Business continuity and resilience in the Americas
19/10/2023 08:19 AM
Institutional resilience and the need to maintain operational continuity are concepts widely recognised in social security as the main indispensable characteristics for providing services to the population in the event of natural disasters or unforeseen catastrophic events. This has manifested itself over the years in efforts to strengthen processes, infrastructure and the resources that institutions have available to cope with different crises.
The COVID-19 pandemic acted as a catalyst, providing clear evidence of the importance and critical role of continuity and resilience in social security. This article aims to show how institutions in the Americas have implemented the approaches now mentioned in the ISSA Guidelines on Continuity and Resilience of Social Security Services and Systems published in 2022, which highlight the importance of institutional resilience in social security.
Illustrative image (internet)
In recent years, countries in the region have deployed different initiatives of social protection and implemented innovative and large-scale actions to provide immediate responses and achieve unprecedented coverage. The components that contribute to better and more resilient social security can be broken down into mechanisms to ensure continuity of services and response measures, both supported by extensive use of information and communication technology (ICT) and institutional capacity building. The pandemic was a real test for social security institutions. They responded by implementing initiatives of social assistance, social security and/or access to services to contain impacts on household incomes (ILO, ISSA and OECD, 2021; Palomo et al., 2022).
In social security, the most common measures taken during the pandemic were unemployment benefits, advance payment of contributory pensions and paid sick leave schemes. Depending on the situation, eligibility requirements were changed, the duration of benefits was extended and/or additional temporary amounts were allocated. Temporary unemployment benefits were made available in some countries where it was not provided on a regular basis. Measures were also implemented to enable people to preserve their employment, such as wage subsidies, discounts on social security contributions and credits to enterprises (Cejudo, Michel and De los Cobos, 2020; ILO, ISSA and OECD, 2021; Palomo et al., 2022; ISSA, 2021).
Social security information systems – with workers’ registries, contributions and benefits – together with social and tax records, played a key role in deploying measures to target formal workers, identify informal or low-income workers and, where appropriate, provide benefits for those without social protection (Cejudo, Michel and De los Cobos, 2020; ILO, 2020; Palomo et al., 2022).
To respond to these new needs and requirements, social security institutions have implemented various actions which are outlined in the guidelines developed on business continuity and resilience in social security institutions (ISSA, 2022a). These guidelines cover topics such as implementing response measures, ensuring continuity of operation and service delivery, and strengthening organizational capacity and resilience.
The institutions focused their efforts mainly on restructuring and improving their business processes, ensuring that services could be provided digitally, incorporating new services and service channels, facilitating access to services in a quick and easy way, reducing response times in the management of benefits and services, meeting the growing volume of requests and transactions, ensuring the quality of services, and improving communication channels with members (ISSA, 2020; Technical Commission on Information and Communication Technology, 2022).
ICT, the capacity to adapt and innovate, and the strengthening of business continuity plans made it possible to manage risks to ensure the continuity of information systems, operational processes and service delivery, meeting and even, in some cases, exceeding the committed service level standards (ISSA, 2021; Technical Commission on Information and Communication Technology, 2022).
While a number of measures were implemented only with a focus on response or to ensure operational continuity, all together they have strengthened institutional capacity and contributed to the long-term vision of becoming resilient organizations, regardless of the state of development in which the institution finds itself.
Continuity and resilience are concepts that have been clarified in recent years. The International Organization for Standardization (ISO) defines resilience as "the ability of an organization to absorb and adapt in a changing environment in order to meet its objectives and to survive and thrive", highlighting that increasing resilience can be a strategic objective and is the result of good business practices and effective risk management (ISO, 2017). Furthermore, the Information Technology Infrastructure Library 4 (ITIL 4) states that organizational resilience requires alignment with common vision and purpose; a thorough understanding of the organizational context; the ability to assimilate, adapt and respond effectively to change; effective risk management; good governance and management; and diversity in skills, leadership, knowledge and experience (ITIL 4 cited in Technical Commission on Information and Communication Technology, 2022).
