![x [OR] [BC] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/7a61d5e2-839c-40e6-b26f-6b288e5eb16f.png)
CBS-1 Retail Deposit & Account Services
Introduction
![[OR] [BC] [PH] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/4fb08be9-c33e-4c62-b11a-7094f5d4472d.png)
For Bank of Commerce, scenario testing for CBS-1 Deposit and Account Services should be designed to verify that the bank can maintain this critical business service within its defined disruption tolerances during severe but plausible events.
BCM Institute describes scenario testing as an exercise focused on assessing whether an organisation can remain within impact tolerances under disruptive conditions, with emphasis on response and recovery arrangements rather than prevention alone.
BSP Circular No. 1203 similarly requires Philippine banks to identify critical operations, set tolerance for disruption, map dependencies, and test resilience through severe but plausible scenarios.
For BankCom, this is particularly relevant because deposit and account services are delivered through a mix of branch operations, online banking, debit-card and ATM access, and interbank/payment connectivity.
Public BankCom information shows support for deposit accounts, online banking transactions, Mastercard debit cards, BancNet-linked services, and occasional planned maintenance affecting these channels.
That operating model means scenario testing should cover people, processes, technology, third parties, and the integration of cyber/ICT risk across the full deposit-service chain.
The table below is a recommended scenario-testing design for Bank of Commerce’s CBS-1. It is an applied interpretation of BCM Institute’s scenario-testing approach, BSP Circular No. 1203, and BankCom’s public service-channel profile.
The test themes are therefore practical recommendations for a Philippine bank rather than quotations from a regulator.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Branch-front-end outage during peak account opening; document imaging failure; branch connectivity loss |
Delayed customer onboarding, application backlog, and incomplete capture of required records |
Offline account application pack, branch fallback procedure, deferred upload testing, queue transfer to alternate branch or central processing |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
KYC/AML screening engine outage; sanctions-screening feed failure; false-positive surge after rules update |
New account opening halted, compliance backlog, increased manual-review volume |
Manual screening protocol, secondary watchlist access, exception approval matrix, recovery test for queued screenings |
|
1.3 |
Account Approval and Opening |
Workflow approval engine failure; database lock affecting account-number generation; maker-checker access disruption |
Approved accounts cannot be activated, customer access is delayed, and the operational backlog |
Manual approval contingency, controlled account activation workaround, post-restoration reconciliation test |
|
1.4 |
Initial Funding and Deposit Booking |
Core banking unavailable during first deposit; check-clearing file delay; teller-posting interruption |
Funds not posted on time, customer complaints, balancing and suspense-item growth |
Manual receipting, deferred posting script, teller outage drill, end-of-day catch-up and reconciliation validation |
|
1.5 |
Product Setup and Account Parameter Maintenance |
Incorrect rate/fee parameter deployment; failed release rollback; unauthorised parameter change attempt |
Misapplied charges or interest, downstream transaction and reporting errors |
Release approval workflow, rollback rehearsal, parameter verification checklist, privileged-access monitoring |
|
1.6 |
Deposit Transactions Processing |
Core banking crash at payroll peak; transaction queue corruption; middleware/API failure between channels and ledger |
Deposit posting delays, incorrect balances, and broad customer-service disruption |
DR/failover exercise, transaction replay test, peak-load scenario, priority restoration runbook for deposit posting |
|
1.7 |
Withdrawal and Funds Access Processing |
Branch withdrawal processing outage; ATM authorisation interruption; telecom outage affecting cash access |
Immediate inability to access funds, high customer harm, and branch congestion |
Alternate branch cash-dispense process, manual exception authority, ATM/network failover test, customer advisory template |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM/customer master outage; profile-update sync failure; branch servicing terminal disruption |
Delayed profile changes, missed customer instructions, and servicing backlog |
Manual maintenance log, prioritised urgent-request handling, sync-recovery test, controlled re-entry procedure |
|
1.9 |
Interest, Fees, and Charges Processing |
End-of-day batch failure; corrupted rate table; failed fee-waiver processing after outage |
Incorrect balances, customer disputes, possible conduct/compliance issues |
Batch restart drill, pre-run validation, automated comparison check, reversal and remediation workflow testing |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Statement engine failure; passbook printer/network outage; balance-inquiry service inconsistency |
Customers cannot confirm balances or obtain records, rise in complaints and branch queries |
Alternate statement generation, branch exception script, regenerated report validation, balance-view fallback channel test |
|
1.11 |
Digital Account Access and Channel Integration |
DDoS attack on online banking; OTP service outage; identity/authentication platform failure |
Customers are unable to log in, transact, or verify balances digitally |
DDoS simulation, OTP fallback path, IAM failover test, degraded-mode customer communications exercise |
|
1.12 |
ATM and Card-Based Access Management |
BancNet or card-switch outage; ATM fleet network disruption; card hotlisting delay |
Cash withdrawals and card-based access are unavailable, resulting in high customer dissatisfaction |
