![[OR] [LBP] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/2b7fea9a-03e9-47b5-be3a-84dc0128eb83.png)
CBS-1 Deposit & Account Services
Introduction
For Land Bank of the Philippines (LBP), CBS-1 Deposit and Account Services is a core banking service because disruption to deposit onboarding, account access, transaction posting, card/ATM availability, digital access, reconciliation, fraud control, complaints handling, and recovery arrangements can immediately affect depositors, public confidence, and the bank’s ability to continue delivering critical operations.
LANDBANK’s public-facing service model shows that deposit accounts, digital banking through iAccess and the Mobile Banking App, and ATM/debit-card-based access are integral parts of how customers access funds and transact.
BSP Circular No. 1203 requires BSFIs to identify critical operations, set a disruption tolerance for each identified critical operation, use at least a time-based metric, consider other metrics such as the number of customers affected and the volume/value of affected transactions, and test those tolerances against severe but plausible scenarios.
The Circular also requires governance review and approval, integration with BCM, and resilience expectations for third-party service arrangements.
The BCM Institute guidance on impact tolerance is consistent with this approach: impact tolerance is the maximum tolerable level of disruption to a critical business service, and it should be set by identifying impact types, setting tolerances for each type, linking them to risk appetite, considering regulatory requirements, documenting them, and reviewing them regularly.
Purpose of the Chapter
This chapter provides an illustrative, regulator-aligned summary of impact tolerance for LBP’s CBS-1 Deposit and Account Services. It is not a statement of LBP’s actual board-approved tolerances; rather, it is a practical benchmark to help management, operations, technology, risk, compliance, and business continuity teams determine the level of disruption that would become intolerable for each detailed process.
The objective is to translate BSP Circular No. 1203 into measurable service thresholds that can later be validated through scenario testing, dependency mapping, BCM exercises, incident response reviews, and board oversight.
![Banner [Table] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/627c33a8-714d-40af-9a2b-0d7957fb8afa.png)
Table P4: Establish Impact Tolerance for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.1 |
Customer Onboarding and Account Application |
1 business day |
Up to 30 minutes of non-finalised application data; no loss of submitted KYC documents |
Moderate to high inconvenience; delayed new account acquisition |
Medium: delays in servicing and onboarding controls |
Service availability, conduct, and operational backlog |
Partially resilient |
Digitize intake fallback, queue management, branch/manual capture fallback |
|
1.2 |
Customer Identification and Verification |
4 hours |
Zero loss of verified identity records; max 15 minutes of in-process session data |
High if applicants cannot be verified; possible account opening delays |
High due to AML/CFT/KYC obligations |
Compliance, data integrity, fraud risk |
Partially resilient |
Strengthen identity verification fallback, document imaging redundancy, sanctions/watchlist continuity |
|
1.3 |
Account Approval and Opening |
4 hours |
Zero loss of approved account master data |
High for customers awaiting account activation and access |
High; account opening approvals must remain controlled and auditable |
Service delivery, compliance, audit trail |
Partially resilient |
Dual authorization fallback, branch-to-HO escalation, maker-checker recovery procedures |
|
1.4 |
Initial Funding and Deposit Booking |
2 hours |
Near-zero; max 5 minutes before journal/ledger replication |
Very high if opening deposits are not booked correctly |
High due to posting accuracy and reconciliation requirements |
Financial, data integrity, liquidity/customer trust |
Needs improvement |
Real-time posting resilience, suspense/recovery procedures, reconciled offline receipts |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
1 business day |
Zero loss of parameter changes after approval |
Moderate; pricing/features may be delayed, but not usually immediately customer-critical |
Medium to high if terms, fees, or account rules are misapplied |
Data integrity, conduct, and configuration risk |
Partially resilient |
Controlled change windows, configuration backup, rollback testing |
|
1.6 |
Deposit Transactions Processing |
1 hour |
Near-zero; max 5 minutes |
Severe customer impact; inability to deposit/post transactions across channels |
High; affects critical operations and transaction continuity |
Availability, financial, reputational |
Critical but partially resilient |
Active-active processing where feasible, queue replay, prioritized recovery for deposit posting |
|
1.7 |
Withdrawal and Funds Access Processing |
30 minutes |
Near-zero; zero loss for authorised debit postings |
Severe and immediate harm; customers are unable to access funds |
Very high due to customer harm and potential systemic confidence issues |
Availability, customer harm, liquidity access |
Critical |
