In operational resilience terms, impact tolerance is not just a recovery target; it is the threshold that guides management on how quickly a critical service must be restored and how much data loss, transaction backlog, or customer detriment can be accepted.
For a Philippine bank, the regulator expects this tolerance setting to be tied to customer impact, transaction values and volumes, dependencies, security, and recovery capability.
BSP Circular No. 1203 also states that these tolerances should be tested against severe but plausible scenarios, reviewed and approved by the board, integrated into business continuity planning, and supported by assessments of third-party and public infrastructure dependencies.
This is especially relevant for BDO because its retail deposit services are delivered through branches, cards, online banking, and payment channels that support balance inquiry, transfers, bill payments, account maintenance, and other day-to-day customer services.
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.1 |
Customer Onboarding & Account Opening |
24 hours |
4 hours |
Moderate; delayed new account opening, branch backlog, lost sales opportunities |
Low to Moderate; onboarding delays may affect service commitments and record completeness |
Service / Compliance / Reputational |
Moderate |
Maintain alternate branch/manual intake and queue management; test backlog clearance |
|
1.2 |
Customer Identity Verification & Compliance Screening |
8 hours |
0–15 minutes |
High; customers cannot be onboarded or updated |
High; KYC/AML/CFT screening cannot be bypassed without compliance risk |
Compliance / Service / Legal |
Moderate |
Strengthen real-time screening resilience, fallback procedures, and evidentiary logging |
|
1.3 |
Account Setup & Product Configuration |
8 hours |
15 minutes |
High; approved accounts cannot be activated correctly |
Moderate to High; configuration errors may cause product mis-selling or control failures |
Service / Financial / Compliance |
Moderate |
Dual-control validation, configuration rollback, and maker-checker recovery tests |
|
1.4 |
Initial Funding & Deposit Acceptance |
4 hours |
Near zero to 15 minutes |
High; customers cannot fund accounts, or the branch queues grow |
High posting gaps and cash control issues can arise |
Financial / Service / Reputational |
Moderate |
Ensure branch offline capture and same-day reconciliation capability |
|
1.5 |
Cash Withdrawal & Funds Access |
2 hours |
Near zero |
Very High; immediate customer hardship and possible panic/complaints |
High, prolonged inability to access funds may attract supervisory concern |
Customer Harm / Liquidity / Reputational |
Critical |
Prioritise ATM/branch continuity, cash contingency, channel failover, and incident playbooks |
|
1.6 |
Account Maintenance & Customer Information Update |
24 hours |
4 hours |
Moderate; customers cannot update records or preferences |
Moderate; outdated customer records may affect notifications and compliance |
Service / Compliance |
Moderate |
Provide branch-assisted manual update process and deferred batch processing |
|
1.7 |
Passbook, Debit Card, Chequebook & Credential Fulfilment |
3 business days |
1 day |
Moderate; inconvenience and delayed physical access to tools |
Moderate; security and fulfilment controls remain important |
Service / Reputational / Security |
Moderate |
Maintain vendor SLA monitoring, stock buffers, and urgent replacement path |
|
1.8 |
Digital Banking Access Management |
2 hours |
Near zero |
Very High; users cannot log in, reset credentials, or authenticate |
High; access-control failure may create fraud and security exposure |
Security / Service / Reputational |
Critical |
Harden IAM, OTP/push fallback, privileged access recovery, and customer comms |
|
1.9 |
Balance Inquiry, Statement & Account Information Services |
4 hours |
15 minutes |
High; customers lose visibility over funds and transactions |
Moderate; complaints and dispute volumes may increase |
Service / Reputational |
Strong to Moderate |
Expand read-only fallback and cached statement access where feasible |
|
1.10 |
Internal & External Account Transfers Linked to Deposits |
2 hours |
Near zero |
Very High; payment obligations may be missed |
High; transaction disruption affects customers and possibly external stakeholders |
Financial / Service / Reputational |
Critical |
Prioritise transfer engine recovery, queue replay, and cut-off management for InstaPay/PESONet |
|
1.11 |
Bills Payment & Scheduled Debit Services |
4 hours |
Near zero to 15 minutes |
High; customers may miss due dates or incur penalties |
High; customer detriment and complaints can escalate quickly |
