![BB OR [D] 5](https://blog.bcm-institute.org/hs-fs/hubfs/BB%20OR%20%5BAi%20Gen%20Blog%20Photo%5D/OR%20Pictures%20A/BB%20OR%20Folder%20D/BB%20OR%20%5BD%5D%205.jpg?width=2000&height=1333&name=BB%20OR%20%5BD%5D%205.jpg "BB OR [D] 5")
![[OR] [LSEG] Thin Banner](https://no-cache.hubspot.com/cta/default/3893111/ef853b63-cc1c-48c8-a4d2-e2b0f87d2f24.png)
CBS-1 Deposit and Account Services
![[OR] [ESB] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/ff45ad34-f2da-43d5-bded-da7a132fa2d0.png)
Scenario testing is a core component of operational resilience because it validates whether a bank can continue to deliver critical business services within defined impact tolerances during severe yet plausible disruptions.
For Equicom Savings Bank, CBS-1 Deposit and Account Services is a foundational service that supports customers onboarding, deposits, withdrawals, digital access, fraud controls, and regulatory obligations.
Scenario testing should therefore move beyond traditional business continuity exercises and examine end-to-end disruptions involving people, processes, technology, facilities, third parties, and cyber dependencies.
The BCM Institute operational resilience guidance highlights scenario testing as a mechanism to assess whether mapped dependencies and impact tolerances remain effective under disruption conditions.
BSP Circular No. 1203 similarly expects banks to identify critical operations, establish disruption tolerances, map interdependencies, and conduct testing against severe but plausible scenarios.
Equicom Savings Bank provides deposit products, online banking, card services, and customer channels that rely heavily on digital platforms, branch operations, and third-party integrations.
As a Philippine thrift bank, it should therefore integrate operational disruptions with cyber and ICT risks, such as ransomware, API failures, identity fraud, network outages, and third-party service disruptions.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes (including Cyber & ICT Risk Integration) |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding portal outage during high-volume customer applications; web application DDoS attack; branch connectivity failure |
Delayed onboarding, customer dissatisfaction, and application backlog |
Conduct annual failover testing; maintain alternate onboarding channels; monitor onboarding application response metrics |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
National ID/KYC API provider unavailable; cyber compromise of identity verification platform |
Inability to validate customers; onboarding delays; compliance exposure |
Test alternate KYC procedures; maintain offline KYC process; conduct third-party resilience reviews |
|
1.3 |
Account Approval and Opening |
Core banking workflow system failure; privilege escalation cyberattack on the approval engine |
Delayed account creation; risk of unauthorised account opening |
Execute workflow recovery tests; perform access-control reviews and cyber simulations |
|
1.4 |
Initial Funding and Deposit Booking |
Core banking database corruption or transaction queue failure |
Deposit posting delays, customer complaints, and reconciliation discrepancies |
Conduct transaction rollback exercises and database recovery tests |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
Erroneous system configuration deployment; malicious insider parameter changes |
Incorrect product setup, financial losses, and customer disputes |
Perform configuration validation testing and maker-checker verification exercises |
|
1.6 |
Deposit Transactions Processing |
Core banking application outage; ransomware attack affecting transaction servers |
Deposits unavailable; transaction backlog; liquidity implications |
Conduct disaster recovery testing; cyber incident response exercises; alternate processing validation |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM switch outage; card network disruption; cyber compromise of funds transfer services |
Customer inability to access funds; reputational impact |
Test manual withdrawal procedures and alternate access channels |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system outage; customer profile corruption event |
Service delays; inaccurate customer information |
Test backup restoration and customer service continuity procedures |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch processing failure; unauthorised manipulation of the fee calculation engine |
Incorrect customer balances; financial loss, disputes |
Execute batch recovery testing and parameter validation checks |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Data warehouse outage; report generation platform cyber compromise |
Customers are unable to access statements and balances |
Conduct reporting continuity testing and alternate statement generation exercises |
|
1.11 |
Digital Account Access and Channel Integration |
Mobile banking application outage; API gateway cyberattack; third-party online banking provider failure |
Customers are unable to access digital banking services |
Perform API resilience tests; simulate cyber attacks; conduct mobile platform failover testing |
|
1.12 |
ATM and Card-Based Access Management |
ATM network outage; card authorisation system compromise; malware infection |
Cash withdrawal disruption; transaction failures |
Conduct ATM switch failover testing and ATM malware response exercises |
|
1.13 |
Account Reconciliation and Exception Handling |
Data synchronisation failure between systems; database corruption event |
Unreconciled balances and operational losses |
Execute reconciliation recovery testing and exception management simulations |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Unauthorised release of account restrictions through cyber compromise |
Fraud exposure and compliance breaches |
Conduct access review testing and privilege abuse simulations |
|
1.15 |
Fraud Monitoring and Transaction Surveillance for Deposit Accounts |
Fraud monitoring engine outage; AI model corruption; SIEM platform disruption |
Delayed fraud detection; increased financial losses |
Conduct cyber red-team exercises and fraud detection continuity tests |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Contact centre platform outage; customer service portal cyberattack |
Customer dissatisfaction; regulatory escalation |
Test alternate communication channels and manual case handling procedures |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
Regulatory reporting platform failure; cyber compromise of reporting datasets |
Delayed regulatory submissions and compliance penalties |
Conduct reporting recovery exercises and data integrity validation testing |
Regulatory Considerations and Examples for Philippine Banks
BSP Circular No. 1203 expects banks to establish operational resilience capabilities for critical operations by identifying critical services, setting disruption tolerances, mapping dependencies, and conducting scenario testing.
Testing should assume disruptions will occur and validate the institution's ability to continue delivering services under severe yet plausible scenarios. Examples include cyberattacks, ICT failures, third-party outages, pandemics, and infrastructure disruptions.
Examples relevant to Equicom Savings Bank include:
- Ransomware affecting core deposit systems and online banking.
- An extended outage of a third-party KYC service provider.
- Nationwide telecommunications disruption affecting branch and ATM connectivity.
- An insider cyber compromise is manipulating customer account data.
- Simultaneous cyber and physical disruptions are impacting customer access channels.
These scenarios align with BSP expectations that banks test resilience to interdependencies and validate that disruptions remain within tolerance thresholds.
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing for CBS-1 Deposit and Account Services should be designed as an enterprise-wide resilience exercise rather than a narrow technology recovery test.
The scenarios above intentionally integrate operational disruptions with cyber and ICT risks because modern banking services increasingly depend on interconnected digital ecosystems, third-party providers, and customer-facing technologies.
By executing these tests regularly, Equicom Savings Bank can validate recovery capabilities, identify weaknesses in dependencies, refine impact tolerances, and demonstrate evidence of proactive risk management to BSP regulators.
Such testing supports the broader objective of ensuring that critical banking services remain available during disruptive events while protecting customers, maintaining trust, and safeguarding financial stability.
![[OR] [ESB] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/8c709bde-b6c0-4f4d-baea-7bd224170162.png)
![[OR] [ESB] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/7008f362-c5b1-4be5-8c33-5d652b7c1101.png)
![[OR] [ESB] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/bb3d54b4-4114-403e-858f-8d1e4850b139.png)
![[OR] [ESB] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/1f5231d6-1843-4bbc-94cd-cbefd8634513.png)
![[OR] [ESB] [E3] [CBS] [1] [SbPS] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/4334b21d-bf00-4700-b131-0123ab5ec183.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