Alternate routing test, emergency card-blocking drill, ATM cash-access contingency, vendor/escalation response exercise |
|
1.13 |
Account Reconciliation and Exception Handling |
Reconciliation engine failure after major outage; settlement-file mismatch; exception queue surge |
Unresolved breaks, delayed financial integrity checks, and downstream reporting risk |
Manual reconciliation pack, break-ageing threshold drill, prioritised resolution workflow, recovery of settlement files test |
|
1.14 |
Dormancy, Holds, and Account Restrictions Management |
Restriction-tagging failure; legal/fraud hold not applied due to system outage; unauthorised hold release attempt |
Fraud exposure, wrongful customer access denial, and compliance breach risk |
Emergency manual hold process, dual-authorisation test, audit-trail verification, urgent restriction restoration exercise |
|
1.15 |
Fraud Monitoring and Transaction Surveillance |
Fraud engine outage during active attack; SIEM/event ingestion failure; alert queue overload |
Delayed fraud detection, customer losses, and missed suspicious activity |
Manual monitoring surge playbook, event replay test, emergency account-block authority, 24x7 escalation drill |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Contact-centre outage during payment/channel incident; complaint case-management failure; surge in ATM/card disputes |
Customers are unable to report issues, experience slower recovery, and suffer reputational damage |
Alternate intake channels, branch complaint logging drill, surge-handling test, service-recovery communication templates |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
Data warehouse outage before reporting deadline; MIS extract corruption; inability to produce incident-management reporting |
Reporting delays or inaccuracies, governance concerns, and regulatory breach risk |
Manual regulatory reporting pack, data-lineage validation, deadline escalation drill, backup MIS extraction procedure |
|
1.18 |
Business Continuity and Service Recovery for Deposit Services |
Primary data-centre outage; prolonged telecom and power disruption; simultaneous cyber and channel incident |
Multiple deposit-service components are disrupted, risking breaching the tolerance for key customer services |
Full DR invocation exercise, crisis-management coordination test, alternate-site operations, dependency-based restoration sequencing |
Regulatory Operational Resilience Requirements for Bank of Commerce, with examples
Under BSP Circular No. 1203, Bank of Commerce is expected to identify its critical operations, establish tolerance for disruption, map interconnections and dependencies, and conduct testing against severe but plausible scenarios.
For Bank of Commerce, CBS-1 Deposit and Account Services is a clear candidate because public information indicates it supports deposit accounts, online banking access, debit card usage, ATM connectivity, and interbank payment transactions.
A practical BSP-aligned example would be testing whether BankCom can keep deposit posting, withdrawal access, digital login, and fraud monitoring within tolerance during a core banking outage or cyber incident.
Another would be testing third-party dependency failure, such as a BancNet-related outage, which BankCom has already shown can affect customer services during maintenance windows.
These are exactly the kinds of scenarios regulators expect banks to understand and rehearse, as they combine technology failure, external dependencies, customer harm, and recovery execution.
BSP’s framework also implies that scenario testing should not be limited to IT restoration alone.
It should demonstrate governance escalation, communication, customer impact management, readiness for manual workarounds, and the effectiveness of recovery arrangements across people, processes, technology, and third-party support.
For a deposit-service environment like BankCom’s, that means testing not just system recovery, but also branch fallback procedures, complaint handling during service outages, manual controls for restrictions and fraud cases, and restoration prioritisation across channels.
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing for CBS-1 Deposit and Account Services allows Bank of Commerce to move from mapping and tolerance-setting into operational proof.
The most important tests are those that challenge the bank’s ability to maintain customers’ access to deposits, balances, withdrawals, cards, and digital channels under disruption.
In practice, that means the highest-priority tests should centre on core banking interruption, ATM/card-network failure, digital banking outage, fraud-monitoring degradation, and full service recovery coordination.
Used well, this chapter becomes more than a documentation artefact.
It provides BankCom with a practical test agenda to validate whether response arrangements, manual fallbacks, DR capabilities, third-party escalation paths, and cyber/ICT controls are sufficient to keep CBS-1 within tolerance.
That is the operational resilience outcome BSP Circular No. 1203 aims for: not merely having plans, but being able to demonstrate that critical banking services can withstand, respond to, and recover from severe but plausible disruptions.
![x [OR] [BC] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/2922ffed-6e42-4c46-b0e8-489f39a4a569.png)
![[OR] [BC] [PH] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/7896e48f-2c2c-4ca2-b6c3-52367a2403c9.png)
![[OR] [BC] [PH] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/c6dc8baf-99d8-45c8-8672-e1160fd9d09d.png)
![[OR] [BC] [PH] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/ef57feb1-17e4-46c5-a61a-19dd399a0e0f.png)
![[OR] [BC] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/e90020ac-256e-4127-8607-ad544e9636c9.png)
![[OR] [BC] [PH] [E3] [CBS] [1] [SuPS] Deposit and Account Services (2)](https://no-cache.hubspot.com/cta/default/3893111/6f34529c-628a-451b-8c39-72d7da6efc6c.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
