with stakeholders and mitigation strategies should get  organisation to continue operating during and after a
             devised with appropriate monitoring and control.  disaster. BCPs (business continuity plans) are an essential
                                                              element of a BCMS.
          d) Risk Awareness :- Sensitization and awareness creation
             of risk management across the company are must for  BCPs typically detail how to manage incidents that affect the
             Risk Aware Culture.                              organisation's business-critical processes and activities, from
                                                              failure of a single server all the way through to complete
          My Risk Mantras for Risk Awareness is-
                                                              loss of a major facility. Best practice for business continuity
          1) Propagate ERM as "Everyone is a Risk Manager",
                                                              planning is set out in ISO 22301.
          2) Educate stakeholders to be "Be Risk Aware, Be Data
                                                              Disaster recovery planning usually takes place within the
             Aware and Be Secure",
                                                              BCMS framework. Disaster recovery plans are often relatively
          3) I work to "Integrate Risk Management with Strategy &
                                                              technical and focus on the recovery of specific operations,
             Performance".
                                                              functions, sites, services or applications. A single BCP might
                                                              contain or refer to a number of disaster recovery plans. Best
          How  Important  is  Business  Continuity
                                                              practice for disaster recovery is set out in ISO 22301.
          Management in Today's Environment?
          BCM  involves  planning  for  any
                                                 "Globally, corporate governance regulations
          potential  disaster  by  identifying
          potential threats to an organisation  require directors to "exercise reasonable care, skill
          and analysing their impact on its day-
                                                   and diligence" to mitigate risks facing the
          to-day operations.
                                                                     organisation"
          Effective BCM ensures the business can
          provide a minimum acceptable service
          in the event of a disaster, and helps preserve corporate  Fraud in Indian Insurance Industry has been a
          reputation, image and revenue.                      Major Cause of Concern. Why Insurance fraud is
          A growing body of legislation requires businesses in essential  Continuing to Grow and Insurers have not been
          areas  to  implement  effective  business  continuity  able to Cap it Fully. Do you Think IRDAI Should
          arrangements. Globally, corporate governance regulations  Come Out With a Comprehensive Policy?
          require directors to "exercise reasonable care, skill and
                                                              Insurance  fraud is one  of  the  most  serious problems
          diligence" to mitigate risks facing the organisation.  threatening viability of insurance companies. Insurance
          Implementing effective BCM is the best-practice approach  frauds are driving up the overall costs of insurers and
          to effectively manage business interruptions and incidents,  premiums for policyholders.
          and to meet the directive's requirements.           It encompasses a wide range of illicit practices and illegal
          The current cyber threat landscape has made business  acts like
          leaders more aware of the risks of cyber-attacks, and the  1) Insurance Claims Fraud - Deadman Insurance etc.
          importance of being able to respond to and recover from  2) Bogus  Business  -  Non  Existence  of  Insured  and
          such attacks.                                          Insurance Policy is being issued etc.
          Effective  BCM,  based  on  international  best-practice  3) Medical Impersonation - Health Misrepresentation etc.
          standards such as ISO 22301, can protect organisations from  4) Dual Employment- Person working in two organizations
          widespread business disruption in the event of a successful  at a time etc.
          cyber-attack.
                                                              Insurance  companies have  witnessed  increase  in  the
          An effective BCMS (business continuity management system)  number  of  fraud  cases  since  couple  of  years.  Risk
          is  centred  around  the  BCM  lifecycle,  which  involves  management has been acquiring monumental importance
          identifying threats, performing a business impact analysis,  in insurance industry. Insurance business is of dynamic
          designing and implementing a business continuity plan,  nature that puts an additional onus on risk management.
          compiling  documentation,  measuring  and  testing  So  insurance  companies  need  comprehensive  risk
          performance, and maintaining and improving BCM processes.  management strategies that involve fraud risk assessment
                                                              and fraud prevention.
          Business continuity planning involves developing, testing
          and maintaining business continuity plans that enable an

          34  The Insurance Times, July 2019