![[OR] [BDO] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/3f8a6a31-a3ca-4798-9331-15ec608ea41e.png)
CBS-1 Retail Deposit & Account Services
Introduction
For CBS-1 Retail Deposit & Account Services, the dependency mapping should show ![[OR] [BDO] [PH] [E3] [CBS] [1] [MD] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/cc58e114-abef-4c4c-8473-5951e6953aa9.png)
the end-to-end interconnections required to keep the service operating through disruptions.
BCM Institute’s guidance explains that mapping should identify the dependencies and connections across people, processes, information, technology, facilities, and third-party service providers that support each critical business service.
BSP Circular No. 1203 aligns with this approach by requiring BSP-supervised financial institutions to identify critical operations, map their interconnections and interdependencies, and understand the supporting assets needed to continue service delivery during disruptions.
For a bank such as BDO Unibank, this is especially relevant because retail deposit servicing spans branch operations, account-opening workflows, compliance screening, ATM/debit card access, digital banking, transfers, bill payment, ledger posting, fraud controls, reconciliation, reporting, and incident response.
The table below is a practical dependency map for BDO Unibank’s CBS-1 Retail Deposit & Account Services, using the listed Sub-CBS activities and structured around the dependency categories you requested: People, Process, Technology, and Third Party.
The examples are tailored to BDO’s publicly visible retail banking model, including branch-based account servicing, passbook and checking products, debit-card-linked access,
BDO Online/BDO Pay access, send money, pay bills, statements, and linked deposit account transactions.
![Banner [Table] [OR] [E3] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/8a44ad9d-681b-48ff-90b1-b994a1c12a64.png)
Table P2: Map Dependency for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Dependency Type |
Dependency Detail (What/Who is involved) |
Connectivity (How it connects/interacts with the CBS or other components) |
|
1.1 |
Customer Onboarding & Account Opening |
People |
Branch sales staff, customer service officers, relationship staff, operations approvers |
Frontline staff collect customer data and documents, initiate onboarding workflow, and hand off to compliance screening, account setup, and fulfilment. |
|
Process |
Customer application intake, form completion, consent capture, and account-opening approval workflow |
Starts the deposit-service lifecycle and feeds 1.2 identity screening, 1.3 account setup, and 1.4 initial funding. |
||
|
Technology |
Branch onboarding platform, document capture/scanning, customer master file, workflow tools |
Captures and stores onboarding data for screening, approval, account creation, and downstream servicing. |
||
|
Third Party |
ID validation sources, courier/document vendors, telecom connectivity providers |
External services support document verification, communications, and physical delivery where required. |
||
|
1.2 |
Customer Identity Verification & Compliance Screening |
People |
Compliance officers, AML/KYC analysts, branch verifiers, risk reviewers |
Validate customer identity, screen alerts, and approve or escalate exceptions before account activation. |
|
Process |
KYC, customer due diligence, sanctions/PEP screening, name screening, exception handling |
Mandatory gate before 1.3 account setup and 1.4 funding; also links to 1.17 regulatory reporting and 1.15 fraud monitoring. |
||
|
Technology |
Screening engines, customer-information systems, watchlist databases, case-management tools |
Automates customer verification and alert generation, with decisions passed to onboarding and compliance monitoring. |
||
|
Third Party |
Sanctions/watchlist data providers, bureau/data vendors |
Provide external reference data used in customer screening and adverse-match review. |
||
|
1.3 |
Account Setup & Product Configuration |
People |
Deposit operations staff, branch operations, product administrators |
Configure account type, features, limits, statement/passbook options, debit-card linkage, and customer preferences. |
|
Process |
CIF-to-account linking, product coding, account class assignment, service feature activation |
Converts approved onboarding into a usable deposit account and connects to 1.7 fulfilment and 1.8 digital access. |
||
|
Technology |
Core banking platform, product parameter tables, customer master database |
Creates the deposit account record and enables downstream posting, fees, reporting, and access channels. |
||
|
Third Party |
Card personalisation partners, form-printing vendors, where applicable |
