[OR] [EWB] [E3] [CBS] [1] [ITo] Establish Impact Tolerances

CBS-1 Deposit & Account Services

Introduction

Impact tolerance is the point beyond which disruption to a critical business service causes intolerable harm to customers, the institution, or the wider financial system.

In operational resilience, it is not enough for a bank to recover eventually; it must define, in advance, how much disruption it can absorb, for how long, and with what maximum level of data loss and customer harm before the disruption becomes unacceptable.

BCM Institute’s guidance defines impact tolerance as the maximum tolerable level of disruption to a critical business service, expressed in outcome-based measures such as downtime, data loss, transaction impact, and customer impact.

For EastWest Banking Corporation, this is especially relevant because deposit and account services sit at the core of day-to-day banking delivery.

EastWest publicly positions its deposit offerings around convenient and secure access to funds through branches, EasyWay Online and Mobile App, and a broad ATM network, and notes that it is regulated by the Bangko Sentral ng Pilipinas.

Disruption to these services therefore has direct implications for retail customers, payment access, trust, liquidity confidence, and regulatory compliance.

Under BSP Circular No. 1203, BSFIs are expected to identify critical operations, set a tolerance for disruption for each identified critical operation, use both quantitative and qualitative metrics, and include at least a time-based metric.

The Circular also states that other metrics, such as the maximum number of customers affected and the volume and value of transactions affected, should be considered, and that tolerance for disruption should be tested against severe but plausible scenarios.

The criteria for identifying critical operations and setting tolerance for disruption must be reviewed, challenged, and approved by the board of directors.

The table below is a recommended planning baseline for EastWest’s CBS-1 Deposit & Account Services.

It is an illustrative view of operational resilience, not a statement of EastWest’s internally approved thresholds.

The tolerances are calibrated on the principle that customer fund access, transaction integrity, fraud controls, regulatory reporting, and disruption response generally warrant tighter tolerances than slower-moving administrative activities such as dormancy administration or routine servicing changes.

This approach is consistent with BSP’s requirement to align tolerances to criticality, dependencies, customer harm, and resilience testing.

Table P4: Establish Impact Tolerance for CBS-1

Sub-CBS Code	Sub-CBS	Maximum Tolerable Downtime (MTD)	Maximum Tolerable Data Loss (MTDL)	Customer Impact	Regulatory Impact	Impact Type	Current Resilience Status	Action Required
1.1	Customer Onboarding and Account Application	8 hours	30 minutes	Moderate – new customer acquisition delayed, but existing deposit customers can still transact	Medium – service availability and record completeness expectations apply	Service / Conduct / Data	Partially resilient	Strengthen digital fallback, queue management, and document capture recovery
1.2	Customer Identification and Verification (KYC/CDD)	4 hours	15 minutes	Moderate to High – onboarding stalls and risk screening are interrupted	High – AML/CFT and customer due diligence obligations are affected	Compliance / Data / Financial Crime	Partially resilient	Tighten KYC system recovery, manual verification procedures, and sanctions-screening fallback
1.3	Account Approval and Opening	4 hours	15 minutes	High – customers cannot activate new accounts or receive account credentials on time	High – account-opening controls and auditability are required	Service / Compliance / Data	Partially resilient	Improve maker-checker continuity, approval workflow recovery, and exception escalation
1.4	Initial Funding and Deposit Booking	2 hours	Near-zero to 5 minutes	High – customer funds may be uncredited, or balances may be misstated	Highly inaccurate bookings affect books, customer balances, and the risk of complaints	Financial / Data Integrity / Customer	Needs enhancement	Prioritize real-time posting resilience, suspense controls, and rapid reconciliation
1.5	Product Terms Setup and Account Parameter Maintenance	8 hours	30 minutes	Moderate – incorrect terms, limits, rates, or fees may affect service quality	High – product governance and fair treatment obligations may be impacted	Conduct / Configuration / Compliance	Partially resilient	Add stronger change control, configuration backup, and pre-release rollback
1.6	Deposit Transactions Processing	1 hour	Near-zero	Very High – customers may be unable to credit accounts, post deposits, or see correct balances	High – core transaction continuity is central to critical operations	Financial / Service / Data Integrity	Needs enhancement	Ensure active-active processing, posting retries, and end-to-end transaction monitoring
1.7	Withdrawal and Funds Access Processing	30 minutes	Near-zero	Severe – customers lose access to funds at the branch, ATM, or digital channels	Very High – disruption directly affects critical customer outcomes and confidence	Customer Harm / Liquidity Access / Service	Needs enhancement	Maintain highest-priority recovery, channel failover, and cash access contingency
1.8	Account Servicing and Customer Maintenance	8 hours	30 minutes	Moderate – profile updates, replacements, and account maintenance are delayed	Medium – delayed updates may create downstream control issues	Service / Data / Conduct	Partially resilient	Improve CRM recovery, branch workarounds, and deferred update controls
1.9	Interest, Fees, and Charges Processing	1 business day	30 minutes	High if prolonged – incorrect charging or missed accruals affect customer trust	High misapplication of rates/fees can trigger compliance and conduct concerns	Financial / Conduct / Reputation	Partially resilient	Enhance batch resilience, parameter validation, and retro-correction capability
1.10	Statement, Passbook, and Balance Reporting	1 business day	1 hour	Moderate to High – customers lose visibility over balances and transaction history	Medium to High – inaccurate reporting can affect disputes and disclosures	Information / Conduct / Data	Partially resilient	Improve report-generation fallback and alternate balance inquiry channels
1.11	Digital Account Access and Channel Integration	30 minutes	Near-zero	Severe – customers cannot log in, view balances, transfer internally, or manage accounts	High – availability, security, and incident handling expectations apply	Service / Cyber / Reputation	Needs enhancement	Strengthen channel failover, identity services resilience, and customer communications
1.12	ATM and Card-Based Access Management	30 minutes	Near-zero	Severe – direct interruption to cash access and card-enabled fund usage	High – widespread customer impact and reputational consequences	Service / Customer Harm / Third-Party	Needs enhancement	Improve switch redundancy, ATM network failover, and vendor recovery assurance
1.13	Account Reconciliation and Exception Handling	4 hours	15 minutes	High if unresolved – posting breaks and balancing issues accumulate quickly	Highly unresolved breaks affect prudential accuracy and audit trail integrity	Financial / Control / Data Integrity	Partially resilient	Shorten break detection time and automate exception workflow recovery
1.14	Dormancy, Holds, Restrictions, and Account Control Administration	1 business day	30 minutes	Moderate – delays in restrictions or releases can inconvenience customers or expose risk	High – legal holds, account restrictions, and control administration have compliance implications	Compliance / Control / Customer	Partially resilient	Improve control logs, approval continuity, and emergency override governance
1.15	Fraud Monitoring and Transaction Surveillance for Deposit Accounts	15 minutes	Near-zero	Severe – delayed detection can expose customers and the bank to losses	Very High – fraud monitoring interruption affects risk management and regulatory expectations	Fraud / Financial / Compliance	Needs enhancement	Place on highest recovery tier with real-time alerting and SOC escalation
1.16	Complaints, Disputes, and Service Recovery	4 hours	30 minutes	Highly unresolved customer issues escalate rapidly during outages	High – complaint handling and remediation timeliness are supervisory concerns	Conduct / Reputation / Service	Partially resilient	Establish outage complaint playbooks, temporary servicing desks, and faster case triage
1.17	Regulatory Reporting and Compliance Monitoring	1 business day, or earlier, where the report deadline applies	15 minutes	Low direct immediate impact, but indirect impact is significant if issues persist	Very High – inaccurate or late reporting may lead to breaches, findings, or sanctions	Regulatory / Data / Governance	Partially resilient	Harden reporting lineage, compliance dashboards, and deadline-driven recovery priorities
1.18	Incident Response, Business Continuity, and Recovery	15 minutes for activation; recovery orchestration is continuous	Near-zero for incident records and decision logs	Severe if delayed – all other sub-services remain exposed for longer	Very High – BSP expects integrated BCM, incident response, and testing for critical operations	Enterprise Resilience / Governance / Crisis	Needs enhancement	Maintain 24/7 activation, tested playbooks, succession rules, crisis communications, and scenario exercises

