. 317001-A).D. Office Locations
(1) Operational Office
72A, Jalan Medang Tanduk,
59100 Bangsar,
Kuala Lumpur, Malaysia
Our employees within the city may travel to the office by means of
car, bus and train. This office functions as the head office and is
the venue of much of the processing of issuers and investors.
(2) Alternative Office
146 Jalan Ara,
59100 Bangsar,
Kuala Lumpur, Malaysia
Should the need arise, employees may be asked to work from an
alternative office as stated above.
Our employees within the city may travel to the office by
means of
car, bus and train and may arrive from the KL office by flight.
E. Alternative Physical Location(s) of Employees
In the event of an SBD, staff may be required to work from home or at an alternative site wherein all the infrastructure (mainly internet) is available successfully continue our business. This allows them to remain in their respective cities, where our stakeholders are domiciled. Should the need arise, they may be allocated a working space at one of the other offices.F. Customers’ Access to Funds and Securities
P2P Nusa Kapital does not maintain custody of customers’ funds. Funds are maintained by our Trustee. In the event of an internal or external SBD, if telephone service is available, our registered persons will take customer orders or instructions and contact our Trustee on their behalf, and if our Web access is available, our firm will post on our website that customers may access their funds and securities by contacting an agent of the firm via telephone or email. Should our firm be uncontactable, customers may elect to contact the trustees directly. The firm will make this information available to customers through its disclosure policy. We may also provide our books and records which may result in the identification of customers subject to regulations and legal orders.G. Data Back-Up and Recovery (Hard Copy and Electronic)
Our production site is configured to automatically perform backups on a daily basis. In
the event of an internal or external SBD that causes the loss of our digital or physical
records, the site is automatically configured to retrieve the backups and reset without
human intervention required. The system administrator will be notified with the relevant
log reports to be follow up where necessary.
In addition, at any point in time, there are at least concurrent development site that
will be able to replace the production site where necessary. This arrangement is also
necessary to prevent unforeseen errors while developing updates for the site. In order
for us to utilize the development sites, only a change in the DNS is required and this
will limit the site downtime.
Copies of the daily electronic records are synchronized across our physical storage
device located at 72A, Jalan Medang Tanduk, 59100 Bangsar, Kuala Lumpur and our online
cloud server as provided by Dropbox, Inc.
Dropbox files are encrypted with industry standard 256-bit Advanced Encryption Standard
(AES). Data in transit during syncing are protected with Secure Sockets Layer
(SSL)/Transport Layer Security (TLS). Files will only be shared with authorized parties
in order to restrict the proliferation of sensitive information. Dropbox Inc. regularly
tests its infrastructure and systems for security vulnerabilities in order to enhance
securities and protect against attacks. In addition, we will be using the two-step
verification at login for our Malaysian operations in due course.
Files stored in the physical storage device located at 72A, Jalan Medang Tanduk, 59100
Bangsar, Kuala Lumpur will be encrypted with its own proprietary encryption.
Our firm maintains its primary hard copy books and records at 72A, Jalan Medang Tanduk,
59100 Bangsar, Kuala Lumpur. Izmi Marican, Chief Financial Officer, is responsible for
the maintenance of these books and records.
Online records are backed up by paper records and backups are conducted once every six
months.
H. Financial and Operational Assessments
(1) Operational Risk
Due to the nature of our business, we are required to maintain communications with
our clients and retrieve key activity records through our mission critical systems.
In the event of an SBD, we will immediately identify all means of communication
still available with our clients, employees, regulators and other key stakeholders.
In addition, we will retrieve our key activity records as described in the section
above, Data Back-Up and Recovery (Hard Copy and Electronic).
(2) Financial and Credit Risk
In the event of an SBD, we will determine the value and liquidity of our investments
and other assets to evaluate our ability to continue to fund our operations and
remain in capital compliance. We will contact our Trustee, banks and investors to
apprise them of our financial status. If we determine that we may be unable to meet
our obligations to those counter-parties or otherwise continue to fund our
operations, we will request additional financing from our bank or other credit
sources to fulfill our obligations to our customers and clients. If we cannot remedy
a capital deficiency, we will file appropriate notices with the regulators and
immediately take appropriate steps.
