The Management Entity, by virtue of exercising the functions of management, administration, and representation of AIFs, has adopted and implements this Business Continuity Plan (“BCP”).
The BCP comprises the integrated set of policies and procedures aimed at ensuring the continuous operation of the Management Entity, or the timely recovery of its activity, in the event of occurrences likely to disrupt the normal course of business, namely by causing the unavailability of physical infrastructures, IT systems, or human resources.
The implementation of the BCP arises in compliance with Article 57(3) of Delegated Regulation (EU) 231/2013, having been drafted in observance of the Recommendations on Business Continuity Management (Revised), issued by the National Council of Financial Supervisors, adapted to the specificities of the Management Entity in light of the principle of proportionality.
The Management Entity has no subsidiaries or branches, with its services centralized at its registered office.
Accordingly, the application and adaptation of regulatory principles to the reality of the Management Entity requires particular and predominant attention to aspects related to the continuous functioning of its organizational human resources structure.
a) Administration | Accounting
b) Reporting
c) Investments (including the management of AIFs)
a) Physical infrastructures
Location: Av. Engº Duarte Pacheco, Torre 1 Floor 3, Room 12, 1070-103 LISBON
b) Technological infrastructures
The Management Entity maintains a contract for IT support services, both with external companies.
a) Risks and scenarios likely to affect the organizational human resources structure of the Management Entity (members of corporate bodies or other employees):
b) Risks and scenarios likely to affect the primary infrastructures and equipment of the Management Entity:
c) Risks and scenarios likely to affect the technological infrastructures of the Management Entity:
The identification of the threat of occurrence of any of these scenarios may be made by any employee of the Management Entity and must be immediately communicated, by any means, to the Board of Directors in order to allow it to prevent the materialization of such threat by adapting the guidelines established herein to a preventive stage.
a) Administration | Accounting: 7 (seven) days;
b) Investments (including the management of AIFs): 15 (fifteen) days;
c) Reporting: 15 (fifteen) days;
a) Untimely failure to comply with tax, reporting, and payment obligations;
b) Contingencies arising from untimely compliance with the reporting of financial data to the supervisor;
c) Contingencies arising from the inability to provide timely responses to matters in the commercial area and communication with potential tenants;
d) Contingencies arising from the inability to provide timely responses to real estate project management matters; and
e) Contingencies arising from the inability to obtain the value of securities.
With reference to the contingencies mentioned in the previous point, in addition to the inherent reputational impact with clients and the market in general, they also entail a financial and legal impact resulting from the fact that the Management Entity may be held liable:
a) For the possible payment of fines arising from administrative offence proceedings instituted by the supervisor, due to non-compliance with the legal obligations of the Management Entity;
b) Towards the participants/shareholders of the AIFs, for failing to comply with the obligations undertaken under the law and the respective management regulations.
a) Administration | Accounting
Recovery objective:
(i) In the event of an unplanned total interruption of the function/activity, it must achieve 50% operability within a maximum of 2 weeks, and 100% operability within a maximum of 3 weeks; and
(ii) In the event of risks or scenarios that, without causing a total interruption of the function/activity, disturb its normal exercise, the conditions necessary to achieve 50% operability must always be ensured, with 100% operability ensured within a maximum of 3 weeks.
b) Investments (including the management of AIFs)
Recovery objective:
(i) In the event of an unplanned total interruption of the function/activity, it must achieve 50% operability within a maximum of 3 weeks, and 100% operability within a maximum of 45 days; and
(ii) In the event of risks or scenarios that, without causing a total interruption of the function/activity, disturb its normal exercise, the conditions necessary to achieve 50% operability must always be ensured, with 100% operability ensured within a maximum of 45 days.
c) Budget and Reporting
Recovery objective:
(i) In the event of an unplanned total interruption of the function/activity, it must achieve 50% operability within a maximum of 3 weeks, and 100% operability within a maximum of 45 days; and
(ii) In the event of risks or scenarios that, without causing a total interruption of the function/activity, disturb its normal exercise, the conditions necessary to achieve 50% operability must always be ensured, with 100% operability ensured within a maximum of 45 days.
Note: The recovery deadlines stipulated herein apply in the event of risks or scenarios likely to affect the functioning of the Management Entity’s organizational human resources structure.
In the event of risks or scenarios likely to affect the operation of technological infrastructures and the use of the Company’s physical infrastructures, the recovery deadlines set out below shall apply.
Considering the size of the Management Entity’s organizational and human resources structure, the recovery strategy for business functions is ensured by the fact that departments and the Board of Directors operate in close connection.
