[OR] [BC] [E3] [CBS] [1] [ITo] Establish Impact Tolerances

CBS-1 Deposit & Account Services

Introduction

[OR] [BC] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services

Establishing impact tolerance for CBS-1 Deposit and Account Services helps Bank of Commerce define the maximum level of disruption it can withstand before customer harm, regulatory concern, or broader operational instability becomes unacceptable.

BCM Institute describes impact tolerance as the maximum tolerable level of disruption to a critical business service, including the maximum allowable unavailability period and the maximum tolerable data loss before the organisation’s viability or obligations are materially affected.

For a bank, this is especially important for deposit services, as these directly affect customer access to funds, transaction execution, account servicing, and confidence in the institution.

For Bank of Commerce, this chapter should be read together with BSP Circular No. 1203 (2024), which requires BSP-supervised financial institutions to identify critical operations, map interconnections and interdependencies, set tolerance for disruption, integrate business continuity and related risk disciplines, and progressively embed an operational resilience framework.

Publicly available BankCom information shows that the bank supports deposit accounts, debit-card access via Mastercard and BancNet, online banking for account management and transactions, and ongoing infrastructure modernisation, including disaster-recovery site upgrades.

Those service characteristics make CBS-1 a clear candidate for a structured impact tolerance assessment.

Table P4: Establish Impact Tolerance for CBS-1

Sub-CBS Code	Sub-CBS	Maximum Tolerable Downtime (MTD)	Maximum Tolerable Data Loss (MTDL)	Customer Impact	Regulatory Impact	Impact Type	Current Resilience Status	Action Required
1.1	Customer Onboarding and Account Application	1 business day	Up to 4 hours of non-finalised application metadata; no loss of submitted identity documents	Moderate inconvenience; delayed account opening but no immediate loss of access to existing funds	Moderate, especially if onboarding backlogs impair fair customer treatment or required controls	Service / Compliance	Partially resilient	Digitize intake fallback, enable branch-to-branch workload re-routing, and maintain offline capture with controlled later upload
1.2	Customer Identification and Verification (KYC/CDD)	8 hours	Nil for verified identity records; up to 1 hour for queued screening logs if reconstructible	High for new customers and for maintenance requests needing refreshed due diligence	High due to AML/CFT and customer due diligence obligations	Compliance / Financial Crime	Partially resilient	Strengthen alternate screening procedures, maintain replicated watchlist access, and define manual escalation for urgent onboarding
1.3	Account Approval and Opening	8 hours	Nil for approved account master data; up to 30 minutes for workflow queue state if recoverable	High for customers awaiting access to newly opened accounts	Moderate to high if prolonged disruption creates a processing backlog and service complaints	Service / Compliance	Partially resilient	Implement manual approval contingency, prioritize payroll and high-value client openings, and validate account activation recovery procedures
1.4	Initial Funding and Deposit Booking	4 hours	Near-zero for posted financial transactions; maximum 15 minutes for recoverable pending queue	High because funds may not be credited or available on time	High if posting integrity or safekeeping of funds is affected	Financial / Customer Harm	Needs strengthening	Enforce synchronous posting controls, strengthen branch contingency receipting, and test deferred posting reconciliation
1.5	Product Setup and Account Parameter Maintenance	1 business day	Nil for approved parameter records	Low immediate impact to most customers, but errors can cascade into fees, limits, and account behaviour	Moderate where misconfiguration affects product disclosure, charging, or consumer outcomes	Compliance / Operational	Partially resilient	Tighten change windows, dual authorization, rollback capability, and parameter validation after release
1.6	Deposit Transactions Processing	2 hours	Near-zero; maximum 5 minutes for uncommitted transaction data	Severe impact because customers may be unable to deposit, transfer, or see correct balances	High, as this is a core banking activity affecting critical operations	Financial / Customer Harm / Systemic	Critical but vulnerable	Set active-active or rapid failover target, prioritize peak-day capacity, and test recovery during salary and month-end periods
1.7	Withdrawal and Funds Access Processing	1 hour	Near-zero; no unrecoverable loss of authorisation or cash-dispense records	Severe and immediate, as customers may be unable to access cash or funds	High, particularly where prolonged loss affects critical banking access	Customer Harm / Reputation / Operational	Critical but vulnerable	Strengthen alternate channel routing, branch cash fallback, ATM switch failover, and manual exception handling
1.8	Account Servicing and Customer Maintenance	1 business day	Up to 2 hours for non-financial maintenance requests if auditable	Moderate inconvenience; updates to profiles and account details are delayed	Moderate if KYC refreshes, complaints, or notices are delayed	Service / Compliance	Partially resilient	Enable controlled manual servicing, improve CRM synchronization recovery, and maintain queue prioritization for high-risk cases
1.9	Interest, Fees, and Charges Processing	End of business day / next processing cycle	Nil for posted accrual and charge data; up to 30 minutes for batch staging if recoverable	Moderate, but could become high if incorrect fees or missing interest affect many customers	High where charging accuracy, disclosures, or consumer treatment are impacted	Financial / Conduct / Compliance	Partially resilient	Strengthen batch restart controls, pre-run validation, and automated reversal capability
1.10	Statement, Passbook, and Balance Reporting	1 business day for statements; 2 hours for balance inquiry	Up to 1 hour for regenerated report data; no unrecoverable ledger loss	Moderate to high, depending on whether customers lose real-time visibility to balances	Moderate if inaccurate reporting or delayed statements trigger complaints or disclosure issues	Service / Reputation	Partially resilient	Prioritize real-time balance inquiry over formal statement output, and maintain alternate statement generation procedures
1.11	Digital Account Access and Channel Integration	2 hours	Near-zero; no unrecoverable customer authentication or posted transaction loss	High because customers may lose online visibility and self-service capability	High when disruption affects a widely used channel for critical services	Customer Harm / Reputation / Cyber	Critical but vulnerable	Improve IAM/OTP redundancy, DDoS protections, channel failover, and customer advisory protocols
1.12	ATM and Card-Based Access Management	2 hours	Near-zero; no unrecoverable card authorisation or terminal transaction data	Severe, especially for cash access and off-branch usage	High where access to funds is constrained across ATM/card networks	Customer Harm / Third-Party / Reputation	Critical but vulnerable	Enhance switch resilience, network redundancy, cash replenishment continuity, and fallback withdrawal arrangements
1.13	Account Reconciliation and Exception Handling	End of the next business day	Up to 1 hour of exception queue metadata if source transactions remain intact	Low immediate impact, but unresolved breaks can later affect balances and disputes	High if unresolved breaks impair financial integrity or reporting accuracy	Financial / Control / Compliance	Partially resilient	Set tighter exception thresholds, automate break aging alerts, and test catch-up processing after outages
1.14	Dormancy, Holds, and Account Restrictions Management	4 hours for applying critical restrictions; 1 business day for non-urgent status updates	Nil for legal or compliance restriction records	High if fraud holds or legal restrictions cannot be applied in a timely manner, or if legitimate access is wrongly blocked	High because legal, fraud, and AML controls may be compromised	Compliance / Customer Harm	Partially resilient	Prioritize emergency restriction workflows, maintain manual hold capability, and ensure audit trails during fallback processing
1.15	Fraud Monitoring and Transaction Surveillance	30 minutes for high-risk alerts; 2 hours for lower-risk queues	Nil for confirmed alerts and cases; up to 15 minutes for buffered event data if replayable	Severe when suspicious activity is undetected, and customer losses increase	Very high because delayed fraud monitoring can lead to control failure and reportable incidents	Financial Crime / Customer Harm / Cyber	Critical but vulnerable	Improve real-time alerting resilience, SIEM/event replay, 24x7 escalation, and emergency block authority
1.16	Complaints, Disputes, and Service Recovery	1 business day for intake; 3 business days for prioritised operational resolution triage	Up to 4 hours for non-financial case notes if reconstructible	Moderate to high, depending on unresolved customer harm and transaction disputes	Moderate to high under consumer protection and complaint handling expectations	Conduct / Reputation	Partially resilient	Maintain alternate complaint channels, central log continuity, and predefined recovery scripts during incidents
1.17	Regulatory Reporting and Compliance Monitoring	By regulatory deadline; internal monitoring interruption not to exceed 1 business day	Nil for regulatory submissions; up to 1 hour for monitoring extracts if recoverable	Low direct customer impact, but indirect risk is high	Severe if reporting breaches, inaccurate submissions, or governance failures occur	Compliance / Governance	Partially resilient	Create manual reporting packs, strengthen data lineage, and predefine escalation to senior management for deadline risks
1.18	Business Continuity and Service Recovery for Deposit Services	Invocation within 30 minutes; critical service restoration sequencing within 2 hours for top-priority channels	Near-zero for recovery-point objective on core financial data; target zero unrecoverable loss for posted transactions	Severe if service recovery is delayed across deposit, ATM, and digital channels	Very high because this is the control layer that supports the resilience of the whole CBS	Enterprise / Operational Resilience	Developing but improving	Validate crisis invocation thresholds, test DR and alternate-site operations, and align recovery priorities to customer harm thresholds