Supports the issuance of linked instruments once the account is established. |
||
|
1.4 |
Initial Funding & Deposit Acceptance |
People |
Tellers, branch cash custodians, operations checkers |
Receive and verify opening deposits, cash, or funding instructions. |
|
Process |
Cash acceptance, transfer-based funding, validation, posting, and receipt issuance |
Funds the newly opened account and triggers posting of the 1.12 transaction and a ledger update. |
||
|
Technology |
Teller platform, cash transaction systems, core banking, and receipt generation |
Records deposit acceptance and updates available balance. |
||
|
Third Party |
Cash logistics providers, payment rails for transferred opening funds |
Support physical cash movement and non-cash funding channels. |
||
|
1.5 |
Cash Withdrawal & Funds Access |
People |
Tellers, branch service teams, ATM support teams, and branch managers for overrides |
Enable customer cash access through branch and self-service channels. |
|
Process |
Withdrawal authorisation, balance check, signature/PIN verification, cash release |
Depends on 1.12 posting, 1.15 fraud controls, and available balances from core banking. |
||
|
Technology |
ATM network, teller system, debit-card authorisation platform, core banking |
Connects account balances to physical withdrawal channels and updates balances after successful transactions. |
||
|
Third Party |
ATM network providers, card scheme partners, cash-in-transit vendors, telecom/power utilities |
Support continuous access to funds, especially via ATM and card-based channels. |
||
|
1.6 |
Account Maintenance & Customer Information Update |
People |
Branch servicing staff, customer-contact centre staff, operations reviewers |
Handle address, contact, specimen signature, mandate, and profile updates. |
|
Process |
Customer request intake, validation, approval, change control, and audit logging |
Keeps customer records accurate for statements, alerts, compliance, and fraud controls. |
||
|
Technology |
Customer master systems, service-request workflow, document imaging repository |
Pushes approved changes to core banking, alerts, and digital access platforms. |
||
|
Third Party |
SMS/email providers, document vendors |
Used where customer notifications or supporting documentation workflows are needed. |
||
|
1.7 |
Passbook, Debit Card, Chequebook & Credential Fulfilment |
People |
Branch fulfilment staff, card operations, cheque processing staff |
Manage issuance, release, replacement, and tracking of customer access instruments. |
|
Process |
Request processing, personalisation, inventory control, release/authentication |
Enables customer access to deposit balances and payment functionality, linking to 1.5, 1.8, and 1.11. |
||
|
Technology |
Card management systems, inventory systems, and branch fulfilment tools |
Tracks issuance status and links credentials/cards to the deposit account. |
||
|
Third Party |
Card personalisation bureaus, cheque printers, courier providers |
Critical external dependencies for physical instrument production and delivery. |
||
|
1.8 |
Digital Banking Access Management |
People |
Digital-banking support teams, IAM/security teams, customer support agents |
Enrol, reset, unlock, and support customer digital access. |
|
Process |
Enrollment, authentication setup, password reset, OTP/device binding, account linking |
Connects deposit accounts to BDO Online/BDO Pay for inquiry, transfer, and bill payment. |
||
|
Technology |
Online banking platform, mobile app, IAM, MFA/OTP, device registration tools |
Provides secure access to balances, statements, transfers, and pay-bill capabilities. |
||
|
Third Party |
OTP/SMS providers, telecom networks, cloud/security services |
External services are required for authentication and continuity of customer access. |
||
|
1.9 |
Balance Inquiry, Statement & Account Information Services |
People |
Branch staff, call-centre agents, statement operations staff |
Support customer requests for balance confirmation, statements, and account information. |
|
Process |
Balance retrieval, statement generation, passbook update, and customer inquiry handling |
Depends on current ledger data from 1.12 and fee/interest adjustments from 1.13. |
||
|
Technology |
Core banking inquiry modules, statement generation engine, online banking, and passbook printers |
Presents account data through branch, digital, and document channels. |
||
|
Third Party |
Print/mail vendors, email/SMS providers |
Used for statement distribution and customer notifications where applicable. |
||
|
1.10 |
Internal & External Account Transfers Linked to Deposits |
People |
Branch operations staff, payments operations, digital support teams |
Support transfer initiation, review, approval, and exception handling. |
|
Process |
