BUSINESS CONTINUITY PLAN

Trevian Asset Management Oy treats risk management as an ongoing process in which risks and interdependencies that compromise operations are identified and assessed as part of the day-to-day activities. The business continuity objective is not to achieve a state that is completely free of disruptions, as unwanted situations come up in the normal running of business and society around it. The objective is, however, to create an environment in which Trevian Asset Management Oy can operate fully aware of disruptions, taking preventive, protective and restrictive measures to ensure the continuity of Trevian Asset Management Oy’s operations even in the event of disruptions.  

The continuity plan provides a framework for managing major crises in Trevian Asset Management Oy’s operations. The continuity plan determines the procedures and roles required to manage a crisis. It provides guidance for mobilising the crisis management team and implementing practical measures. In addition to the business continuity plan, Trevian Asset Management Oy also complies with industry-specific laws and regulations on risk management, guidelines and policies approved by the company’s Board of Directors and statutory plans such as the rescue plan and the occupational health and safety policy. 

Identifying crises 

A crisis is an event that threatens the safety of the premises and the staff and/or the operations, reputation or property of Trevian Asset Management Oy. A crisis may also be related to a client’s property and be similar to a crisis at Trevian Asset Management Oy. A crisis may result from a single event or a series of events or simultaneous events. 

Signs of a major crisis include: 

  • An event that involves the company that may have serious adverse effects on the reliability of the company’s operations 
  • An event that results in the suspension of the company’s operations 
  • An event that involves the misuse of funds  
  • An event that may have legal consequences for the company 
  • An event that results in negative media coverage  
  • An event that results in the death or serious injury of an employee of the company 

Taking control of the crisis 

  1. The process 
  1. Crisis Management Team 

The CEO must be notified of all disruptions without delay. Depending on the extent and nature of the disruption, the CEO invites all or part of the Crisis Management Team to take over the situation and communications. Additional members are appointed to assist the team as necessary. 

 Crisis Management Team  (CMT)   Person in charge  Responsibilities 
   Head of the CMT    Reima Södervall, CEO  Leads the CMT, is ultimately responsible for employee safety and well-being as well as continuity plan measures to minimise the impact of the event on staff, clients and stakeholders.  
      Finance   Minna Jussila, CFO  Responsible for planning and implementing measures to manage the company’s financial stability during the crisis.  
  Staff   Tiina Kaakkolahti, HR Director  Responsible for planning and implementing measures to support employees during and after the crisis.   
 Responsibility  Kim Särs, CCO  Responsible for the operational measures of crisis management and the overall coordination of the response together with the CM team leader.  
  Property safety   Hannu Tamminen, Head of Technical ManagementResponsible for safety issues related to work on properties, such as whether buildings are safe and accessible and whether employees need to be relocated.  
 Communications Daniel Tuori, Marketing and Communications Director Responsible for communications throughout the event and post-crisis communications.  
 Information systems and data security Vetonaula Oy, ICT partnerCoordinates and ensures the functionality of information systems and data security during and after the crisis.  
  1. Assessing the situation and managing the process 

A crisis can arise without warning and may be characterised by elements such as a lack of information, multiple options and critical decisions that have to be made quickly. Assessing the situation and taking control of the consequent actions: 

1. Initial Assessment  
What are the known facts of the incident and what is/is not confirmed (who is affected, what has happened, when, where, how?)  
Is there anything that needs to be done immediately to protect against further harm /damage?  
Immediate secondary risks analysed  
2. Immediate Actions  
Call in CMT & assign roles    
External expertise (legal, negotiators, etc.) necessary?  
Contact with those who may be affected  
Contact list  
  
3. Ongoing management  
What information do we have about the situation / what else do we need?  
Who else needs to be briefed and by whom?  
Response plan incl. risk assessment  
Back-up CMT members identified (in the event it is a long running crisis)  
Media, clients, partners, etc. communications plan  
Periodic evaluation of actions taken so far (e.g. objectives met, review of response plan, communications, etc.)  
4. Recovery  
Organisation stands down from crisis mode & CMT resume normal roles  
Resumption of project activities  
Debriefing of staff and partners  
Post-crisis care  
Statement to media  
Immediate analysis of management of longer-term consequences arising from the crisis  
Reassessment of security risks by crisis (to include our reputation)  
Review of security measures in place and their effectiveness in the crisis  
Financial losses analysed  
5. Evaluation (to take place within 1 month of the crisis ending)  
Participatory evaluation involving relevant stakeholders  
Overall evaluation (to include what happened and why, what was done well, what could have been better managed)  
  1. The back-up system 

All Trevian employees have a designated back-up person to mitigate or avoid crises. The back-up persons may be familiar with the duties and responsibilities of the persons responsible and of their partners so that they can act quickly in a crisis without the involvement of the actual person responsible. 

  1. IT systems 

Trevian uses cloud-based IT systems, and every employee can work outside the office. The IT system is designed so that all employees can work at the same time.  

The security of the IT system is the responsibility of an external consultant who also serves Trevian employees on IT system-related issues and ensures that the systems always work for all employees.  

Documents related to Trevian Asset Management Oy’s business continuity plan: 

  • Code of Conduct 
  • Anti-bribery policy 
  • Whistleblowing policy 
  • Guidelines for the prevention of money laundering and terrorist financing 
  • In-house data security instructions and data security training 
  • Guidelines for supervisors in the event of sudden crises  
  • The back-up system, business operations and support functions 
  • Rescue plan for properties 
  • Occupational health and safety guidelines 
  • Occupational health and safety commission action plan 202
  • List of employees with EA1 training 
  • Crisis communications plan 
  • Business continuity procedures from an HR perspective

Approved by Trevian Asset Management Oy Board of Directors on 28 February 2024.