[OR] [BPI] [E3] [CBS] [1] [ITo] Establish Impact Tolerances

CBS-1 Deposit & Account Services

Introduction

[OR] [PNB] [PH] [E3] [CBS] [1] [ITo] Retail Deposit & Account Services

For BPI, CBS-1 Deposit and Account Services is a foundational, critical business service because it supports customers’ ability to open, maintain, access, fund, monitor, and control deposit relationships across branch, ATM, cash accept machine, and digital channels.

BPI’s scale, nationwide branch and ATM/CAM footprint, and broad retail and corporate banking services make disruption to deposit services highly visible and potentially systemic from a customer, prudential, and reputational standpoint.

BPI identifies itself as a leading financial services provider in the Philippines, with 1,173 branches and more than 2,700 ATMs and CAMs nationwide, and highlights digital banking as a core delivery channel.

Under BSP Circular No. 1203, banks are expected to identify critical operations, set clearly defined tolerances for disruption, and use both time-based and other quantitative or qualitative metrics,

including the potential number of affected customers and the volume or value of affected transactions. The BSP also requires these tolerances to be tested against severe but plausible scenarios and reviewed and approved by the board.

In the BCM Institute operational resilience guidance, impact tolerance is the maximum tolerable level of disruption to a critical business service, and it should be expressed through outcome-based measures such as downtime, data loss, financial/customer impact, and regulatory consequences.

The same guidance also stresses that impact tolerances should be documented, aligned with risk appetite, and periodically reviewed.

Purpose of this Chapter

Table P4: Establish Impact Tolerance for CBS-1

Sub-CBS Code	Sub-CBS	Maximum Tolerable Downtime (MTD)	Maximum Tolerable Data Loss (MTDL)	Customer Impact	Regulatory Impact	Impact Type	Current Resilience Status	Action Required
1.1	Customer Onboarding and Account Application	8 hours	30 minutes	Near-zero loss of submitted application data; re-entry is tolerable only for limited cases	Moderate to high inconvenience; delayed acquisition and onboarding	Moderate, especially if backlogs affect fair treatment and service accessibility	Customer / Operational / Reputational	Partially resilient	Enable alternate intake channels, queue management, and application resubmission controls
1.2	Customer Identification and Verification (KYC/CDD)	4 hours	15 minutes	Zero loss of identity records, screening results, and audit trail	High if legitimate customers cannot be verified promptly	High due to AML/CFT, sanctions, and customer due diligence obligations	Regulatory / Compliance / Operational	Partially resilient	Strengthen failover for screening tools, preserve evidence logs, and implement manual fallback verification procedures
1.3	Account Approval and Opening	4 hours	15 minutes	Zero loss of approval records and account creation audit trail	High; inability to open accounts affects customer access to banking	High where approval controls or maker-checker evidence are compromised	Regulatory / Customer / Operational	Partially resilient	Build controlled manual approval workflow and replicate approval logs across recovery sites
1.4	Initial Funding and Deposit Booking	2 hours	Near-zero to 15 minutes	Zero loss of posted funding entries	High; customers may fund accounts, but balances may not reflect	High because inaccurate deposit booking affects books and records	Financial / Customer / Regulatory	Needs strengthening	Prioritize real-time posting resilience, dual validation, and rapid reconciliation playbooks
1.5	Product Terms Setup and Account Parameter Maintenance	1 business day	30 minutes	Zero loss of rate tables, fees, account parameters, and authorisation logs	Medium to high; incorrect terms may affect pricing, access, or account behaviour	High if product governance and disclosure controls fail	Regulatory / Conduct / Operational	Partially resilient	Harden change control, versioning, rollback capability, and pre-approved emergency parameter changes
1.6	Deposit Transactions Processing	2 hours	Near-zero	Zero loss for completed transactions; in-flight items recoverable with full audit trail	Very high; customers cannot deposit, transfer internally, or post branch transactions reliably	High, especially where transaction integrity or records are affected	Customer / Financial / Systemic / Reputational	Critical priority	Maintain active-active or rapid failover, transaction replay capability, and real-time monitoring
1.7	Withdrawal and Funds Access Processing	1 hour	Near-zero	Zero loss of withdrawal debits/credits and authorisation records	Very high and potentially intolerable; direct effect on customer access to funds	Very high if prolonged disruption harms depositors or causes control breaches	Customer Harm / Liquidity Access / Reputational	Critical priority	Prioritize ATM, branch, and digital withdrawal recovery; set emergency cash-access alternatives
1.8	Account Servicing and Customer Maintenance	8 hours	30 minutes	Zero loss of customer maintenance records and approval history	Medium to high; customers may be unable to update profiles or service requests	Moderate to great if records become inaccurate or unauthorised changes occur	Customer / Regulatory / Data Integrity	Partially resilient	Improve workflow resilience, customer record synchronization, and maker-checker recovery controls
1.9	Interest, Fees, and Charges Processing	1 business day	30 minutes	Zero loss of accrual data, rate references, and posting calculations	Medium initially, rising to high if misposting persists	High due to fairness, disclosure, and books-and-records concerns	Financial / Conduct / Reputational	Generally resilient	Enhance batch rerun capability, tolerance thresholds, and post-processing reconciliation
1.10	Statement, Passbook, and Balance Reporting	8 hours for balance inquiry; 2 business days for statements/passbooks	30 minutes	Zero loss of ledger and statement source data	Medium: customers may tolerate delayed statements briefly, but balance visibility is important	Moderate to high where reporting inaccuracies affects disclosures or complaints	Customer / Reputational / Compliance	Generally resilient	Provide alternate balance inquiry channels and strengthen statement regeneration controls
1.11	Digital Account Access and Channel Integration	1 hour	Near-zero	Zero loss of credentials, access logs, and posted customer instructions	Very high; customers lose online/mobile visibility and control over accounts	High where prolonged outage affects availability, fraud risk, or complaint volumes	Customer / Cyber / Reputational	Critical priority	Improve channel redundancy, IAM resilience, OTP fallback, and integration monitoring
1.12	Reconciliation and Exception Management	End of business day	30 minutes	Zero loss of exception files, recon breaks, and investigation logs	Indirect customer harm unless unresolved exceptions affect balances or access	High if unresolved breaks impair financial integrity or reporting	Financial Control / Regulatory / Operational	Partially resilient	Automate exception prioritization, ensure secure retention, and accelerate end-of-day recovery
1.13	Fraud Detection and Transaction Monitoring	30 minutes	Near-zero	Zero loss of alerts, case data, and detection rules	Very high if fraud control visibility is impaired during live transactions	Very high due to fraud, AML/CFT, and consumer protection concerns	Financial Crime / Regulatory / Customer Harm	Critical priority	Ensure hot-site capability, rule backup, alternate alert routing, and manual fraud-watch procedures
1.14	Regulatory Reporting and Compliance Monitoring	1 business day unless the statutory deadline is sooner	30 minutes	Zero loss of compliance evidence, monitoring results, and reports	Limited immediate customer inconvenience, but latent harm may grow	Very high if required reporting, monitoring, or breach escalation fails	Regulatory / Compliance / Reputational	Partially resilient	Strengthen reporting lineage, evidentiary retention, and contingency submission procedures
1.15	Incident Response, Business Continuity, and Recovery	30 minutes to invoke; 2 hours to stabilise priority services	Near-zero for incident logs and recovery decisions	Zero loss of incident logs, decision records, and recovery status data	Enterprise-wide impact if recovery coordination fails	Very high because failure undermines the bank’s resilience framework itself	Enterprise / Governance / Recovery	Core control requiring continuous enhancement	Test recovery governance, crisis escalation, communications, and recovery orchestration under severe but plausible scenarios

