![x [OR] [AmB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/c17ea734-ce39-46d1-9b00-ce39367ccfc1.png)
CBS-5 Investment & Wealth Management
![[OR] [AmB] [E3] [CBS] [5] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/a2de3c99-9747-4d4c-ad93-bf8b6bb98d7b.png)
Identifying Severe but Plausible (SBP) scenarios is a core step in operational resilience because it pushes the organisation to think beyond routine risk events and consider disruptions that are extreme in impact yet realistic in today’s environment.
For AmBank’s Investment & Wealth Management services, this means examining how market volatility, technology failures, third-party issues, regulatory actions, and cyber threats could materially disrupt the delivery of advice, execution, reporting, and client protection.
The objective of this chapter is to help stakeholders systematically visualise where and how such shocks could affect each critical process, so that resilience measures are grounded in credible stress conditions rather than abstract risks.
Below is a recommended set of SBP scenarios mapped to each detailed process under CBS-5 Investment & Wealth Management, together with likely impacts, proactive actions, and explicit links to cyber and ICT risk integration.
![Banner [Table] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/f4f3c007-e864-48cd-8bc1-0242c8b7fd86.png)
Table P5: Identify Severe but Plausible Scenarios for CBS-5
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
5.1 |
Wealth Advisory & Financial Planning |
Prolonged outage of the advisory platform during the period of extreme market volatility |
Inability to provide timely advice; client losses; reputational damage |
Alternate advisory channels (phone/manual), pre-approved market playbooks, and advisor training for crisis periods |
Resilient advisory systems, DR site for CRM/planning tools, secure remote access for advisors |
|
5.2 |
Unit Trust & Fund Distribution |
Major fund house suspension/redemption gate due to market stress |
Liquidity constraints, surge in complaints, and regulatory scrutiny |
Pre-defined communication scripts, liquidity risk disclosures, and diversification guidance |
Integration with fund platforms’ cyber posture, secure API connectivity, and vendor ICT risk assessments |
|
5.3 |
Fixed Income & Direct Bond/Sukuk Investments |
Market infrastructure disruption (e.g., trading/settlement system outage) on the coupon or maturity date |
Settlement delays, financial loss, and client dissatisfaction |
Settlement contingency procedures, backup brokers/custodians, liquidity buffers |
Redundant connectivity to market systems, SWIFT security controls, and a tested BCP for treasury systems |
|
5.4 |
Dual Currency & Structured Products |
Extreme FX movement triggers large client losses and system capacity strain |
Margin calls, disputes, and conduct risk exposure |
Robust suitability assessments, stress illustrations, limit frameworks |
High-availability pricing engines, cyber-secure market data feeds, and system load testing |
|
5.5 |
Equities & Capital Markets Services |
Cyberattack on the trading platform is causing a trading halt or data integrity concerns |
Trade failures, financial/reputational loss, and regulatory issues |
Incident response drills, trade reconstruction procedures, and client communication protocols |
SOC monitoring, DDoS protection, multi-factor authentication, and real-time integrity monitoring |
|
5.6 |
Private Banking & HNW Solutions |
Relationship manager compromise (phishing) leading to fraudulent instructions |
Potential unauthorized transactions; trust erosion |
Call-back verification, transaction monitoring, and RM cyber awareness |
Privileged access controls, endpoint protection, and secure client communication channels |
|
5.7 |
Bancassurance & Wealth Protection |
Insurer partner system breach affecting policy data and processing |
Delays in policy issuance/claims; data privacy risk |
Strong SLAs with insurers, data sharing minimisation, and joint incident exercises |
Third-party cyber risk management, encrypted data exchange, API security reviews |
|
5.8 |
Estate & Legacy Planning (Will/Wasiat) |
Loss/corruption of digital will records or document repository |
Legal disputes; service disruption; reputational impact |
Secure document management, off-site backups, periodic data integrity checks |
Immutable backups, access logging, encryption at rest, and in transit |
|
5.9 |
Client Reporting & Compliance |
Regulatory reporting system failure near submission deadline |
Late/incorrect submissions; penalties |
Manual fallback reporting, regulatory liaison protocols, buffer timelines |
Redundant reporting systems, data validation controls, and secure data pipelines |
![Banner [Summing] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/446ccb83-e056-40d0-aae5-834d73c13f43.png)
Developing and maintaining a clear view of Severe but Plausible scenarios enables AmBank to shift from reactive recovery to deliberate resilience design. By linking each critical wealth management process to credible disruption scenarios and embedding cyber and ICT considerations into the analysis, the bank can prioritise investments, strengthen cross-functional coordination, and demonstrate to regulators that resilience is actively managed.
As the operating environment evolves, these scenarios should be refreshed regularly, tested through exercises, and used to guide continuous improvement so that Investment & Wealth Management services remain dependable even under extreme stress.
![[OR] [AmB] [E3] [CBS] [5] [DP] Investment & Wealth Management](https://no-cache.hubspot.com/cta/default/3893111/054587f1-9cdf-4719-abc4-4c23c7ae60f1.png)
![[OR] [AmB] [E3] [CBS] [5] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/2624f5f2-4690-437c-a5eb-3208d31f95a4.png)
![[OR] [AmB] [E3] [CBS] [5] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/7e4bda11-21c4-4766-845f-0f354d946627.png)
![[OR] [AmB] [E3] [CBS] [5] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/87415dba-db74-4e77-8c6c-2ba04b4d24e0.png)
![[OR] [AmB] [E3] [CBS] [5] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/f467c271-ca6d-4725-98e9-6fff67ba94f7.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