Own-account transfer, intrabank transfer, interbank transfer, limit checks, and authorisation |
Links deposit services to payment rails and requires available balances, fraud checks, and posting. |
||
|
Technology |
Core banking, digital channels, transfer gateway, payment switch, and authorisation systems |
Connects deposit accounts to transfer functionality, including other banks or wallets. |
||
|
Third Party |
Interbank networks, payment operators, telecom providers |
External rails are essential for completing off-us transfers and for status updates. |
||
|
1.11 |
Bills Payment & Scheduled Debit Services |
People |
Payments operations, customer service staff, and digital support staff |
Handle biller setup issues, failed payments, and customer inquiries. |
|
Process |
Biller selection, payment authorisation, standing instruction/scheduled debit processing |
Uses deposit balances to settle billers and depends on 1.12 posting and 1.15 controls. |
||
|
Technology |
Bill-pay platform, scheduler, online/mobile banking, core banking integration |
Enables account-linked utility, merchant, and recurring payments. |
||
|
Third Party |
Billers, aggregators, clearing/payment partners |
External parties receive funds and provide payment confirmation or exception files. |
||
|
1.12 |
Transaction Posting & Ledger Update |
People |
Deposit operations staff, finance/control staff, and IT support for core banking |
Oversee accuracy, exception correction, and end-of-day integrity of postings. |
|
Process |
Real-time or batch posting, balance update, day-end processing, suspense handling |
Central accounting backbone for nearly all other Sub-CBS activities. |
||
|
Technology |
Core banking ledger, batch scheduler, transaction-processing engines, database platforms |
Updates balances and transaction history consumed by inquiry, transfer, fee, and reporting services. |
||
|
Third Party |
Infrastructure/ data-centre providers, database support vendors |
Support resilience and availability of the posting environment. |
||
|
1.13 |
Interest, Fees & Charges Processing |
People |
Product operations, finance staff, and deposit operations analysts |
Monitor product rules, charge reversals, and account profitability controls. |
|
Process |
Interest accrual, service fee assessment, penalty charging, waiver/reversal workflow |
Relies on product configuration and transaction history; feeds statements, complaints, and reporting. |
||
|
Technology |
Product parameter engine, core banking calculations, batch jobs |
Calculates and posts periodic interest and charges to customer accounts. |
||
|
Third Party |
Tax/reference data sources, if needed, outsourced platform support |
Support accurate rule maintenance and processing continuity. |
||
|
1.14 |
Exception Handling, Dispute & Error Resolution |
People |
Branch officers, complaints teams, operations investigators, and supervisors |
Review posting errors, failed transactions, customer disputes, and service complaints. |
|
Process |
Case intake, investigation, adjustment posting, root-cause analysis, customer communication |
Connects with 1.12 postings, 1.15 fraud controls, 1.16 reconciliation, and 1.18 incident response. |
||
|
Technology |
Case-management tools, transaction logs, reconciliation tools, CRM platforms |
Used to trace transactions, document findings, and implement corrective actions. |
||
|
Third Party |
Network/payment partners, vendors involved in failed transactions |
Needed when disputes involve external channels, service providers, or shared networks. |
||
|
1.15 |
Fraud Monitoring & Protective Controls |
People |
Fraud analysts, security operations teams, branch staff, and investigators |
Monitor suspicious activity and intervene through holds, alerts, escalations, or customer callbacks. |
|
Process |
Alert generation, transaction monitoring, investigation, account restriction, escalation |
Protects withdrawals, transfers, digital access, and account maintenance activities. |
||
|
Technology |
Fraud-monitoring engines, behavioural analytics, authentication controls, alert systems |
Consumes transaction and login data from deposit channels to identify abnormal activity. |
||
|
Third Party |
External fraud-intelligence feeds, telecom/SMS providers, cybersecurity vendors |
Support OTP delivery, threat intelligence, and stronger fraud detection. |
||
|
1.16 |
Reconciliation, Control & Financial Reporting Support |
People |
Finance teams, operations control teams, recon analysts, internal control staff |
Perform daily balancing, exception review, GL substantiation, and control certification. |
|
Process |
Nostro/internal reconciliation, branch balancing, suspense clearance, control attestation |
Confirms the integrity of postings from 1.12 and supports 1.17 reporting. |
||
|
Technology |
