Kathmandu. The International Association of Insurance Supervisors (IAIS) has released an important guide called “Operational Continuity Implementation Guide” to strengthen the operational resilience of the insurance sector.
The document, prepared by IAIS, which represents insurance regulators from more than 200 jurisdictions through its working group, is intended to provide insurance regulators around the world with practical tools to strengthen the operational risk management of insurance companies.
The release of this guideline is seen as an important step in global insurance regulation at a time when the insurance industry is becoming more reliant on technology, interconnection with third-party service providers and cyber risks are increasing. The IAIS has identified digital innovation and cyber risk as key strategic themes in its 2025-2029 Strategic Plan.
The IAIS guide is mainly divided into two parts.
1. Operation Continuity Objective:
This section presents a high-level framework on how to ensure continuity of operations based on international standards of insurance regulation.
2. Guide
It incorporates practical regulatory practices and implementation methods collected from regulatory bodies of different countries. It is designed as a flexible tool that can be customized to each country’s market conditions.
This guide is based on the core principles of insurance including ICP 2, 7, 8, 9, 10, 16, 24 and 25 .
The guide is divided into three sections: Good Governance and Operational Risk Management, Operational Continuity, Technical Aspects of Operations Continuity and Objectives for Insurance Regulators.
The first section deals with the accountability of the board of directors and management of insurance companies and the risk management system to the continuity of operations. Under this, the Board of Directors should develop a culture of risk, have adequate knowledge about cyber and information technology risks, senior management should ensure day-to-day implementation, and continuity in the three-tier risk control model.
Similarly, the main technical element of continuity is the second and most detailed part of this guide. It consists of seven sub-sectors.
- Listing of sensitive services: Insurance companies should prepare a detailed map of their critical services and the third and fourth party services associated with them.
- Impact Tolerance Status Check: Determine a limit on how long or how much damage a company can bear in the event of an interruption.
- Situation Testing: Testing for potential crisis situations at least annually.
- Incident Investigation: Clear procedures for reporting and managing operational incidents, including cyberattacks.
- Technical Risk Management: Protect, identify, respond and restore information technology security.
- Change Management: Adopt a controlled process when making changes to technology, service, or organization.
- Business Continuity Plan: Management Plan and Third Party Risk Management.
Importance for Nepal
This guide is also very relevant for Nepal. This can provide a practical roadmap especially for the Insurance Authority of Nepal and the insurance industry of Nepal.
Nepal’s insurance sector is undergoing rapid digitalization, mobile-based insurance services, dependence on cloud and IT service providers, expansion of bancassurance, etc. In this context, the guide provides guidance to insurers on the creation of a formal regulatory framework for continuity, technology and cyber risk standards for board members, cyber incident reporting systems, and risk-based regulation.
Continuity of operation is of particular importance for a country like Nepal, where the risk of earthquakes, floods and other natural disasters is high. The scenario audit and business continuity planning practices incorporated in this guideline are expected to help the insurance companies in Nepal to maintain continuity in the times of disaster. According to experts, this will help protect the interests of the insured as well as boost the confidence of international reinsurance companies and investors.
This guide provides clear guidance on how to strengthen good governance, risk management, technology security and service continuity of insurance companies.
For Nepal too, this document can be an important basis for developing a regulatory framework that matches international standards and making the insurance industry sustainable and safe in the long run.
The IAIS said it was preparing to finalise the 2025-2026 Roadmap after reviewing the recommendations received from the public consultation in 2025.