On the other hand, ISO defines business continuity as “the ability of an organization to continue the delivery of products and services within acceptable timeframes at a predefined capacity during an interruption” (ISO, 2019).
While business continuity allows operations to resume as quickly as possible in the event of a disruption or, worse, a disaster, organizational resilience derives from institutional effectiveness and involves its capacity to adapt to change in order to strengthen itself and promote its growth over time (Anderson and De Tollenaere, 2020, cited in ECLAC, 2021). Considering these approaches, PricewaterhouseCoopers (PwC) refers that organizational resilience relies on business continuity, but with a much broader and strategic approach that helps to strengthen the organization's immune system (PwC cited in Technical Commission on Information and Communication Technology, 2022).
Figure 1. Business Continuity and Organizational Resilience
Source: ISSA elaboration based on PwC
The ISSA Guidelines on Continuity and Resilience of Social Security Services and Systems add to existing international standards as well as other guidelines by the International Social Security Association (ISSA) addressing the specificities of resilience and continuity in the context of social security administration (ISSA, 2022a). These guidelines provide strategies for developing preparedness and response actions. They also provide guidance for ensuring the continuity of services and the application of emergency measures in periods of disruption due to crises and extreme events (ISSA, 2022a).
The objective of the guidelines is to assist social security institutions to continue to provide essential services during crises or incidents; minimise the impact on the institution, assets, people and reputation; restore all functions and processes to normality in the shortest possible time and without disruption; rapidly implement social security measures; improve institutional preparedness through appropriate human and technological capabilities and emergency measures; strengthen institutional resilience and protect critical digital resources, in particular social security data (ISSA 2022a).
Figure 2. Structure of the ISSA Guidelines on Continuity and Resilience of Social Security Services and Systems
Source: ISSA, 2022a, and adapted from Mnisi, 2023.
The guidelines outline that governance and institutional capacity are the key pillars of resilient systems and that establishing business continuity plans is imperative for resilience. Social security institutions should therefore adopt a proactive approach to risk management, plan for potential risks, implement appropriate strategies to mitigate their impact and have a rapid response capacity in place (Mnisi, 2023).
ISSA provides ongoing support to social security institutions in the development of their business continuity and resilience strategies. A number of ISSA Guidelines are used in the process, in particular the ones on Information and Communication Technology (ISSA, 2022b), Good Governance (ISSA, 2019a), Human Resource Management in Social Security Administration (ISSA, 2022c), Promotion of Sustainable Employment (ISSA, 2022d) and Service Quality (ISSA, 2019b). The following good practices provide examples of such actions implemented in the Americas.
In order to guarantee a minimum income to vulnerable people during the COVID-19 pandemic, the Social Security Information and Technology Enterprise (Empresa de Tecnologia e Informações da Previdência Social – DATAPREV) implemented an information exchange mechanism between different institutions to identify vulnerable citizens eligible for emergency assistance (Auxílio Emergencial) (DATAPREV - Social Security Information and Technology Enterprise, 2023). The process allowed for effective targeting of the subsidy and involved the collection and integration of complementary information to the National Registry of Social Information (Cadastro Nacional de Informações Sociais – CNIS), through which the information of all insured persons and social security contributors is managed. To ensure an immediate response in the processing of high volumes of information and in the payment of assistance, the use of new technologies was adopted and the process of information exchange between government entities was simplified.
This initiative made it possible to reach thousands of Brazilians who were previously invisible to the state's assistance, work and social security measures. DATAPREV made a web application available to citizens so that they could apply for emergency assistance and check the status of their eligibility and subsidy payment. Information technologies, a detailed plan of the whole process, the use of up-to-date information and transparency in the eligibility criteria were decisive factors in the success of this strategy. The results obtained and lessons learned were capitalised on in the provision of other emergency assistance to the cultural sector, formal workers, businesses, self-employed cargo transporters and taxi drivers, among others.