Regulatory Alignment and Practical Examples

Under BSP Circular No. 1203 Series of 2024, RCBC must:

Define impact tolerances for each critical business service, using time-based and non-time-based metrics
Ensure tolerances reflect customer harm thresholds, not just system recovery objectives
Validate tolerances through scenario testing, including cyber incidents, system outages, and third-party failures

For example:

Sub-CBS 1.7 (Withdrawal Processing) requires an extremely low tolerance (≤1 hour) because of the immediate harm to customers if funds are inaccessible.
Sub-CBS 1.11 (Digital Access) reflects a high dependence on ICT and telecom infrastructure, requiring near-zero tolerance for downtime.
Sub-CBS 1.15 (Fraud Monitoring) must operate in near real time to meet regulatory expectations for financial crime prevention.

These examples demonstrate how regulatory expectations translate into measurable operational thresholds.

Setting impact tolerances for CBS-1 Deposit and Account Services gives Bank of Commerce a practical basis for deciding which deposit activities must be restored fastest, which data sets require near-zero loss, and where resilience investment should be concentrated.

The tightest tolerances should generally apply to services that directly determine customer access to funds and transaction integrity, especially deposit transaction processing, withdrawals, digital access, card-based access, fraud surveillance, and continuity invocation.

By contrast, administrative or back-office activities such as standard servicing updates, periodic statements, or parameter maintenance may tolerate slightly longer disruption, provided the delays do not create broader customer harm or compliance breaches.

From a regulatory perspective, this chapter supports the core expectations under BSP Circular No. 1203: identify critical operations, map dependencies, set tolerance for disruption, manage third-party and infrastructure risk, and integrate continuity and recovery capabilities.

For BankCom, the next step is to convert these indicative tolerances into board-approved thresholds, validate them through scenario testing, and refine them using actual service performance, customer usage, peak-volume behaviour, and recovery-test results.

That is what turns tolerance-setting from a documentation exercise into a working operational resilience control.

eBook 3: Starting Your OR Implementation
CBS-1 Deposit & Account Services
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SuPS	CBS-1 ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.