Disruptions may arise from cyber incidents, technology failures, natural disasters, third-party outages, or operational errors. In an increasingly digital insurance environment, where customers depend on online platforms for policy servicing, claims submissions, and financial transactions, the ability to sustain critical services is a core organisational capability.
In Malaysia, operational resilience expectations are being shaped by regulatory developments from Bank Negara Malaysia (BNM). The 2025 Discussion Paper on Operational Resilience highlights the need for financial institutions—including insurers and takaful operators—to ensure that they can prevent, respond to, recover from, and adapt to operational disruptions while maintaining critical financial services.
This chapter identifies the Critical Business Services (CBS) of Great Eastern Life and explains how these services align with emerging operational resilience expectations for Malaysian insurance companies.
In operational resilience, a Critical Business Service (CBS) refers to a service that, if disrupted, would cause intolerable harm to customers, policyholders, the organisation, or the wider financial system.
A service is typically considered critical when its disruption would lead to:
Operational resilience frameworks focus on maintaining the delivery of services to customers, rather than simply restoring internal systems. This means the emphasis is on customer outcomes and market impact, not just IT recovery.
Examples of critical services in financial institutions often include:
Similarly, for an insurance company, services such as claims payment or policy servicing are typically considered critical because disruptions could directly harm policyholders.
Although Malaysia does not yet have a single consolidated operational resilience regulation, several regulatory expectations already exist and are being strengthened.
The operational resilience expectations from BNM for insurers include:
These expectations build upon existing regulatory frameworks, including:
The objective is to ensure that critical financial services remain available during stress events to preserve financial stability and public confidence.
As a major life insurance provider in Malaysia, Great Eastern Life delivers multiple services across the insurance value chain. From an operational resilience perspective, the following services are typically considered critical because their disruption could significantly affect policyholders.
|
CBS Code |
Critical Business Service |
Description |
Why Critical |
|
1 |
Policy Issuance & Underwriting Services |
Processing applications, underwriting assessments, and issuing new insurance policies |
Enables customers to obtain protection coverage |
|
2 |
Premium Collection & Policy Administration |
Collection of premiums, policy servicing, policy updates, and policy status management |
Maintains active insurance coverage for policyholders |
|
3 |
Claims Processing & Claims Payment |
Processing claims, validating policy coverage, and paying insurance benefits |
Direct financial support to customers during critical life events |
|
4 |
Customer Policy Servicing |
Policy enquiries, policy updates, beneficiary changes, and account servicing |
Ensures customers can manage and access their policies |
|
5 |
Digital Insurance Platform Services |
Online portals and mobile applications for policyholders and agents |
Provides customer access to insurance services |
|
6 |
Insurance Agent & Distribution Support |
Sales and servicing through insurance agents, bancassurance partners, and digital channels |
Primary distribution channel for insurance services |
|
7 |
Fund Management & Investment Services |
Management of policyholder funds and participating funds |
Supports policy benefits and investment-linked products |
|
8 |
Regulatory Reporting & Compliance Operations |
Reporting to regulators and maintaining compliance obligations |
Ensures regulatory compliance and financial system integrity |
Claims processing is one of the most critical services for any insurance company. Customers rely on insurers to provide financial support during events such as:
Disruptions to claims processing could cause severe financial hardship to policyholders and damage the insurer’s reputation.
Key processes involved include:
Operational resilience measures must ensure that claims payments can continue even during major disruptions.
Premium collection ensures that policyholders maintain active coverage. Failure in this service could lead to:
Operational resilience requires insurers to ensure that:
This service enables customers to obtain insurance protection. Disruptions could prevent customers from obtaining coverage when needed.
Operational resilience considerations include:
Digital transformation has made online services a key delivery channel.
Examples include:
These platforms have become critical because customers increasingly rely on digital access to manage their insurance policies.
Each critical business service depends on multiple operational components.
Typical dependencies include:
People
Technology
Third-Party Providers
Infrastructure
Operational resilience requires insurers to map these dependencies end-to-end to understand where disruptions could occur.
BNM encourages financial institutions to test their resilience against severe but plausible scenarios.
Examples relevant to Great Eastern Life include:
|
Scenario |
Potential Impact |
|
Cyberattack on insurance systems |
Disruption of policy servicing and claims processing |
|
Cloud provider outage |
Loss of access to digital insurance platforms |
|
Pandemic workforce disruption |
Reduced claims processing capacity |
|
Data centre outage |
Interruption to core insurance systems |
|
Third-party medical verification failure |
Delays in claims approval |
|
Major natural disaster |
Increased claims volume and operational strain |
These scenarios help organisations test whether they can maintain service delivery within acceptable impact tolerances.
Operational resilience requires strong governance.
Key governance elements include:
The board is responsible for ensuring that operational resilience is integrated into the organisation’s risk management framework.
Each critical business service should have a designated service owner responsible for:
Risk management teams ensure alignment with regulatory expectations and operational resilience frameworks.
Operational resilience requires insurers to move beyond traditional business continuity planning and focus on maintaining critical services for customers during disruptions. For Great Eastern Life, identifying critical business services such as claims processing, policy administration, and digital customer access provides the foundation for a structured operational resilience program.
By aligning with regulatory expectations from Bank Negara Malaysia and adopting best practices in operational resilience, Great Eastern Life can strengthen its ability to withstand operational disruptions while continuing to serve policyholders effectively.
Establishing clear ownership of critical business services, mapping dependencies, setting impact tolerances, and conducting scenario testing will enable the organisation to build a robust resilience capability that protects customers, strengthens market confidence, and supports the stability of Malaysia’s insurance sector.
Blogs marked [x] are under construction.
|
Implementing Operational Resilience in Insurance: A Practical Guide for Great Eastern Life |
|||
| eBook 1: Understanding Your Organisation: Great Eastern Life | |||
| C1 | C2 [x] | C3 [x] | C4 [x] |
| C5 | C6 [x] | C7 [x] | C8 [x] |
For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|