Prioritize channel failover, cash contingency, branch override/manual servicing with controls |
|
1.8 |
Account Servicing and Customer Maintenance |
4 hours |
Zero loss of approved maintenance records |
High inconvenience; profile changes, passbook/account servicing delayed |
Medium to high if customer records become inaccurate |
Data integrity, conduct, and customer service |
Partially resilient |
Workflow recovery, customer-request tracking, controlled deferred update process |
|
1.9 |
Interest, Fees, and Charges Processing |
End of business day |
Zero loss of rate tables and processed accrual/billing files |
Medium initially; high if prolonged or inaccurate |
High if customers are over/under-charged or undercharged or if disclosures are breached |
Financial accuracy, conduct, and reputational |
Partially resilient |
Batch rerun capability, fee/interest adjustment controls, independent validation |
|
1.10 |
Statement, Passbook, and Balance Reporting |
1 business day for statements; 1 hour for balance inquiry availability |
Max 15 minutes for non-finalised report cache; zero loss for official statements |
High if customers cannot confirm balances; moderate for statement delay |
Medium to high, depending on the reporting scope and consumer rights |
Information availability, customer confidence |
Partially resilient |
Multi-channel balance inquiry fallback, report regeneration, branch-assisted servicing |
|
1.11 |
Digital Account Access Enablement |
1 hour |
Zero loss of user entitlement, credentials, and activation records |
Severe for online users if login/access fails |
High due to service continuity and security expectations |
Channel availability, cybersecurity, and customer harm |
Critical |
Harden IAM, MFA/OTP continuity, alternate activation/recovery path, digital channel failover |
|
1.12 |
ATM and Card-Based Access Management |
30 minutes |
Zero loss of card status, PIN/ authorisation controls, and hotlist updates |
Severe and immediate customer impact on cash access and purchases |
Very high if card controls or access restrictions fail |
Availability, fraud, customer harm |
Critical |
Network redundancy, switch failover, card hotlist sync assurance, ATM outage playbooks |
|
1.13 |
Account Reconciliation and Exception Handling |
End of business day for standard items; 4 hours for high-value exceptions |
Zero loss of recon and exception records |
Usually low immediate customer impact, but high latent financial risk |
High if unresolved breaks accumulate or reporting becomes inaccurate |
Financial integrity, control effectiveness |
Partially resilient |
Automated exception queues, aged-break escalation, independent recon backup |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
2 hours |
Zero loss of control status and legal/operational hold records |
High if customers are wrongly blocked or improperly allowed access |
Very high due to legal, compliance, and fraud implications |
Compliance, control integrity, customer harm |
Needs improvement |
Immutable control logs, rapid verification workflow, emergency override with approval trails |
|
1.15 |
Fraud Monitoring and Transaction Surveillance for Deposit Accounts |
15 minutes for alerting degradation; 1 hour max for full restoration |
Zero loss of alerts, cases, and decision logs |
Potentially severe if fraudulent transactions are not detected quickly |
Very high; AML/fraud monitoring is highly sensitive |
Fraud, compliance, financial loss, reputational |
Critical |
24/7 monitoring, SIEM/fraud-engine redundancy, manual surveillance fallback, alert backlog management |
|
1.16 |
Complaints, Disputes, and Service Recovery |
4 hours for complaint intake; 1 business day for case logging continuity |
Zero loss of complaint/dispute records |
High conduct and reputational impact if complaints cannot be logged or tracked |
High because complaint handling and redress must remain auditable |
Conduct, reputational, customer trust |
Partially resilient |
Central complaint register backup, omnichannel intake continuity, SLA tracking and escalation |
|
1.17 |
Regulatory Reporting and Compliance Support for Deposit Services |
By regulatory deadline, 4 hours for critical internal compliance data availability |
Zero loss of reportable data and evidence trail |
Low immediate retail impact, high downstream institutional impact |
Very high due to supervisory reporting and compliance obligations |
Compliance, reporting, legal risk |
Partially resilient |
Regulatory data lineage controls, reporting fallback, sign-off and evidence retention |
|
1.18 |
Business Continuity and Recovery for Deposit Services |
Recovery orchestration activated within 15 minutes; critical service restoration within the lowest applicable CBS tolerance |
Zero loss of incident logs, invocation decisions, and recovery actions |
Severe if recovery governance fails during disruption |
Very high because BCM/OR capability underpins all critical operations |
Enterprise resilience, governance, and recovery effectiveness |
Core control; must be continuously tested |
Maintain updated recovery playbooks, crisis roles, alternate sites/channels, scenario-based testing |
Notes on the Tolerance Design
These proposed tolerances align with the BSP expectation that disruption limits should not rely solely on time.
