As one of the largest universal banks in the Philippines, BDO Unibank provides a wide range of retail banking services, with Retail Deposit & Account Services forming a foundational critical business service (CBS) that underpins customer trust, financial stability, and day-to-day economic activity.
In the context of operational resilience, CBS-1 Retail Deposit & Account Services is an end-to-end service that enables customers to safely store funds, access liquidity, conduct transactions, and interact with the banking system across multiple channels, including branches, ATMs, and digital platforms.
Any disruption to this service can have immediate and widespread impact on customers, businesses, and the broader financial ecosystem.
Therefore, it is essential to break this high-level CBS into detailed business processes (Sub-CBS) to fully understand how the service is delivered, where dependencies lie, and how disruptions may propagate across interconnected components.
This chapter provides a structured decomposition of CBS-1 into its constituent Sub-CBS processes. This aligns with the expectations of BSP Circular No. 1203 (Operational Resilience), which requires banks to identify critical operations end-to-end and understand the interconnections, dependencies, and vulnerabilities that could affect service delivery.
The purpose of this chapter is to guide the reader in understanding how a high-level critical business service—Retail Deposit & Account Services—is translated into detailed, actionable processes (Sub-CBS) for operational resilience implementation.
By studying this breakdown, the reader will learn to identify and define the key operational components that collectively deliver the service, a prerequisite for performing dependency mapping, process and resource mapping, impact tolerance setting, and scenario testing.
This chapter is designed to equip practitioners to move beyond conceptual definitions of critical business services and into practical execution, where each process can be assessed for risk, resilience capabilities, and recovery requirements.
Ultimately, the reader should be able to apply a similar structured approach within their own organisation to support compliance with regulatory expectations and strengthen overall resilience.
Below is a practical Sub-CBS breakdown for CBS-1 Retail Deposit & Account Services for BDO Unibank.
It is framed as an illustrative operational resilience decomposition based on BDO’s publicly visible retail account offerings and access channels, and should be validated against BDO’s internal product, process, risk, operations, and technology architecture.
BDO publicly offers savings and checking accounts and provides digital account access through BDO Online, which supports the treatment of retail deposit and account services as a major customer-facing critical business service.
Table P1: Detailed Processes for CBS-1
|
Sub-CBS Code |
Name of Sub-CBS |
Description of Sub-CBS |
|
1.1 |
Customer Onboarding & Account Opening |
End-to-end process for opening retail deposit accounts, including branch-assisted and digital initiation, capture of customer information, product selection, documentary submission, and account creation workflow. |
|
1.2 |
Customer Identity Verification & Compliance Screening |
Verification of customer identity and completion of required compliance checks, such as KYC, sanctions/watchlist screening, customer due diligence, and risk-based acceptance, before account activation. |
|
1.3 |
Account Setup & Product Configuration |
Creation of the customer account in core banking and related systems, including account number generation, product coding, currency assignment, fee parameters, interest settings, account rules, and channel enablement. |
|
1.4 |
Initial Funding & Deposit Acceptance |
Processing of initial and subsequent deposit placements through branch, cash, cheque, transfer, or other accepted channels, with validation, posting, and availability rules. |
|
1.5 |
Cash Withdrawal & Funds Access |
Enabling customers to access deposited funds through branch withdrawals, ATM-linked access, debit mechanisms, and other authorised withdrawal channels, subject to controls and limits. |
|
1.6 |
Account Maintenance & Customer Information Update |
Processing customer-initiated changes such as contact details, signature updates, beneficiary-related information where applicable, account conversion, reactivation, dormancy handling support, and profile maintenance. |
|
1.7 |
Passbook, Debit Card, Chequebook & Credential Fulfilment |
Issuance and maintenance of customer access instruments and credentials associated with retail accounts, including debit cards, chequebooks, passbooks, where applicable, PIN/credential setup, replacement, and delivery controls. |
|
1.8 |
Digital Banking Access Management |
Registration, authentication, entitlement management, password reset, device enrollment, biometrics/passcode setup, and secure login/access controls for retail account use via online and mobile channels. |
|
1.9 |
Balance Inquiry, Statement & Account Information Services |
Provision of account information to customers, including balances, transaction history, account status, statements, certificates, and service inquiries through branch, contact centre, ATM, and digital channels. |
|
1.10 |
Internal & External Account Transfers Linked to Deposits |
Execution of customer instructions to move funds from deposit accounts to own accounts, third-party accounts, or other bank destinations, including validation, authorisation, posting, and status confirmation. |
|
1.11 |
Bills Payment & Scheduled Debit Services |
Processing of payments and standing or recurring instructions funded from retail deposit accounts, including validation, routing, posting, exception treatment, and customer notification. |
|
1.12 |
Transaction Posting & Ledger Update |
Accurate posting of deposits, withdrawals, fees, interest, adjustments, reversals, and other account events to the customer ledger and general accounting interfaces, with date/time and cutoff controls. |
