![x [OR] [AUB] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/ece32642-be56-464d-aae4-e4aa6a7f1734.png)
![[OR] [AUB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/66320b0d-ae53-45f1-91bf-f3d96663dc50.png)
CBS-1 Deposit & Account Services
Introduction
![[OR] [AUB] [PH] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/0e4c1f75-8c29-40b7-8747-92ccb947a8d2.png)
Scenario testing is a critical component of operational resilience, enabling Asia United Bank Corporation to validate its ability to continue delivering CBS-1 Deposit and Account Services under severe but plausible disruption scenarios.
In alignment with the BSP Circular No. 1203 Series of 2024, scenario testing must assess the bank’s ability to remain within defined impact tolerances and identify vulnerabilities across people, processes, technology, and third-party dependencies.
Regulatory expectations emphasise testing end-to-end service delivery, incorporating cyber threats, ICT disruptions, third-party failures, and operational breakdowns, with documented evidence of remediation and continuous improvement.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding platform outage due to cyberattack (DDoS) |
Inability to onboard new customers; revenue loss; reputational impact |
Failover to alternate onboarding channels; DDoS protection testing reports; onboarding backlog recovery plan |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
Third-party KYC service provider failure |
Delayed verification; regulatory breach risk |
Alternate KYC provider activation; manual KYC procedures; vendor SLA testing |
|
1.3 |
Account Approval and Opening |
Core banking approval workflow system failure |
Account opening delays; customer dissatisfaction |
Manual approval workflows, system recovery drills, and audit logs of fallback approvals |
|
1.4 |
Initial Funding and Deposit Booking |
Payment gateway disruption during account funding |
Failed or delayed deposit booking; reconciliation issues |
Payment rerouting procedures; reconciliation controls; transaction retry mechanisms |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
Erroneous parameter configuration due to system patch failure |
Incorrect interest/fees applied; financial loss |
Configuration validation controls; rollback procedures; change management testing |
|
1.6 |
Deposit Transactions Processing |
Core banking system outage (ICT failure) |
Inability to process deposits, liquidity, and customer impact |
Core system DR testing; batch processing recovery evidence; system redundancy validation |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM/POS network outage due to telecom failure |
Customers are unable to access funds; high complaints |
Multi-network routing; ATM offline mode testing; telecom redundancy validation |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system compromise (cyber breach) |
Data integrity risk; service delays |
Cyber incident response drills, access control reviews, and data restoration testing |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch job failure in interest computation |
Incorrect balances; customer disputes |
Batch job monitoring; reprocessing capability testing; reconciliation reports |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Data warehouse outage affecting reporting |
Inability to generate statements; regulatory reporting delays |
Backup reporting systems; data replication testing; customer notification protocols |
|
1.11 |
Digital Account Access and Channel Integration |
Mobile/online banking outage due to cyberattack (ransomware) |
Customers unable to access accounts; reputational damage |
Cyber recovery drills, secure backups, and incident response playbooks |
|
1.12 |
ATM and Card-Based Access Management |
Card management system failure or card network breach |
Card transactions declined; fraud exposure |
Card switch failover testing; fraud detection tuning; network segmentation controls |
|
1.13 |
Account Reconciliation and Exception Handling |
Reconciliation system failure or data mismatch event |
Financial misstatements; delayed exception resolution |
Automated reconciliation reruns; exception handling procedures; audit trail verification |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Erroneous account freezing due to a system error |
Customer access disruption; complaints escalation |
Control validation checks; override procedures; periodic audit testing |
|
1.15 |
Fraud Monitoring and Transaction Surveillance for Deposit Accounts |
Failure of the fraud detection engine during a cyber incident |
Undetected fraudulent transactions; financial loss |
Real-time fraud monitoring failover; rule tuning; SOC escalation testing |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Contact centre outage due to system or facility disruption |
Increased unresolved complaints; regulatory breach risk |
Alternate contact centre activation; call rerouting testing; service recovery KPIs |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
Regulatory reporting system outage or data corruption |
Non-compliance with BSP reporting timelines |
Manual reporting procedures; regulatory communication protocols; data validation testing |
|
1.18 |
Incident Response, Business Continuity, and Recovery |
Major cyberattack + data centre outage (combined scenario) |
Prolonged service disruption; breach of impact tolerance |
End-to-end BCP/DR exercises; crisis management drills; recovery time validation |
Link to Integration of Cyber and ICT Risks
Across all Sub-CBS, scenario testing explicitly integrates Cyber and ICT Risks, including:
- Cyber threats: ransomware, phishing, DDoS, insider threats
- ICT failures: core banking outages, network failures, data corruption
- Third-party risks: fintech providers, telecoms, cloud services
- Data risks: integrity, confidentiality, and availability
In line with regulatory expectations, scenario testing must demonstrate:
- End-to-end service resilience, not just system-level recovery
- Cross-functional coordination (IT, Operations, Risk, Compliance)
- Ability to remain within impact tolerance thresholds
- Continuous improvement through lessons learned
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing for CBS-1 Deposit and Account Services enables Asia United Bank Corporation to move beyond theoretical planning into validated operational resilience capabilities.
By simulating severe but plausible disruptions—particularly those involving cyber and ICT risks—the bank can identify weaknesses, validate recovery strategies, and strengthen its ability to maintain critical services.
Aligned with BSP Circular No. 1203 Series of 2024, the outcomes of these tests provide tangible evidence of resilience, ensuring that the bank is prepared not only to respond to disruptions but to continue delivering essential services to customers and the financial system with minimal impact.
![[OR] [AUB] [PH] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/ad189b59-9714-422a-8f70-20f125f2cafa.png)
![[OR] [AUB] [PH] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/c4b0a569-fbce-4bc0-a1d6-6707a9e2a306.png)
![[OR] [AUB] [PH] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/7f4f751f-3ddd-432e-8de9-03b9907dadfe.png)
![[OR] [AUB] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/3cd097d6-6ff0-4904-8177-0932f07a9d36.png)
![[OR] [AUB] [PH] [E3] [CBS] [1] [SuPS] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/12b25a4b-3be3-4c87-a750-db91e0872c64.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