Notes on the Recommended Tolerances

These tolerances are set as a working management baseline, not as final board-approved thresholds. For compliance with BSP Circular No. 1203, BPI should validate them against at least four minimum considerations:

First, tolerances must be tied to identified critical operations and be proportionate to the bank’s scale, nature, and complexity.

Second, they should include both time-based metrics and non-time-based metrics such as affected customers, transaction volumes and values, data integrity, and service availability across channels.

Third, they should be tested using severe but plausible scenarios, including cyber incidents, third-party failures, public infrastructure outages, and other disruptions relevant to the bank’s operating environment.

The BSP explicitly notes examples such as pandemics, natural calamities, failures of key service providers, and major cyber incidents.

Fourth, tolerances should be integrated with business continuity management, recovery strategies, crisis management, and periodic exercises involving critical operations, key dependencies, and interconnections.

Examples of Regulatory Requirements Relevant to BPI

For a Philippine bank such as BPI, BSP Circular No. 1203 gives several practical requirements that shape impact tolerance setting:

Banks must identify critical operations and have the board approve them. Those identified critical operations then drive later steps such as setting disruption tolerances and mapping interconnections and interdependencies.

Banks must establish a clearly defined tolerance for disruption using quantitative and qualitative metrics, including at a minimum a time-based measure and, where relevant, the maximum number of affected customers or transaction volume and value.

Banks must assess dependencies on third parties and public infrastructure, such as telecommunications and energy, and evaluate these dependencies in relation to the bank’s critical operations and established disruption tolerances.

Banks must ensure that technology and security measures preserve the confidentiality, integrity, and availability of the IT environment supporting critical operations, and that ICT protection, detection, response, and recovery processes are tested regularly.

Establishing impact tolerances for CBS-1 Deposit and Account Services is one of the most important steps in translating BPI’s operational resilience framework into measurable management action. The exercise is not merely about setting recovery targets.

It is about defining the point at which disruption to deposit and account services becomes unacceptable from the perspective of customers, regulators, the bank’s safety and soundness, and the wider financial system.

For a bank with BPI’s scale, physical presence, and digital reach, the most demanding tolerances will naturally centre on withdrawals, deposit transaction processing, digital account access, fraud monitoring, and recovery orchestration, because these have the greatest potential to cause immediate customer harm and raise supervisory concern.

Accordingly, the table above should be treated as a management summary to support the next phase of validation: detailed scenario testing, dependency review, control enhancement, and formal approval.

In line with BSP Circular No. 1203, BPI should challenge these tolerances through severe but plausible scenarios and refine them as lessons are learned from testing, disruptions, changes in technology, and changes in customer expectations.

That is how impact tolerance moves from a static document to a practical resilience standard for the continued delivery of critical banking services.


eBook 3: Starting Your OR Implementation
CBS-1 Deposit & Account Services
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SuPS	CBS-1 ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.