How to Interpret the Table

The tighter tolerances are assigned to sub-services where EastWest customers would immediately experience harm, such as loss of access to funds, failed transaction posting, digital unavailability, ATM disruption, or delayed fraud detection.

That is why Sub-CBS 1.6, 1.7, 1.11, 1.12, 1.15, and 1.18 are treated as the most time-sensitive.

This is aligned with BSP Circular No. 1203, which requires BSFIs to use time-based metrics and also consider the number of customers affected and the volume and value of transactions affected by a disruption.

By contrast, onboarding, account maintenance, statements, and some parameter administration processes can usually tolerate a somewhat longer outage, provided that the disruption does not compromise compliance, auditability, or customer fairness.

Even for these activities, however, the data-loss tolerance remains tight because inaccurate customer records, incorrect fees, or broken approval trails can quickly turn an operational disruption into a conduct, fraud, or regulatory issue.

Regulatory expectations and examples for a Philippine bank

BSP Circular No. 1203 expects a Philippine bank to do more than set generic recovery targets.

It requires the bank to identify critical operations, define a tolerance for disruption for each, map interconnections and interdependencies, assess vulnerabilities in processes, systems, third parties, and public infrastructure, and test the ability to deliver critical operations under severe but plausible scenarios.

The Circular also highlights that third-party arrangements affecting critical operations must specify how services will be maintained during disruption or provide an exit strategy, and that BCM, recovery planning, crisis management, and testing must be integrated into the broader operational resilience framework.--

In practical terms, for a Philippine bank such as EastWest, this means examples such as: setting a very short tolerance for ATM and mobile access disruption because customers must still access cash and account balances; requiring near-zero data loss for core deposit posting so that balances remain accurate; setting strict tolerances for fraud monitoring because delayed detection can magnify losses; and ensuring that outsourced switch, telecom, cloud, card-network, or KYC providers can support the bank’s required tolerance for disruption.

-It also means the Board should approve the critical operations and disruption tolerances, while management regularly tests them through scenarios such as major cyber incidents, telecom outages, natural calamities, or third-party failure.

The establishment of an impact tolerance for CBS-1 Deposit & Account Services provides EastWest Banking Corporation with a practical threshold for determining when disruption becomes unacceptable.

It turns operational resilience from a broad principle into a measurable management discipline by defining how long each deposit-related process may be unavailable, how much data loss can be tolerated, what customer harm must be avoided, and what regulatory consequences must be prevented.

For a service set centred on deposit-taking, funds access, transaction integrity, and customer confidence, these tolerances should be among the most carefully governed in the bank’s resilience framework.

The next step is validation. BSP Circular No. 1203 makes clear that tolerance for disruption should be tested against severe but plausible scenarios and used to drive improvements where weaknesses are identified.

Accordingly, EastWest should treat the above tolerances as baseline targets for board review, dependency mapping, third-party assurance, scenario design, and exercise planning.

The end-state is not merely recovery after an outage, but the sustained delivery of critical deposit and account services within clearly approved tolerance levels, even during disruption.

EWB Title Banner

eBook 3: Starting Your OR Implementation
CBS-1 Deposit & Account Services
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SuPS	CBS-1 ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.