EFTA01375836.pdf

Deutsche Bank May 2017 Dear Client, Deutsche Bank (DB) recognizes that significant business disruptions are a possibility. We have in place comprehensive business continuity procedures designed to minimize the impact of any significant business disruption. This letter summarizes the measures DB has taken through our global Business Continuity Management Program to respond to significant business disruptions. Deutsche Bank's Business Continuity Management Program Deutsche Bank is committed to protecting its staff and ensuring the continuity of critical Group businesses and functions in order to protect the Deutsche Bank franchise, mitigate risk, safeguard client services and sustain both stable financial markets and customer confidence. Deutsche Bank has developed, implemented and continues to test and maintain its global Business Continuity Management (BCM) program to ensure it attains these objectives. The BCM Program outlines core procedures for the relocation or the recovery of operations in response to varying levels of disruption. A number of scenarios are considered including: staff unavailability, complete loss of a single production site, loss of vendor services and loss of application software. These procedures provide information for responsible DB personnel to evaluate the business disruption and initiate appropriate action, including: - Safeguard employees' and DB property, - Communicate between DB and our employees, regulators, and clients, - Provide you, our client with access to your funds and securities, and - Protect DB books and records and recover/resume normal operations. Each of our core businesses functions and infrastructure groups construct and maintain their business continuity plans (BCPs) to ensure a continuous, reliable service. BCPs are based on predefined strategies, roles and responsibilities. BCPs are designed to ensure provision of the critical business processes and IT systems within predefined recovery time frames. BCPs are reviewed, updated and tested annually or when significant changes occur. In support of our BCM Program, DB maintains technical disaster recovery plans to protect and recover applications, information assets and technical infrastructure in the event of a facility failure or technology outage. In addition and because of specific identified vulnerabilities, further contingency measures are undertaken in India, the Philippines and Tokyo against complete loss of a city. Roles 8. Responsibilities The BCM Program has defined roles and responsibilities, which are documented in corporate standards (including the Technical Disaster Recovery Standard). This fosters a constant and effective approach to the provision of resiliency throughout DB and results in an efficient fit-for- purpose business continuity capability. The BCM Program is staffed and managed within each region by specialists who co-ordinate preparedness efforts with BCM-trained staff embedded in each business and infrastructure area. The Regional business continuity teams provide expertise and guidance to all business functions within DB in developing, implementing, testing and maintaining effective BCPs and recovery processes. Similarly, the Technical Disaster Recovery Standards are implemented regionally by Group Technology. The DB Management Board has delegated responsibility for Business Process Disruption Risk to the Global Head of IRRM (Information & Resilience Risk Management). The DB Management Board and Executive Directors of legally autonomous entities retain overall responsibility for policy setting, supervision and effective implementation of the BC Policy. Chinn only %portlier, Poled. Paul Adition Mainnen n Road Oyu (Clatmal.Mwcw Uhinck.Ctitsrita Senn& Dish* Baal Alulagestbchett <boletiII Fivarai am %INK Kimbedy Hama. RunIan Syhit Madent. Nicobar Mom LocalCoot of thiskfai MTh Mu. HIM No B1000. VAT ID No DEII4103179; GA Roddy. KM v Mt Wont Sielmwan wine an= CONFIDENTIAL - PURSUANT TO FED. R. CRIM. P. 6(e) DB-SDNY-0071462 CONFIDENTIAL SDNY_GM_00217646 EFTA01375836