|
1.13 |
Interest, Fees & Charges Processing |
Calculation and application of deposit interest, service fees, penalties, charges, and tax-related treatments in accordance with product terms, regulatory rules, and internal schedules. |
|
1.14 |
Exception Handling, Dispute & Error Resolution |
Management of failed, delayed, misposted, or disputed transactions; account access issues; customer complaints; investigation, correction, escalation, and communication until closure. |
|
1.15 |
Fraud Monitoring & Protective Controls |
Detection and response to suspicious account activity, abnormal access behaviour, mule/fraud indicators, unauthorised transactions, and account compromise, including holds, alerts, and coordinated investigation. |
|
1.16 |
Reconciliation, Control & Financial Reporting Support |
Daily and periodic reconciliation of account balances, transaction files, suspense items, branch/channel records, and control accounts to ensure completeness, accuracy, and timely issue resolution. |
|
1.17 |
Regulatory Reporting & Compliance Monitoring |
Capture and reporting of information required by regulators and internal compliance functions for deposit operations, consumer protection, AML/CFT obligations, operational incidents, and control monitoring. |
|
1.18 |
Service Continuity, Recovery & Incident Response for Deposit Services |
Preparedness, response, recovery, manual workarounds, alternate-channel servicing, and restoration procedures to sustain or recover retail deposit and account services during branch outage, cyber incident, system failure, telecom disruption, or third-party breakdown. |
|
1.19 |
Dormancy, Restriction, Freeze & Closure Management |
Handling dormant accounts, account restrictions, legal or compliance holds, closure requests, balance payout, records retention, and controlled termination of customer account relationships. |
|
1.20 |
Third-Party & Infrastructure Dependency Management for Deposit Services |
Oversight of outsourced or external services supporting retail deposit operations, such as telecoms, card/ personalisation vendors, document services, cloud/hosting, payment connectivity, utilities, and other critical service dependencies. |
For a Philippine bank, BSP Circular No. 1203 requires the bank to identify critical operations, set a tolerance for disruption, map interconnections and interdependencies, manage risks to delivery, integrate business continuity, and test delivery of critical operations under severe but plausible scenarios.
The Board is expected to approve the identified critical operations and the criteria used to identify them, and the identification process should cover the end-to-end activities necessary to deliver the service.
The Circular also expects banks to define disruption tolerance using at least one time-based metric, while considering other metrics, such as the number of affected customers and the volume/value of affected transactions.
It further states that tolerance should be tested against severe but plausible scenarios and reviewed by the Board.
On dependencies, the Circular requires mapping of interconnections and interdependencies and says the mapping should be harmonised with operational risk, third-party risk, business continuity, and ICT risk processes.
It also requires due diligence on third-party service providers, contingency or exit arrangements when a provider cannot meet the required tolerance, and an assessment of dependencies on public infrastructure such as telecommunications, transportation, and energy.
The Circular further requires that BCM and BCP capabilities be integrated into the operational resilience framework, with business impact analysis, recovery strategies, incident recovery guidance, communications, crisis management, and periodic exercises covering critical operations and their dependencies.
The scenarios should be realistic and may include pandemics, major cyber incidents, and failure of key service providers.
Applied to CBS-1 Retail Deposit & Account Services, BDO should treat the service as an end-to-end customer outcome rather than only a single system or branch process.
That means the Sub-CBS above should be mapped across branch operations, digital channels, authentication controls, core banking, payment links, reconciliation, fraud operations, contact centre support, and external providers.
This is consistent with the Circular’s requirement that critical operations be identified based on end-to-end delivery, not just on an individual person, process, or system.
Examples of resilience requirements for this CBS include:
The decomposition of CBS-1 Retail Deposit & Account Services into detailed Sub-CBS processes provides a critical foundation for operational resilience implementation at BDO Unibank.
By breaking down the service into its core operational components, the organisation gains visibility into how value is delivered to customers, where key dependencies exist, and which processes are most vulnerable to disruption.
This structured view enables the bank to progress to the next stages of the operational resilience lifecycle, including mapping dependencies and interconnections, identifying supporting resources (people, processes, technology, and third parties), and establishing impact tolerances for each component.
It also supports the design of severe but plausible scenarios and the execution of meaningful scenario testing, as required under BSP Circular No. 1203.
Ultimately, understanding these Sub-CBS processes is not an academic exercise but a practical necessity.
It ensures that BDO Unibank can continue to deliver essential retail banking services—even in times of disruption—thereby protecting customers, maintaining financial stability, and fulfilling its regulatory and societal responsibilities.
|
Building Operational Resilience: A Case Study of BDO Unibank |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Deposit & Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|