![[OR] [BB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/bbedab3d-a991-4956-b3f1-f5d4aa873c6e.png)
CBS-1 Digital Account Access & Management
Introduction
Operational Resilience regulations require financial institutions to identify their 
Critical Business Services (CBS) and map the processes and resources required to deliver those services within defined impact tolerances.
As explained in the operational resilience framework under Mapping of Processes and Resources, this exercise ensures that an organisation understands:
- How each service is delivered end-to-end
- Which internal and external resources support delivery
- Where vulnerabilities and single points of failure exist
- What must be tested during scenario testing
- Disruption impacts customers and the wider financial system
For Boost Bank, CBS-1 Digital Account Access & Management is a core customer-facing critical service. It enables customers to onboard digitally, authenticate securely, manage account information, integrate embedded banking services, and receive alerts — all through digital channels.
The following mapping identifies the supporting Processes, People, Technology, Third-Party Vendors, and Dependencies for each Sub-CBS under CBS-1, in compliance with operational resilience expectations.
![Banner [Table] [OR] [E3] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/8a44ad9d-681b-48ff-90b1-b994a1c12a64.png)
Table P3: Map Processes and Resources for CBS-1
|
Sub-CBF Code |
Sub-CBS |
Processes |
People |
Technology (Applications & Infrastructure) |
Third-Party Vendors |
Upstream / Downstream Dependencies |
|
1.1 |
Account Onboarding & Registration |
• Digital application submission• eKYC verification• AML/CFT screening• Customer due diligence (CDD)• Account creation in Core Banking System (CBS)• Welcome notification dispatch |
• Digital Banking Team• Compliance & AML Officers• Customer Operations• IT Application Support |
• Mobile App / Web Portal• Core Banking System (CBS)• eKYC platform• CRM system• API Gateway• Cloud hosting infrastructure |
• eKYC provider• AML screening vendor• Cloud hosting provider• SMS/Email gateway provider |
Upstream: National ID database, credit bureau Downstream: Account funding, card issuance, transaction processing |
|
1.2 |
Authentication & Access Control |
• User credential validation• Multi-factor authentication (MFA)• Biometric verification• Role-based access control (RBAC)• Session token issuance |
• Cybersecurity Team• IAM Administrators• IT Operations |
• Identity & Access Management (IAM) system• MFA engine• Biometric authentication module• Firewall & WAF• Encryption services |
• MFA service provider• Biometric SDK vendor• Cloud IAM provider |
Upstream: Customer registration data Downstream: All digital transactions & profile access |
|
1.3 |
Profile & Account Maintenance |
• Customer detail updates• Beneficiary management• Account settings configuration• Limits management• Data validation & approval workflows |
• Customer Service• Operations Team• Data Governance Team |
• Core Banking System• CRM platform• Mobile/Web App• Database servers |
• CRM vendor• Cloud database provider |
Upstream: Authentication service Downstream: Payments, transfers, compliance monitoring |
|
1.4 |
Embedded Banking Integration |
• API integration with partners• Consent management• Data sharing validation• Partner transaction processing |
• API Management Team• Partnerships Team• IT Integration Engineers |
• API Gateway• Open Banking APIs• Consent Management System• Middleware platform |
• Fintech partners• API management provider• Open banking platform vendor |
Upstream: IAM authentication Downstream: Partner platforms, payment rails |
|
1.5 |
Security & Fraud Monitoring |
• Real-time transaction monitoring• Behavioural analytics• Fraud alert generation• Suspicious Activity Reporting (SAR)• Incident escalation |
• Fraud Operations Team• SOC (Security Operations Centre)• Compliance Team |
• Fraud Detection System• SIEM platform• AI/ML analytics engine• Case management system |
• Fraud analytics vendor• Threat intelligence provider |
Upstream: Transaction data feeds Downstream: Account suspension, regulatory reporting |
|
1.6 |
Password & PIN Reset / Recovery |
• Identity re-verification• OTP validation• Secure credential reset• Audit logging |
• Customer Support• IT Security Team |
• IAM system• OTP engine• SMS gateway• Encryption services |
• SMS/OTP provider• Identity verification vendor |
Upstream: Customer authentication records Downstream: Restored account access |
|
1.7 |
Device & Session Management |
• Device registration• Device fingerprinting• Session monitoring• Auto timeout enforcement• Device deactivation |
• IT Security Team• Cybersecurity Analysts |
• Mobile Device Management (MDM)• Session management server• Fraud analytics tools |
• Device fingerprinting vendor• Mobile SDK provider |
Upstream: Authentication service Downstream: Fraud monitoring system |
|
1.8 |
Alerts & Notification Services |
• Transaction alerts• Security notifications• Marketing notifications (opt-in)• System outage notifications |
• Customer Communications Team• IT Operations |
• Notification engine• SMS gateway• Email server• Push notification service |
• SMS provider• Email delivery vendor• Push notification service provider |
Upstream: Core Banking eventsDownstream: Customer response / fraud escalation |
|
1.9 |
Regulatory Compliance & Logging |
• Activity logging• Audit trail generation• Regulatory reporting• Data retention management• Access review |
• Compliance Team• Risk Management• Internal Audit• IT Security |
• Log management system• SIEM• Data warehouse• Reporting tools |
• Regulatory reporting software vendor• Cloud storage provider |
Upstream: All system activity logs Downstream: Regulators, internal audit committees |
|
1.10 |
Service Availability & Continuity Management |
• System health monitoring• Incident management• Disaster recovery activation• Backup restoration• Business continuity communication |
• IT Operations• Business Continuity Team• Incident Response Team• Senior Management |
• Monitoring tools• Redundant cloud infrastructure• Backup systems• DR site• Network infrastructure |
• Cloud infrastructure provider• DR hosting provider• Network service provider |
Upstream: Infrastructure providers Downstream: All digital banking services & customer access |
Operational Resilience Alignment
This mapping supports operational resilience by:
- Identifying Critical Supporting Resources
Clarifies which people, systems, and vendors are essential to maintain Digital Account Access & Management.
- Highlighting Single Points of Failure
Example:
- Dependency on single cloud provider
- Single MFA vendor
- Centralised IAM system
- Supporting Scenario Testing
Enables structured testing of scenarios such as:
- Cyberattack on authentication system
- Cloud service outage
- Third-party eKYC provider failure
- Fraud system malfunction
- Data breach incident
- Facilitating Impact Tolerance Validation
Assesses:
- Maximum tolerable downtime for login access
- Acceptable delay in onboarding
- Maximum disruption to fraud detection
- Enabling Remediation Planning
Supports decisions on:
- Redundancy improvements
- Vendor diversification
- Backup authentication methods
- Enhanced monitoring controls
![Banner [Summing] [OR] [E3] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/61e5330e-051c-4874-b6da-a1be8393c283.png)
The mapping of processes and resources for CBS-1 Digital Account Access & Management provides Boost Bank with a structured, end-to-end view of how its digital customer access services are delivered and sustained.
By systematically linking each Sub-CBS to its supporting:
- Processes
- People
- Technology
- Third-party providers
- Upstream and downstream dependencies
Boost Bank strengthens its ability to:
- Identify operational vulnerabilities
- Design effective scenario testing
- Validate impact tolerances
- Enhance business continuity planning
- Meet regulatory expectations for operational resilience
This mapping forms the foundation for subsequent scenario testing, vulnerability assessment, and resilience enhancement planning, ensuring that Boost Bank can continue delivering secure and reliable digital banking services even during severe but plausible disruptions.
For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
