1. Disruptions in an Insurer's business can lead to unexpected losses of both a financial and non-financial nature (e.g. data, premises, reputation etc). Disruptions may occur as a result of events such as power failure, denial of access to premises or work areas, systems failure (computers, data, building equipment), fire, fraud and loss of key staff.
2. An Insurer's risk management system in respect of business continuity planning risk will normally be expected to include at least the following policies and procedures:
a. processes for identifying:
i. events that may lead to a disruption in business continuity;
ii. the likelihood of those events occurring;
iii. the processes most at risk; and
iv. the consequences of those events.
b. a business continuity plan (BCP) describing:
i. procedures to be followed if business continuity problems arise;
ii. detailed procedures for enacting the BCP, including manual processes, the activation of an off-site recovery site (if needed) and the person(s) responsible for activating the BCP;
iii. a communications strategy and contact information for relevant staff, suppliers, regulators, market authorities (including exchanges), major clients, the media and other key people;
iv. a schedule of critical systems covered by the BCP and the timeframe for restoring these systems;
v. the pre-assigned responsibilities of staff and procedures for training staff on all aspects of the BCP; and
vi. procedures for regular testing and review of the BCP; and
c. procedures for backing up important data on a regular basis and storing the information off site.