The COVID-19 pandemic, further illustrated the need for companies to have a more comprehensive operational resilience framework in place that takes into account the risks arising from the use of digital technology. The concept of operational resilience is not new, but recognition of the importance of adapting supervisory regimes to account for insurer´s growing reliance on digital systems is more recent.
Paper on Insurance Sector Operational Resilience
The International Association of Insurance Supervisors (IAIS) has published a paper identifying issues affecting operational resilience in the insurance sector and providing examples of how supervisors are addressing these issues.
The document focuses on four main components:
- Information collection and sharing. The document highlights the importance of supervisors having access to a range of information, including a company’s operational resilience framework and the potential threats impacting the insurance industry. To gather this information and understand the effectiveness of a company´s operational resilience framework, some supervisors proactively engage with the company’s Board and Senior Management.
- Cyber resilience. There is a need for greater consensus around best practices for assessing an insurer’s cyber resilience. In this regard, several tools and techniques (in isolation or combination) have been used by supervisors (e.g., Self-assessment Questionnaires).
- IT third-party outsourcing. There is a trend for supervisory authorities to require insurers to provide information on services outsourced to third parties.
- Business continuity management. There are many interconnections and interdependencies between different systems, participants, and service providers in the insurance sector, therefore the supervisory work has focused on Improvements to Business continuity management based on risks that arose during the pandemic, among other aspects.
Download the technical note on Paper on Insurance Sector Operational Resilience.