[OR] [BPI] [E3] [CBS] [1] [SbPS] Identify Severe but Plausible Scenarios

CBS-1 Deposit & Account Services

Introduction

In alignment with the guidance from BSP Bangko Sentral ng Pilipinas Circular No. 1203 (Operational Resilience), financial institutions are required to identify Severe but Plausible Scenarios (SBPS) that could disrupt their Critical Business Services (CBS).

These scenarios must go beyond routine incidents and reflect extreme but credible events—such as cyberattacks, infrastructure failures, third-party disruptions, or systemic operational breakdowns.

For CBS-1: Deposit and Account Services, identifying such scenarios enables BPI to stress-test its operational resilience, validate impact tolerances, and ensure continuity of essential banking services.

The scenarios below incorporate integration of Cyber and ICT risks, as mandated by regulators, ensuring that digital dependencies, data integrity, and technology resilience are explicitly considered.

Table P5: Identify Severe but Plausible Scenarios for CBS-1

Sub-CBS Code	Sub-CBS	Severe but Plausible Scenario	Impact / Effect	Proactive Risk Management Action	Link to Integration of Cyber and ICT Risks
1.1	Customer Onboarding and Account Application	Prolonged outage of the digital onboarding platform due to cloud service failure	Inability to onboard customers; reputational damage	Implement alternate onboarding channels (branch/manual); multi-cloud redundancy	Cloud outage resilience; API dependency monitoring
1.2	Customer Identification and Verification (KYC/CDD)	Failure of the national ID verification API or the AML screening system	Delayed onboarding; regulatory non-compliance risk	Maintain offline KYC fallback; periodic data sync; secondary screening tools	Third-party API failure; data integrity validation
1.3	Account Approval and Opening	Internal workflow system corruption due to a cyberattack (ransomware)	Account creation halted; data loss risk	Segregated approval systems; immutable backups; rapid recovery playbooks	Ransomware resilience; privileged access control
1.4	Initial Funding and Deposit Booking	Core banking system posting failure during the peak transaction window	Funds not credited; customer complaints	Real-time reconciliation alerts; fallback posting mechanism	Core system resilience; transaction logging integrity
1.5	Product Terms Setup and Account Parameter Maintenance	Misconfiguration of product parameters due to a system deployment error	Incorrect interest/fees applied; financial loss	Change management controls; automated configuration validation	DevSecOps controls; configuration monitoring
1.6	Deposit Transactions Processing	Distributed Denial-of-Service (DDoS) attack on transaction processing systems	Transaction delays or failures; service disruption	DDoS protection services, traffic rerouting, and capacity scaling	Network security monitoring; traffic anomaly detection
1.7	Withdrawal and Funds Access Processing	ATM/POS network outage caused by telecom provider failure	Customers are unable to withdraw funds	Multi-network routing, offline withdrawal limits, telecom redundancy	Network resilience; third-party telecom dependency
1.8	Account Servicing and Customer Maintenance	CRM system unavailability due to database failure	Inability to update customer records; service delays	High-availability database clusters; failover testing	Database resilience; data replication
1.9	Interest, Fees, and Charges Processing	Batch processing failure due to corrupted data feeds	Incorrect customer balances; reconciliation issues	Automated batch validation; reconciliation controls; rollback procedures	Data pipeline integrity; batch job monitoring
1.10	Statement, Passbook, and Balance Reporting	Data warehouse outage affecting reporting systems	Customers unable to access statements; regulatory reporting delays	Backup reporting systems; scheduled data replication	Data warehouse resilience; reporting system redundancy
1.11	Digital Account Access and Channel Integration	Mobile banking app compromise via malware or credential stuffing	Unauthorised access; fraud losses; reputational damage	Multi-factor authentication; behavioural analytics; fraud monitoring	Cybersecurity controls: identity and access management
1.12	Reconciliation and Exception Management	Failure of the reconciliation engine due to integration breakdown	Unreconciled accounts; financial inaccuracies	Automated exception alerts; manual reconciliation fallback	Integration monitoring; system interface resilience
1.13	Fraud Detection and Transaction Monitoring	AI/ML fraud detection model failure or manipulation	Undetected fraudulent transactions	Model validation; fallback rule-based detection; periodic tuning	AI risk management; cybersecurity monitoring
1.14	Regulatory Reporting and Compliance Monitoring	Regulatory reporting system outage near submission deadline	Non-compliance penalties; regulatory scrutiny	Pre-submission validation; backup reporting processes	Compliance system resilience; secure data transmission
1.15	Incident Response, Business Continuity, and Recovery	Major data centre outage (fire, flood, or power failure)	Complete service disruption across CBS-1	Activate DR site; crisis management team; recovery within RTO/RPO	Data centre redundancy; disaster recovery architecture

Banner [Summing] [OR] [E3] Identify Severe but Plausible Scenarios

The identification of Severe but Plausible Scenarios for CBS-1 Deposit and Account Services demonstrates how Bank of the Philippine Islands can operationalise regulatory expectations set out in BSP Circular 1203.

By systematically linking each scenario to Cyber and ICT risks, the bank ensures that its resilience strategy reflects the realities of modern banking—where digital infrastructure, third-party dependencies, and cyber threats are deeply interconnected.

More importantly, the inclusion of proactive risk management actions evidences a shift from reactive recovery to anticipatory resilience, enabling BPI not only to withstand disruptions but to continue delivering critical services within defined impact tolerances.

This structured approach forms the foundation for subsequent stages, including scenario testing and continuous improvement of operational resilience capabilities.


eBook 3: Starting Your OR Implementation
CBS-1 Deposit & Account Services
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SuPS	CBS-1 ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.