I. Alternate Communications Between the Firm and Customers, Employees, and Regulators
(1) Investors and Counterparties
Official communication between the firm and its present investors and issuers is via
email. However, should an SBD render the internet unavailable, we will communicate
with the other party through telephone. Should a written record be necessary, we
will follow up this line of communication with a paper copy delivered by mail.
(2) Employees
We communicate with our employees via email or Slack (an online office communicator)
at present. Should there be no internet access, we will communicate via telephone.
(3) Regulators
We would typically contact regulators via email. However, should an SBD render that
inappropriate, we will explore other open communication lines such as phone calls or
written communication.
J. Critical Business Constituents, Banks, and Counter-Parties
(1) Business constituents
In light of an SBD, vendors supporting our operating activities will be advised on
the extent to which we are able to resume our business relationship with them. We
will establish alternative arrangements if the SBD impedes their ability to provide
the goods to us when we need them.
(2) Banks
We will contact our banks to determine if they can continue to provide the services
that we will need in light of the internal or external SBD.
K .Disclosure of Business Continuity Plan
Attached is our written BCP disclosure statement we will provide customers (via email) before deals. We will also post the disclosure statement on our website and mail it to customers upon request.L. Updates and Annual Review
Our firm will update this plan whenever we have a material change to our operations, structure, business or location or to those of our Trustee. In addition, our firm will review this BCP annually, on 30 April, to modify it for any changes in our operations, structure, business or location or those of our Trustee.M. Senior Manager Approval
I have approved this Business Continuity Plan as reasonably designed to enable our firm to meet its obligations to customers in the event of an SBD.P2P Nusa Kapital’s Business Continuity Planning
P2P Nusa Kapital has developed a Business Continuity Plan on how we will respond to events that significantly disrupt our business. Since the timing and impact of disasters and disruptions is unpredictable, we will have to be flexible in responding to actual events as they occur. With that in mind, we are providing you with this information on our business continuity plan.
Contacting Us –
If after a significant business disruption, you cannot contact us as you usually do at
our phone number or email, you should call our alternative number or go to our website
at www.nusakapital.com.
Our Business Continuity Plan –
Business continuity planning is a priority for P2P Nusa Kapital. We understand any
unexpected operating problems could have a significant negative impact on investors’
assets and overall operations of P2P Nusa Kapital. Therefore, this is an area which will
be prioritised and constantly developed.
P2P Nusa Kapital’s business continuity process will include the following:
- Maintain backup of business-critical data outside our operating region to ensure that business disruption will be kept to a minimum in case of a disaster within our office location.
- Apart from having all data saved up in a physical storage in our office, we have and will continue to back up our data through cloud service provider Dropbox. We believe the benefits of Dropbox cloud storage for backup are the following
- Ease in accessing information through desktop and mobile As our services will be largely offered online, we have the flexibility of carrying out our work in a different location (where internet services are available), should a disaster hit our office area.
- Locations of data centres across the United States. Being in a different region and in several US states, provides risk diversification versus having only back up storage located in Malaysia or in neighbouring
- Ease in collaboration and file-sharing among employees, which is crucial in a disaster situation wherein employees may have to work in different locations.
- In addition our service level agreement with our cloud servers providers includes a 99.9% network & hardware service level agreement. This includes the following systems in
- Malware protection & scanning done by a combination of automated malware scans, integrity checks and web application
- Brute force attacks are monitored and intrusions are prevented on both the server layer & web application
- Server is configured for elastic demand to cope with unexpected traffic request.
- Data storage is configured with a CDN delivery network to ensure reachable access regardless of user
Varying Disruptions –
Significant business disruptions can vary in their scope, such as only our firm, a
single building housing our firm, the business district where our firm is located, the
city where we are located, or the whole region.
Within each of these areas, the severity of the disruption can also vary from
minimal to severe. In a disruption to only our firm or a building housing our firm,
we will transfer our operations to a local site when needed and expect to recover
and resume business within a 24 hours’ time period. In a disruption affecting our
business district, city, or region, we will transfer our operations to a site
outside of the affected area, and recover and resume business within a 24 hours’
time period.
In either situation, we plan to continue in business, transfer operations to our
trustee if necessary, and notify you through our website at
www.nusakapital.com
and
our customer emergency number on how to contact us. If the significant business
disruption is so severe that it prevents us from remaining in business, we will
assure our customer’s prompt access to their funds.