[OR] [DBP] [E3] [CBS] [1] [ST] Perform Scenario Testing

Sub-CBS Code

Sub-CBS

Recommended Scenario Test Themes (incl. Cyber & ICT Risk Integration)

Impact / Effect

Evidence of Proactive Risk Management Action

1.1

Customer Onboarding and Account Application

Digital onboarding platform outage; identity fraud attempt via compromised credentials

Inability to onboard customers; reputational damage

Alternate onboarding channels activated; fraud detection alerts triggered; onboarding backlog recovery plan

1.2

Customer Identification and Verification (KYC/CDD)

KYC system downtime; API failure with government ID verification systems

Delayed account opening; compliance breaches

Manual KYC fallback procedures; SLA monitoring with third-party KYC providers

1.3

Account Approval and Opening

Core banking approval workflow failure; unauthorized approval due to an access breach

Incorrect account creation; regulatory exposure

Dual authorization controls tested; audit trail validation; access recertification

1.4

Initial Funding and Deposit Booking

Payment gateway disruption; incorrect fund posting due to a system error

Customer funds not credited; reconciliation breaks

Real-time reconciliation triggers, suspense account monitoring, and customer notification protocols

1.5

Product Terms Setup and Account Parameter Maintenance

Misconfiguration of interest rates or fees due to a system patch error

Financial loss; customer disputes

Configuration change controls; automated validation scripts; rollback procedures

1.6

Deposit Transactions Processing

Core banking outage; cyberattack (e.g., ransomware) on transaction engine

Transaction failure; systemic service disruption

DR site activation; transaction queue recovery; cybersecurity incident response execution

1.7

Withdrawal and Funds Access Processing

ATM network outage; unauthorized withdrawal attempts via card compromise

Customer unable to access funds; fraud losses

ATM failover network tested; fraud detection rules triggered; card blocking procedures

1.8

Account Servicing and Customer Maintenance

CRM system outage; data integrity issue from system sync failure

Delayed servicing; incorrect customer data updates

Data reconciliation routines; customer service fallback scripts; data correction workflows

1.9

Interest, Fees, and Charges Processing

Batch job failure; incorrect computation due to a system bug

Financial misstatement; customer dissatisfaction

Batch rerun procedures; reconciliation checks; exception reporting dashboards

1.10

Statement, Passbook, and Balance Reporting

Reporting system downtime; data corruption in the reporting database

Inaccurate statements; regulatory non-compliance

Backup reporting systems; data integrity checks; customer communication templates

1.11

Digital Account Access and Channel Integration

Internet/mobile banking outage; DDoS attack on digital channels

Customers unable to access accounts; reputational damage

DDoS mitigation controls, channel failover, and customer advisory alerts

1.12

ATM and Card-Based Access Management

Card management system breach; ATM switch failure

Card transaction failure; fraud incidents

Card lifecycle controls tested; network redundancy; fraud monitoring escalation

1.13

Account Reconciliation and Exception Handling

Reconciliation engine failure; delayed batch processing

Unresolved discrepancies; financial reporting risks

Manual reconciliation fallback; exception aging monitoring; escalation protocols

1.14

Dormancy, Holds, Restrictions, and Account Control Administration

Erroneous account freezing due to system error; delayed release of holds

Customer complaints; regulatory scrutiny

Override controls; audit logs review; timely exception handling procedures

1.15

Fraud Monitoring and Transaction Surveillance

Failure of the fraud detection system; advanced persistent threat (APT) attack

Undetected fraud; financial losses

SIEM alerts tested; fraud rule tuning; integration with cybersecurity monitoring

1.16

Complaints, Disputes, and Service Recovery

Contact center outage; complaint management system failure

Delayed resolution; customer dissatisfaction

Alternate service channels, complaint tracking logs, and service recovery KPIs

1.17

Regulatory Reporting and Compliance Monitoring

Regulatory reporting system failure; incorrect data submission

Non-compliance penalties; supervisory action

Regulatory reporting validation checks; submission contingency procedures

1.18

Incident Response, Business Continuity, and Recovery

Major cyberattack; data center outage; pandemic scenario affecting staff availability

Prolonged service disruption; inability to recover within impact tolerance

End-to-end BCP/DR test results; crisis management activation; recovery time validation