As a direct response to the COVID-19 pandemic, the National Insurance Board of Grenada, through the National Insurance Scheme (NIS), implemented a web portal that allowed it to continue to provide services during the pandemic on a "one-stop-shop" basis with a client-centred approach (National Insurance Board, 2023). This innovation efficiently manages the entire process from the receipt of benefit claims to the issuance of the settlement decision. The use of ICT, the incorporation of digital data validation tools and the redesign of business processes were instrumental in reducing processing times and ensuring timely and accurate payment of benefits, as well as drastically reducing the possibility of discrepancies. The portal offers secure access mechanisms through one-time passwords (OTP) and allows real-time consultation of contributions and the status of requested procedures. Customer service and public relations teams were strengthened to raise awareness among users and facilitate adaptation to change.
The implementation of this strategy has had a positive impact on customers and is a "game changer" in the operation and resilience of the institution in the new environment. In addition, this innovation drove institutional plans to adopt a digital by default approach, assuming a green and paperless operation in the management of benefits.
The Guatemalan Social Security Institute (Instituto Guatemalteco de la Seguridad Social – IGSS) in Guatemala modified the regulatory framework so that suspensions due to COVID-19 illness are not counted within the 39-week maximum period for sickness payments (Social Security Institute of Guatemala, 2023). The purpose of this measure was to mitigate the impact of the economic consequences and the deterioration in the assets of workers, who could enjoy the full period of sickness payments associated with other illnesses. To implement this measure, the disability application process was optimised and the benefit payment information system was adapted.
These improvements made it possible to speed up the response time, deal with a high volume of pending claims, and make payments efficiently and effectively. The impact of this measure was highly positive considering that, in 2022, the number of suspensions due to COVID-19 disease reached the number of suspensions due to other sickness. The actions implemented improved the quality of service delivery, strengthened the institutional image and contributed to the construction of the electronic file. Based on the evaluation of the results, the IGSS identified the need to incorporate the use of ICT in all benefit management processes, reinforce the capacities and skills of its employees, strengthen its change management strategy and improve its risk management capacity.
In response to the social distancing measures imposed by the COVID-19 pandemic, Derrama Magisterial of Peru set up alternative channels for teacher affiliation: online self-registration through its website and by telephone (Derrama Magisterial, 2023). This initiative had a special emphasis on secure and fast enrolment for teachers located in areas distant from the Derrama Magisterial offices. The web portal and mobile application allow members to access different services and consult their individual account balances and movements. The paperless enrolment management significantly reduced the number of applications observed due to inconsistencies in the filling out of forms and the loss of documents.
The optimisation of the enrolment process and the use of information technology were key to improving the quality of service provided to new members. The strengthening of the telephone service capacity allowed for an increase in the number of effective enrolments. The validation of the identity of teachers using the biometric facial service provided by the National Registry of Identification and Civil Status (Registro Nacional de Identificación y Estado Civil) ensures the validity of the contractual operations carried out by members with the DM.
In early 2022, the Catholic Workers’ Circle of the Uruguay Mutual Fund (Círculo Católico de Obreros del Uruguay Mutualista – Círculo Católico) faced a major organizational challenge when it was appointed to receive 18,000 of the 50,000 members from another mutual health insurance company that closed its operations due to financial unviability (Catholic Workers’ Circle of the Uruguay Mutual Fund, 2023) This event, which affected the environment for integrated health care providers in Uruguay, made it necessary for Círculo Católico to design a strategic plan to rapidly expand its operational, technological and care capacity. The strategy implemented provided a resilient response and mitigated the risks associated with the significant increase in coverage and the short timeframe to adjust and adapt the entire organization to the new reality.
The process maintained a people-oriented approach to ensure continuity, quality and timeliness in the provision of health services and job continuity for the workers of the former mutual health insurance company rehired by the Círculo Católico. The use of ICTs; the reorganization of service delivery considering the acquired and refurbished health infrastructure; the improvement of spaces at the different levels of care and the improvement of the geographical accessibility of services ensured the responsiveness and quality of services. The process was guided by the provisions of the law, decrees and agreements signed between the parties involved. The application of principles of good governance, accountability, transparency and participation facilitated consensus and decision-making.