Reconciliation tools, GL systems, core banking extracts, MIS/reporting tools |
Matches transaction sources to ledgers and flags variances for correction. |
||
|
Third Party |
External settlement/network files, outsourced reconciliation support if any |
External inputs are needed where transactions cross network or vendor platforms. |
||
|
1.17 |
Regulatory Reporting & Compliance Monitoring |
People |
Compliance, regulatory reporting teams, finance, AML officers |
Prepare and review required internal and external compliance outputs. |
|
Process |
Regulatory data extraction, monitoring, breach/escalation workflow, and report submission |
Depends on accurate customer, transaction, fraud, and financial-control data. |
||
|
Technology |
Regulatory reporting tools, MIS, data warehouse, case-management systems |
Consolidates deposit-service data for compliance monitoring and submission. |
||
|
Third Party |
Regtech vendors, submission gateways, and external data utilities |
Provide supporting services for report generation, validation, or submission. |
||
|
1.18 |
Service Continuity, Recovery & Incident Response for Deposit Services |
People |
BCM team, crisis managers, IT recovery teams, operations heads, communications teams |
Coordinate response, recovery, escalation, and decision-making during disruption. |
|
Process |
Incident response, service recovery, workaround activation, continuity invocation, crisis communication |
Orchestrates the restoration of all essential deposit-service components within set tolerances. |
||
|
Technology |
DR platforms, backup systems, monitoring tools, service management tools |
Supports failover, restoration, incident tracking, and recovery of critical deposit operations. |
||
|
Third Party |
DR site vendors, telco/power providers, critical service providers, cloud/infrastructure vendors |
External resilience of utilities and service providers directly affects deposit-service continuity. |
||
|
1.19 |
Dormancy, Restriction, Freeze & Closure Management |
People |
Branch officers, compliance, legal, and deposit operations |
Review and execute dormancy tagging, account restrictions, freezes, closures, and customer advisories. |
|
Process |
Dormancy control, freeze/restriction workflow, closure processing, residual-balance handling |
Interacts with fraud, compliance, customer maintenance, and reporting processes. |
||
|
Technology |
Core banking status controls, workflow systems, and case-management tools |
Enforces changes to account status and prevents unauthorised transactions. |
||
|
Third Party |
Legal/regulatory interfaces, courier/notification vendors where needed |
Support required notices, documentation, and external instructions. |
||
|
1.20 |
Third-Party & Infrastructure Dependency Management for Deposit Services |
People |
Vendor managers, procurement, IT infrastructure teams, and operational risk teams |
Oversee supplier performance, resilience requirements, and concentration risk. |
|
Process |
Vendor due diligence, contract management, resilience assessment, exit/substitution planning |
Ensures upstream providers can support deposit services during disruption and that fallback options exist. |
||
|
Technology |
Network monitoring, service-level dashboards, CMDB, dependency inventory |
Tracks which deposit-service components rely on specific vendors, networks, and infrastructure. |
||
|
Third Party |
Telecoms, power, cloud/data centre, card/personalisation vendors, payment networks, print/courier providers |
Represents the external dependency layer underpinning onboarding, servicing, access, payments, reporting, and recovery. |
Regulatory Requirements from BSP Circular No. 1203 Relevant to This Chapter
For a Philippine bank, BSP Circular No. 1203 makes this chapter more than a documentation exercise.
The Circular defines operational resilience as the ability to deliver critical operations through significant operational disruptions, and states that supporting assets include people, technology, information, facilities, internal processes, IT systems, clearing and settlement facilities, and outsourced services.
That definition directly supports the use of a dependency map that covers People, Process, Technology, and Third Party for each Sub-CBS.
The most relevant regulatory expectations for this deposit-service dependency map are:
-
Identify critical operations proportionate to the bank’s business
BSP states that identified critical operations drive the later steps of setting tolerance for disruption and mapping interconnections and interdependencies.
For BDO, retail deposit and account services would ordinarily qualify as critical operations because disruptions can materially affect customers’ ability to open accounts, access funds, make payments, and receive account information.