Financial / Service / Reputational |
Moderate to Critical |
Maintain resubmission controls, cut-off extensions, and proactive exception handling |
|
1.12 |
Transaction Posting & Ledger Update |
2 hours |
Near zero |
Very High; balances become unreliable, and downstream services are affected |
Very High; financial record integrity is core to safe banking operations |
Financial / Control / Regulatory |
Critical |
Enforce zero/near-zero loss architecture, journaling, and rapid ledger recovery |
|
1.13 |
Interest, Fees & Charges Processing |
24 hours |
1 hour |
Moderate; delayed accruals or charges, but usually tolerable in the short term |
Moderate; errors may affect fair treatment and disclosures |
Financial / Compliance / Reputational |
Moderate |
Use controlled reruns, reconciliation checks, and customer remediation rules |
|
1.14 |
Exception Handling, Dispute & Error Resolution |
2 business days |
4 hours |
High, unresolved errors reduce trust and increase complaints |
High; dispute handling, timeliness and record keeping matter |
Customer Harm / Compliance / Reputational |
Moderate |
Create prioritised triage, case tracking resilience, and compensation workflow |
|
1.15 |
Fraud Monitoring & Protective Controls |
30 minutes |
Near zero |
Very High; fraud losses may escalate immediately if controls fail |
Very High; security and consumer-protection implications are significant |
Security / Financial Crime / Reputational |
Critical |
Ensure 24/7 monitoring, alert failover, rule replication, and manual blocking authority |
|
1.16 |
Reconciliation, Control & Financial Reporting Support |
End of business day |
1 hour |
Low direct immediate impact, but high latent control risk |
High, unresolved breaks can distort books and reports |
Control / Financial / Compliance |
Moderate |
Preserve end-of-day controls, exception dashboards, and finance-ops escalation |
|
1.17 |
Regulatory Reporting & Compliance Monitoring |
24 hours to regulatory deadline |
1 hour |
Low direct, immediate customer impact |
Very High; missed or inaccurate regulatory reporting is material |
Compliance / Legal / Reputational |
Moderate |
Map all reporting dependencies and maintain manual submission contingencies |
|
1.18 |
Service Continuity, Recovery & Incident Response for Deposit Services |
30 minutes activation; core recovery aligned to the affected service |
Near zero for critical logs and recovery records |
Very High if the response is delayed during the disruption |
Very High; this underpins the ability to remain within tolerance |
Resilience / Governance / Reputational |
Moderate to Critical |
Tighten invocation triggers, crisis roles, communication trees, and exercise cadence |
|
1.19 |
Dormancy, Restriction, Freeze & Closure Management |
1 business day |
15 minutes |
Moderate; customers may face inconvenience or access restrictions |
High; legal holds, sanctions, estate, fraud, and dormant-account rules apply |
Compliance / Legal / Service |
Moderate |
Strengthen controlled manual handling and audit trails for overrides |
|
1.20 |
Third-Party & Infrastructure Dependency Management for Deposit Services |
2 hours for critical dependency response; recovery depends on the impacted service |
Near zero for monitoring and incident data |
Potentially Very High where vendors or utilities affect multiple channels |
Very High; BSP expects management of third-party and public infrastructure dependencies |
Third-Party / Operational / Systemic |
Moderate |
Maintain substitute arrangements, vendor exit options, telecom/power contingencies, and dependency testing |
Establishing impact tolerances for CBS-1 Deposit and Withdrawal Services enables Bank Islam to anchor resilience planning around customer harm and regulatory outcomes, rather than internal recovery metrics alone.
The tolerances defined in this chapter clarify where disruption becomes unacceptable, guiding investment decisions, scenario testing, and response prioritisation.
By embedding these impact tolerances into operational resilience governance, Bank Islam strengthens its ability to:
• Protect customers’ continuous access to funds,
• Maintain data integrity and trust in Shariah-compliant services,
• Meet regulatory expectations during severe but plausible disruptions.
This foundation supports subsequent resilience activities, including dependency mapping, scenario testing, and remediation planning, ensuring Deposit and Withdrawal Services remain robust under stress and aligned with the bank’s strategic and regulatory obligations.
|
Building Operational Resilience: A Case Study of BDO Unibank |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Deposit & Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|