Table 1 summarises the results achieved by these institutions in the implementation of their digital transformation projects.
Governance and institutional capacity are essential elements for building organizational resilience. The Catholic Workers’ Circle of the Uruguay Mutual Fund, Uruguay took on the challenges of an external event as an opportunity for growth and strengthening of the institution, where governance and a clear assessment of institutional capacities favoured coordinated and effective work from the top management to achieve the objectives and commitments established with all stakeholders and, particularly, with its new partners.
Adequate risk management allows objectives to be met and expected results to be achieved. In Brazil's DATAPREV, adequate management of risks associated with the availability and timely delivery of updated information by public institutions – to identify the population eligible for emergency assistance – and changes in payment schedules, allowed it to meet the objectives set and generate learning for the deployment of other social protection measures. At NIS in Grenada, the Board of Directors and management monitored the implementation of the project to ensure that objectives were met and to manage adequate risk mitigation. At IGSS in Guatemala, the results achieved allowed them to identify the need to improve their risk management capacity.
Having a clear, simple and cross-cutting communication strategy that disseminates findings on risk-generating events and lessons learned provides certainty in change processes and contributes to generating a risk culture. The Catholic Workers’ Circle of the Uruguay Mutual Fund in Uruguay established multidisciplinary working teams and an effective communication strategy that facilitated the involvement and participation of all internal and external stakeholders (other institutions, trade unions, workers and partners). Derrama Magisterial also significantly modified communication processes, strengthening call centres and employing multi-channel strategies to reach out to members.
The use of technology, digital transformation and innovation are key factors in developing operational and organizational resilience, as they help to plan actions to strengthen the organization, restructure and optimise processes and define new scenarios to meet the growing demands of services in a more flexible and accelerated way. In the case of DATAPREV in Brazil, NIS in Grenada, IGSS in Guatemala, Derrama Magisterial in Peru and Catholic Workers’ Circle of the Uruguay Mutual Fund in Uruguay, technology and innovation capacity were differentiating elements to provide a rapid response, ensure continuity of operations and contribute to the development of organizational resilience.
Resilience in institutions is associated with the ability to manage risks, adapt and respond to change, and to a large extent, the effectiveness and timeliness of the responses they implement to respond to crises or incidents. Furthermore, business continuity assurance and organizational resilience must be managed through a process of improvement, which requires continuous review of progress and adjustment of contingency and continuity plans to ensure that institutional objectives are met. Resilience prepares institutions to face risks and threats as an opportunity for growth and strengthening.
While the concepts of resilience and continuity of services are not new, the crisis caused by the COVID-19 pandemic has acted as a catalyst to sensitise social security institutions to the need to materialise the opportunity for social security institutions to become more resilient by improving their capacities to adapt, change and cope with future crises in a more agile way (ISSA, 2020). In that sense, there is a duality between the agility of institutions to respond to an unexpected event and the institutional capacity to cope with such an event, and it is this relationship that forges resilient institutions. Ultimately, societies can only be as resilient as social security institutions are.
In this regard, social security institutions in the Americas have developed crisis response capacities in recent years, both to maintain the continuity of services and to implement new services and social programmes in a very short time frame, addressing the urgent needs of the affected population. To achieve this, as this article shows, institutions have relied on the use of technologies, communication strategies, risk management frameworks, human resources and strong institutional governance.
Finally, it is worth noting that sharing experiences is also a success factor in developing more resilient social security institutions and better able to respond to crises. This article, along with others related to the topic and the ISSA Guidelines on Continuity and Resilience of Social Security Services and Systems and other materials and events in the field, support institutions in developing their capacities.
ISSA
Sickness
Work Injury and Occupational Disease
Survivor’s
Old-age
Maternity
Unemployment
Medical (Health Insurance)
Certificate of coverage
VSS - ISSA Guidelines on Social Security