-
Map interconnections and interdependencies
The BSP self-assessment questions ask whether the BSFI has mapped the interconnections and interdependencies involving critical operations, identified the personnel responsible, and documented the key resources used to support the mapping.
That is exactly what this table is designed to evidence.
-
Include third-party dependencies and, where relevant, even fourth-party exposure
BSP says the first line should identify all resources needed in the end-to-end delivery of critical operations, including those provided by a third party and, in some cases, those sourced by that third party from other providers.
BSP also says that third-party arrangements affecting critical operations must include how the service will be maintained during disruptions, or how exit/substitution will occur if the provider fails.
-
Assess public infrastructure dependencies
BSP specifically notes that dependencies on public infrastructure, such as telecommunications, transportation, and energy, should be assessed for their impact on critical operations and disruption tolerance.
In practice, that affects BDO branch services, ATM availability, digital access, card services, and incident recovery.
-
Set and test tolerance for disruption
BSP requires tolerance for disruption to include, at a minimum, a time-based metric for restoring delivery before material harm occurs, and says this should be tested against severe but plausible scenarios.
For deposit services, examples could include tolerance for ATM cash access outages, branch deposit/withdrawal service, online balance inquiry, or interbank transfer availability.
-
Integrate dependency mapping into BCM, testing, and incident response
BSP requires BCM and business continuity exercises to cover critical operations, their interconnections, and key dependencies, and asks whether the BSFI has developed an incident response plan covering the disruption life cycle, delivery steps, and roles/responsibilities.
This means the dependency map should be usable during live incidents, not just for design documentation.
Examples of How BSP Requirements Apply to BDO’s Deposit Services
- For 1.5 Cash Withdrawal & Funds Access, the map should show teller teams, ATM services, card authorisation, telecom links, power, and cash logistics, as a disruption in any one of these can stop customers from accessing funds.
This aligns with BSP’s focus on critical operations, public infrastructure, and third-party dependencies. - For 1.8 Digital Banking Access Management, the map should show IAM, OTP/SMS delivery, app/web platforms, and telecom connectivity, as BDO publicly offers account access and transaction capabilities through BDO Online and BDO Pay.
- For 1.10 Internal & External Account Transfers and 1.11 Bills Payment, the map should explicitly include payment operators, billers, and interbank rails, as BDO publicly supports transfers to its own accounts, other BDO accounts, and other banks or wallets, as well as digital pay-bill functions.
- For 1.18 Service Continuity, Recovery & Incident Response, the map should identify recovery teams, backup infrastructure, telecoms, and critical service providers, as BSP expects incident response and BCM to preserve the delivery of critical operations during disruption.
![Banner [Summing] [OR] [E3] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/d9c4296b-54cd-48e0-ae66-b7f4a8a03ff7.png)
This dependency map translates CBS-1 Retail Deposit & Account Services from a high-level critical business service into a practical, end-to-end resilience view of what keeps the service running: the people who operate it, the processes that govern it, the technologies that enable it, and the third parties and public infrastructure that sustain it.
In line with BCM Institute’s dependency-mapping guidance and BSP Circular No. 1203, the value of this chapter lies in revealing how disruptions can propagate across onboarding, servicing, digital access, transfers, bill payments, posting, fraud controls, reporting, and recovery.
That visibility allows BDO Unibank to identify weak links, define tolerances, test severe but plausible scenarios, strengthen third-party oversight, and improve service continuity for deposit customers.
![[OR] [BDO] [PH] [E3] [CBS] [1] [DP] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/9ecaf9a8-a1b1-4d8c-ba7e-a7f2126a3f9e.png)
![[OR] [BDO] [PH] [E3] [CBS] [1] [MPR] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/23a5f245-0677-4aea-8a05-e4ced3a69fcd.png)
![[OR] [BDO] [PH] [E3] [CBS] [1] [ITo] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/646bc62a-7023-4544-894f-67ccff7ae379.png)
![[OR] [BDO] [PH] [E3] [CBS] [1] [SuPS] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/67e25ae3-3c4e-48d0-b6e7-ea5718dfa802.png)
![[OR] [BDO] [PH] [E3] [CBS] [1] [ST] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/e14ff2a1-48f2-4cd3-9924-d72a7bf84794.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
