![x [OR] [DBP] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/baadd64d-9096-4178-8f82-e3cc263abf78.png)
![[OR] [DBP] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/39340e49-edb0-4bef-baa2-32294d677282.png)
CBS-1 Deposit & Account Services
Introduction
![[OR] [DBP] [PH] [E3] [CBS] [1] [SuPS] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/cc1f10b9-f670-407a-bfb3-926ecd110afd.png)
In alignment with the BSP Circular No. 1203 Series of 2024, the identification of Severe but Plausible Scenarios (SBPS) is a critical step in strengthening operational resilience.
These scenarios represent extreme yet credible disruptions that could significantly impact the delivery of critical business services such as CBS-1 Deposit and Account Services. They enable the Development Bank of the Philippines (DBP) to anticipate vulnerabilities across people, process, technology, and third-party dependencies.
Consistent with guidance from the BCM Institute’s Operational Resilience framework, SBPS must incorporate cyber threats, ICT disruptions, third-party failures, and operational breakdowns, ensuring an integrated view of resilience. The scenarios below are designed to support DBP in meeting regulatory expectations for scenario testing, impact tolerance validation, and recovery capability enhancement.
![Banner [Table] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/f4f3c007-e864-48cd-8bc1-0242c8b7fd86.png)
Table P5: Identify Severe but Plausible Scenarios for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
1.1 |
Customer Onboarding and Account Application |
Prolonged outage of the digital onboarding platform due to a cyberattack (e.g., DDoS) |
Inability to onboard new customers; reputational damage |
Deploy DDoS protection, and alternate manual onboarding procedures |
Cyber resilience (DDoS mitigation, secure digital channels) |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
National ID verification service outage or data breach |
Delays in KYC processing; regulatory non-compliance |
Maintain offline verification procedures; diversify KYC data sources |
ICT dependency risk; third-party cyber risk |
|
1.3 |
Account Approval and Opening |
Core banking system failure during account approval |
Incomplete or erroneous account creation |
Implement system redundancy; maker-checker controls |
Core system resilience; system failover |
|
1.4 |
Initial Funding and Deposit Booking |
The payment gateway outage is preventing the initial deposit posting |
Customer dissatisfaction; failed account activation |
Establish alternate funding channels; transaction queuing |
Payment system integration risk |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
Unauthorized system changes due to an insider threat |
Incorrect interest rates/fees applied |
Enforce role-based access control (RBAC); audit trails |
Identity and access management (IAM) risk |
|
1.6 |
Deposit Transactions Processing |
Core banking system latency or crash during peak hours |
Transaction delays; financial inaccuracies |
Implement load balancing; real-time monitoring |
System performance and capacity risk |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM network outage or card switch failure |
Customers are unable to withdraw funds |
Multi-network ATM routing; cash contingency planning |
Network resilience; third-party switch risk |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system unavailability due to a ransomware attack |
Inability to update customer records; service delays |
Regular backups, endpoint protection; incident response plan |
Cyber resilience (ransomware defense) |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch processing failure due to corrupted data |
Incorrect customer balances; financial loss |
Data validation controls; reconciliation checks |
Data integrity and processing risk |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Data warehouse failure impacting reporting systems |
Customers are unable to access statements |
Implement backup reporting systems; cloud replication |
Data availability and storage resilience |
|
1.11 |
Digital Account Access and Channel Integration |
Mobile banking application outage due to cloud service failure |
Customers are unable to access accounts digitally |
Multi-cloud strategy; failover mechanisms |
Cloud and API resilience risk |
|
1.12 |
ATM and Card-Based Access Management |
Card management system breach exposing card data |
Fraud risk; customer trust erosion |
Tokenisation, encryption, and fraud monitoring systems |
Payment card security (PCI DSS) risk |
|
1.13 |
Account Reconciliation and Exception Handling |
Reconciliation system failure leading to unmatched transactions |
Financial discrepancies; audit issues |
Automated reconciliation tools; exception workflows |
Data reconciliation system risk |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Erroneous bulk account freezing due to a system error |
Customer complaints; legal exposure |
Implement approval controls; rollback procedures |
System control and governance risk |
|
1.15 |
Fraud Monitoring and Transaction Surveillance |
Fraud detection system outage during an active fraud attack |
Undetected fraudulent transactions |
Deploy AI-based fraud detection redundancy; real-time alerts |
Cyber fraud and monitoring risk |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Contact center system outage during a crisis event |
Inability to handle customer complaints |
Activate alternate communication channels; crisis scripts |
Communication system resilience |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
Failure to submit regulatory reports due to system/data issues |
Regulatory penalties; compliance breach |
Maintain manual reporting fallback; data governance controls |
Regulatory technology (RegTech) risk |
|
1.18 |
Incident Response, Business Continuity, and Recovery |
Failure of the disaster recovery (DR) site during a major outage |
Prolonged service disruption; breach of impact tolerance |
Conduct regular DR testing; geo-redundant sites |
ICT resilience, DR, and backup infrastructure |
![Banner [Summing] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/446ccb83-e056-40d0-aae5-834d73c13f43.png)
The identification of Severe but Plausible Scenarios for CBS-1 Deposit and Account Services enables the Development Bank of the Philippines to adopt a forward-looking and risk-informed approach to operational resilience. By systematically assessing disruptions across all Sub-CBS components, DBP ensures that vulnerabilities are understood and mitigation strategies are proactively embedded into its operational framework.
In line with BSP Circular No. 1203, these scenarios support the bank’s ability to test its resilience capabilities, validate impact tolerances, and strengthen recovery strategies, particularly in the face of increasing cyber and ICT risks. Ultimately, this structured approach enhances DBP’s preparedness to maintain critical services under adverse conditions, safeguarding customer trust, financial stability, and regulatory compliance.
![[OR] [DBP] [PH] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/aa944974-5687-4847-8a2f-de39ae1210d6.png)
![[OR] [DBP] [PH] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/bceb7b2a-c26c-4270-8d82-5615486acf98.png)
![[OR] [DBP] [PH] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/4031a3bc-6354-48f7-bd8f-a736a20245dd.png)
![[OR] [DBP] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/88965267-70ef-4f08-896a-3048a7c3d0ce.png)
![[OR] [DBP] [PH] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/42c86c66-5072-4f85-8ca2-6fd2f78f2357.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
