PINS S6.2 What is business continuity risk?

(1) Business continuity risk is the risk of unexpected financial and non-financial losses (such as loss of data, premises and reputation) due to disruptions in an insurer's critical business operations.
(2) Disruptions may occur as a result of power failure, denial of access to work areas, fire, fraud, loss of key staff, failure of computer or data system, destruction of major equipment and security breaches arising from technology risk.

Note CTRL, rule 7.1.7 (3), requires an insurer to include, in its risk management strategy, contingency planning, business continuity, crisis management and fraud management. Under CTRL, rule 3.1.17, an insurer must review its business continuity procedures at least once every 18 months.
(3) Critical business operations are the business functions, resources and infrastructure that may, if disrupted, have a material impact on the insurer's business functions, reputation, profitability and policyholders.
Inserted by QFCRA RM/2013-1 (as from 1st January 2015).
Amended by QFCRA RM/2021-1 (as from 1st July 2021)