The risks of critical business functions arising from the unavailability or temporary absence of human resources are minimized by the possibility that, at any time, various employees can accumulate different functions.
It is the responsibility of the Board of Directors of the Management Entity to monitor and assess the risks of critical business functions arising from the impact on the organizational and human resources structure, analyzing, for each specific case, the need for new recruitment.
a) Technological infrastructures
The Management Entity maintains, through a service contract, IT backup systems that ensure the safeguarding and recovery of IT data in the event of risks or scenarios temporarily affecting the use of those resources.
From a risk prevention perspective, the Management Entity uses autonomous power systems that ensure the temporary operation of technological infrastructures in the event of power failures.
Furthermore, the Management Entity has implemented antivirus systems and other software programs that ensure protection against cyber-attacks.
For the proper operation of the backup systems, all information contained in the database used by the specific software essential to business functions must be safeguarded.
Under the IT services contract, backups are stored in the company’s headquarters building and in an external location.
In the event of an unplanned total interruption of the operation of technological infrastructures affecting business functions, 100% operability must be recovered within a maximum of 15 days.
b) Physical infrastructures (primary)
Given the location and characteristics of the primary infrastructures of the building where the Management Entity operates, the risks of flooding, collapse, burglary, or vandalism are not considered to justify the adoption of alternative updated physical infrastructures prepared to be occupied at any time (“hot sites” or “cold sites”), whose inherent costs would not justify such a safeguard measure.
Likewise, fire risk, although more plausible, is also considered minimal in view of the safety measures, systems, and emergency plans implemented in the building.
c) Intrinsic relationship between the use of technological infrastructures and the use of physical infrastructures (primary)
Given the nature, size, and complexity of the business and the Management Entity’s organizational model, in the unlikely event of fire, collapse, flood, vandalism, or another event making the current physical infrastructures unusable, it is considered that business functions can be ensured at 100% operability within a maximum of 15 days through recourse to external contracts providing compatible IT systems.
The BCP will be set in motion by the implementation team, to be appointed by decision of the Board of Directors, whenever it is informed of the existence of a threat and such activation is justified.
Upon a report or spontaneous awareness of a threat, the Board of Directors will confirm the need to trigger the BCP.
The implementation and management of the BCP are carried out by the Board of Directors.
The implementation and management of the BCP will ensure, whenever necessary, communication to the Company’s employees and other stakeholders, through the most appropriate means of communication at each time, regarding the decisions made concerning the execution of the BCP.
The Management Entity has a contracted IT support service that ensures, at all times and in accordance with established objectives, the prompt recovery of technological infrastructures in the event of serious failure, without relevant prejudice to the performance of business functions.
The procedures to be implemented in a scenario of serious technological infrastructure failure are contractually provided.
Given the nature, size, and complexity of the business and the company’s organizational model, it is considered possible to promptly relocate the Management Entity’s organizational structure to an alternative space.
As indicated above, the relocation of the Management Entity’s organizational structure to an alternative space includes the use of external contracts providing compatible IT systems.
The Management Entity adopts the evacuation plan established for the building where its organizational structure is located, prepared by the building manager.
In the event of modification, disclosure, or accidental or unauthorized destruction of information, the principles governing the BCP remain in effect. Regardless of the possibility of consulting physical documents, the Management Entity’s employees, and especially the Board of Directors, must ensure its application in the manner most consistent with what is prescribed herein.
Action in a situation requiring BCP activation must be guided by the underlying purposes of the plan, namely the preservation of the Management Entity’s activity and the AIFs it manages, and minimizing damages as much as possible.
Thus, if a situation of modification or destruction of information is reported or detected by an employee of the Management Entity, the team responsible for implementing and managing the BCP must use the archived backup files, if possible, with this operation being carried out in the shortest possible time.
If a contingency occurs that compromises the normal continuity of the Management Entity’s activity and/or that affects in any way the entities related to it, as described above, it is the responsibility of the BCP implementation team, as applicable, to directly communicate to participants, regulators, and/or suppliers (i) the occurrence verified, (ii) the impact on the entity in question, and (iii) the expected timeframe for restoring normality.
Such communications will be made in writing, using the method normally used and/or contractually and/or legally required to communicate with the entity in question.
The Management Entity will ensure, whenever necessary, the performance of tests, simulations, training, and/or other procedures to prepare for the activation of the BCP and to verify its quality and updating, in situations of minimal to extreme risk, and the BCP must be internally audited and updated whenever there is a substantial and qualitative change in the company’s activity.