![x [OR] [MLRE] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/141492be-2bd8-434d-a664-dfdf2c7480ba.png)
CBS-2 Claims Processing & Settlement
Introduction
![[OR] [MLRE] [E3] [CBS] [2] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/ab5ccead-fc84-4c45-97a7-8eae692d6526.png)
The organisation discussed in this chapter is Malaysian Life Reinsurance (MLRe), a licensed professional reinsurer operating within Malaysia’s financial services sector and subject to the supervisory expectations of Bank Negara Malaysia (BNM).
In line with BNM’s 2025 Discussion Paper on Operational Resilience and the principles outlined in the BCM Institute blog “[OR] [P2-S4] What is Severe but Plausible Scenarios in Operational Resilience,” severe but plausible scenarios are those that are extreme in impact yet realistic enough to occur within the operating environment.
For Critical Business Service (CBS-2) Claims Processing & Settlement, the identification of severe but plausible scenarios ensures that MLRe can continue to honour reinsurance claims obligations within defined impact tolerances, even under cyber, ICT, third-party, or operational disruptions.
![Banner [Table] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/f4f3c007-e864-48cd-8bc1-0242c8b7fd86.png)
Table P5: Identify Severe but Plausible Scenarios for CBS-2
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action (Evidence) |
Link to Integration of Cyber & ICT Risk |
|
2.1 |
Claim Notification & Receipt |
Distributed Denial-of-Service (DDoS) attack on the claims submission portal during a catastrophe event |
Inability of cedants to notify claims within the required timeframe; backlog accumulation |
Redundant submission channels (secure email, SWIFT, hotline); DDoS mitigation service; tested surge procedures |
Cyber attack resilience, network monitoring, SOC alerts, and ICT capacity stress testing |
|
2.2 |
Document & Data Verification |
Ransomware encrypts the document management system |
Inaccessibility of claim documents; delay in verification; potential data breach |
Immutable backups; endpoint detection & response (EDR); offline recovery testing; cyber playbooks |
Backup resilience, privileged access management (PAM), and ransomware response integration |
|
2.3 |
Preliminary Assessment & Triage |
Sudden 300% spike in claims due to regional pandemic or natural catastrophe |
Triage bottlenecks; breach of service level agreements (SLAs) |
Pre-defined catastrophe surge plan; cross-trained staff; automated triage rules engine |
ICT scalability testing, cloud auto-scaling, stress-testing against peak load |
|
2.4 |
Detailed Claims Assessment |
Core claims assessment system outage due to data centre failure |
Suspension of assessment activities; impact tolerance breach |
Active-active data centre setup; disaster recovery (DR) site with tested RTO/RPO |
DR testing aligned to impact tolerance; ICT resilience metrics reporting |
|
2.5 |
Third-Party Engagement & Investigation |
External loss adjuster suffers a cyber breach compromising shared claim data |
Confidentiality breach; reputational damage; regulatory reporting requirement |
Third-party cyber due diligence; contractual security clauses; secure file transfer protocols |
Third-party ICT risk assessment; vendor monitoring; integration into enterprise cyber risk register |
|
2.6 |
Claims Decisioning & Approval |
Internal fraud or manipulation of the approval workflow via compromised credentials |
Financial loss; regulatory sanction; erosion of trust |
Segregation of duties (SoD); multi-factor authentication (MFA); transaction monitoring |
Identity & access management controls; insider threat detection analytics |
|
2.7 |
Settlement Calculation & Fund Disbursement |
Payment system outage or SWIFT connectivity disruption |
Delayed settlement to cedants; liquidity strain; contractual penalties |
Alternative payment channel; liquidity buffer; payment contingency playbook |
Payment system cyber resilience; integration with treasury ICT continuity plans |
|
2.8 |
Claim Communication & Reporting |
Email server compromise leading to phishing or misinformation to cedants |
Misinformation; reputational damage; possible financial fraud |
Secure email gateway; DMARC/SPF controls; communication verification protocol |
Email security controls, cyber awareness training, and incident escalation integration |
|
2.9 |
Record Archival & Compliance Reporting |
Data corruption was discovered in archival storage due to a silent system failure |
Inaccurate regulatory reporting; audit qualification risk |
Periodic data integrity checks; hash validation; independent audit review |
Data integrity monitoring; ICT governance & audit alignment |
|
2.10 |
Continuous Improvement & Analytics |
Manipulation or corruption of analytics data affecting reserving insights |
Poor decision-making; mispricing risk exposure |
Data governance framework, role-based access, model validation process |
ICT data governance, AI/model risk management, cyber monitoring of analytics platforms |
![Banner [Summing] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/446ccb83-e056-40d0-aae5-834d73c13f43.png)
The identification of severe but plausible scenarios for CBS-2 Claims Processing & Settlement enables Malaysian Life Reinsurance to test the resilience of its claims value chain against extreme but credible disruptions.
These scenarios extend beyond traditional disaster recovery considerations to include cyber-attacks, ICT system failures, third-party vulnerabilities, fraud, and surge events — consistent with supervisory expectations articulated by Bank Negara Malaysia.
By linking each Sub-CBS to integrated cyber and ICT risk controls, MLRe demonstrates proactive operational resilience management — ensuring that even under severe stress, the organisation can remain within defined impact tolerances, protect cedant confidence, and maintain financial stability.
![[OR] [MLRE] [E3] [CBS] [2] [DP] Claims Processing & Settlement](https://no-cache.hubspot.com/cta/default/3893111/fa2b8c5e-59f3-4868-a847-c5debe25ae40.png)
![[OR] [MLRE] [E3] [CBS] [2] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/18d7ac36-ab95-4332-93c1-dbc1a6302a3b.png)
![[OR] [MLRE] [E3] [CBS] [2] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/048b10e9-8823-4add-8968-81473caadce5.png)
![[OR] [MLRE] [E3] [CBS] [2] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/10c27e92-7ff4-4d19-b55c-c22e980f5cdb.png)
![[OR] [MLRE] [E3] [CBS] [2] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/adb3fe63-90b0-4417-b83e-aa17b6cfd30a.png)
For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
