Financial institutions are expected not only to maintain strong risk management and business continuity capabilities but also to demonstrate operational resilience—the ability to prevent, adapt to, respond to, recover, and learn from operational disruptions while continuing to deliver critical services to customers and the financial system.
Insurance companies such as Great Eastern Life play a crucial role in protecting individuals, families, and businesses from financial risks. Disruptions to key insurance services—such as policy administration, claims processing, premium payments, and digital customer services—can have significant consequences for policyholders, financial markets, and public confidence.
Recognising this, the Malaysian financial regulator, Bank Negara Malaysia (BNM), has introduced stronger expectations for operational resilience through policy frameworks and regulatory guidance. In particular, the 2025 BNM Discussion Paper on Operational Resilience outlines supervisory expectations for financial institutions to identify critical business services, set impact tolerances, map dependencies, and conduct severe but plausible scenario testing.
This eBook, “Implementing Operational Resilience in Insurance: A Practical Guide for Great Eastern Life,” presents a structured and practical methodology that can be applied by Great Eastern Life to build and sustain operational resilience capabilities aligned with regulatory expectations. The methodology is designed around three integrated phases:
Together, these phases provide a systematic approach to building a resilient insurance organisation capable of maintaining essential services even during severe operational disruptions.
The Plan Phase focuses on establishing the strategic and governance foundations required to support an operational resilience programme. For Great Eastern Life, this phase ensures that resilience initiatives align with organisational objectives, risk management practices, and regulatory expectations.
The first stage involves assessing Great Eastern Life’s current resilience capabilities across areas such as business continuity management, disaster recovery, ICT resilience, cyber security, third-party risk management, and crisis management.
BNM expects financial institutions to evaluate their operational risk management frameworks and resilience readiness as part of enterprise risk governance. A maturity assessment enables the organisation to identify strengths, weaknesses, and areas requiring improvement.
Following the maturity assessment, the organisation performs a gap analysis comparing current practices with regulatory expectations and industry standards.
Examples of regulatory expectations highlighted in the BNM discussion paper include:
This analysis provides clarity on what improvements are required for Great Eastern Life to achieve compliance and strengthen resilience capabilities.
In this stage, Great Eastern Life develops a multi-year operational resilience strategy and implementation roadmap. The roadmap defines:
BNM expects financial institutions to demonstrate clear board-level oversight and strategic direction for operational resilience initiatives.
Operational resilience requires defining the organisation’s risk appetite for service disruption. This includes establishing acceptable levels of downtime or disruption for services such as:
Regulators increasingly expect institutions to define impact tolerances based on customer harm, financial stability impact, and reputational damage, rather than purely technology recovery metrics.
The final stage of the planning phase involves establishing governance structures, including:
BNM emphasises that senior management and board oversight are critical for effective resilience governance. Insurance companies must demonstrate clear responsibility for ensuring critical services remain operational during disruptions.
The Implement Phase translates strategy into operational actions. It focuses on identifying critical business services and ensuring they can withstand severe disruptions.
Great Eastern Life must identify services whose disruption would cause significant harm to customers or the financial system. Examples include:
BNM’s operational resilience guidance highlights the importance of prioritising services based on potential customer harm and systemic impact.
Once critical services are identified, the organisation maps all supporting resources, including:
BNM emphasises the need for institutions to understand internal and external dependencies, including third-party service providers.
Impact tolerance defines the maximum acceptable level of disruption for a critical service.
For example:
|
Critical Service |
Example Impact Tolerance |
|
Claims Payment Processing |
Claims payments restored within 24 hours |
|
Policyholder Online Portal |
Maximum disruption of 4 hours |
|
Premium Payment Processing |
No settlement delays beyond one business day |
BNM encourages financial institutions to set impact tolerances based on customer harm, financial impact, and regulatory obligations.
Scenario testing evaluates whether the organisation can remain within impact tolerance during severe disruptions.
Examples of severe but plausible scenarios include:
BNM expects financial institutions to conduct regular resilience testing and simulations to validate their operational capabilities.
Following scenario testing, Great Eastern Life should document lessons learned and implement improvements to strengthen resilience. Continuous improvement ensures that resilience capabilities evolve alongside emerging threats and technological changes.
The Sustain Phase ensures that operational resilience becomes an enduring organisational capability rather than a one-time initiative.
Operational resilience must be embedded into organisational culture. Employees across all departments—from underwriting to IT—must understand their role in maintaining service continuity.
A structured communication framework is required to manage crises and operational disruptions. This includes:
BNM expects financial institutions to maintain clear crisis communication mechanisms with regulators and stakeholders.
Regular training and awareness programmes ensure that employees understand resilience procedures, crisis response protocols, and operational recovery responsibilities.
Self-assessments allow the organisation to periodically review its resilience capabilities and identify areas for improvement. This includes internal audits and management reviews.
Independent reviews—such as internal audit or external assessments—provide assurance that operational resilience frameworks remain effective and aligned with regulatory expectations.
BNM expects financial institutions to demonstrate ongoing monitoring, testing, and improvement of resilience capabilities.
Operational resilience is becoming a fundamental expectation for financial institutions worldwide, including insurance companies operating in Malaysia. For organisations such as Great Eastern Life, building operational resilience is not only a regulatory requirement but also a strategic capability that protects policyholders, safeguards financial stability, and strengthens customer trust.
The three-phase Operational Resilience Planning Methodology—Plan, Implement, and Sustain—provides a structured framework for developing and maintaining resilience capabilities across the organisation. By establishing governance and strategic direction in the planning phase, identifying and testing critical business services in the implementation phase, and embedding resilience into organisational culture in the sustainment phase, Great Eastern Life can effectively prepare for and respond to operational disruptions.
Aligned with expectations from Bank Negara Malaysia, the approach outlined in this eBook ensures that Great Eastern Life can identify critical services, manage dependencies, define impact tolerances, conduct scenario testing, and continuously improve its resilience capabilities. Ultimately, operational resilience enables the organisation to deliver essential insurance services reliably—even during periods of significant disruption—thereby protecting customers, maintaining regulatory compliance, and supporting the stability of Malaysia’s financial system.
Blogs marked [x] are under construction.
Implementing Operational Resilience in Insurance: A Practical Guide for Great Eastern Life |
|
|
|
|||
| C1 | C2 [x] | C8 [x] | C14 [x] | |||
|
Implementing Operational Resilience in Insurance: A Practical Guide for Great Eastern Life |
||||||
| ebook 2: Implementing Operational Resilience for Great Eastern Life | ||||||
| C1 | eBook 1 | eBook 2 | eBook 3 | C20 [x] | C21 [x] | |
| "Plan" Phase of the Operational Resilience Planning Methodology |
||||||
| C2 [x] | C3 [x] | C4 [x] | C5 [x] | C6 [x] | C7 [x] | |
| "Implement" Phase of the Operational Resilience Planning Methodology | ||||||
| C8 [x] | C9 [x] | C10 [x] | C11 [x] | C12 [x] | C13 [x] | |
| "Sustain" Phase of the Operational Resilience Planning Methodology | ||||||
| C14 [x] | C15 [x] | C16 [x] | C17 [x] | C18 [x] | C19 [x] | |
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|