The table, therefore, combines downtime and data-loss metrics with customer harm, regulatory consequences, and operational impact.
This mirrors BSP Circular No. 1203, which states that BSFIs should use at least a time-based metric and also consider other measures, such as the number of affected customers and the transaction volumes/values affected.
The most stringent tolerances are assigned to processes directly tied to customer access to funds, transaction processing, digital/channel access, ATM/card access, and fraud monitoring, because these are the points where disruption is most likely to create immediate customer harm or broader confidence issues.
That outcome-based approach is also consistent with BCM Institute’s explanation that impact tolerance marks the point beyond which harm becomes intolerable, and that it should focus on “how much, when, and for how long,” not just on a technical recovery clock.
The table also assumes that LBP’s operating model includes branch-deposit products, digital banking, and card- and ATM-enabled access.
That assumption is grounded in LBP’s public-facing service offerings for deposit accounts, iAccess, the Mobile Banking App, and ATM/debit card services.
For complaints and service recovery, LBP publicly provides customer care channels and complaint routes, which support treating complaint intake and case logging as resilience-relevant supporting processes for deposit services.
Third-party dependencies should also be validated against these tolerances.
BSP Circular No. 1203 states that BSFIs should conduct due diligence on service providers, ensure they support the established tolerance for disruption, and avoid arrangements in which the provider cannot comply with those tolerances.
Regulatory Requirements and Examples for LBP
For LBP, BSP Circular No. 1203 creates several practical requirements relevant to this chapter:
- Identify critical operations proportionate to the bank’s size, nature, and complexity. The identified critical operations drive the later steps of setting tolerance for disruption and mapping interconnections and interdependencies.
- Set a clearly defined tolerance for disruption for each critical operation. BSP says the tolerance should include at least a time-based metric and may also include customer count, transaction volume, and affected transaction value.
- Board review and approval are required. BSP states that the criteria for identifying critical operations and setting tolerance for disruption should be reviewed, challenged, and approved by the board.
- Test tolerances using severe but plausible scenarios. The Circular explicitly states that tolerances should be tested to determine their relevance and propriety, and gives examples such as a major earthquake, a severe typhoon, a failure of a critical third-party service provider, payment and settlement disturbances, and coordinated cyberattacks/ransomware.
- Integrate operational resilience with BCM and recovery planning. BSP requires BCM, BCPs, incident recovery planning, testing, awareness, and training to support the delivery of critical operations through disruption.
A practical example for LBP would be this: if 1.7 Withdrawal and Funds Access Processing or 1.12 ATM and Card-Based Access Management is disrupted beyond 30 minutes during payday or a disaster event, the breach may already cross the bank’s impact tolerance because it would create immediate depositor harm, complaints, and potential reputational escalation.
Likewise, if 1.15 Fraud Monitoring and Transaction Surveillance loses alerts or operates blindly for an extended period, the bank may face intolerable fraud, AML, and supervisory risk even before customers visibly complain.
Those examples reflect the BSP’s expectation that tolerances be calibrated around the actual harm caused by disruption to critical operations.
![Banner [Summing] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5e80e50f-5e3e-44ea-8c43-16bf42d4f3b5.png)
Establishing impact tolerance for CBS-1 Deposit and Account Services helps translate operational resilience from a broad policy requirement into measurable service-protection thresholds.
For LBP, the most important tolerances are those that preserve customer access to funds, maintain posting integrity, protect digital and ATM/card channels, sustain fraud surveillance, and ensure that recovery actions are activated quickly and effectively.
These are the areas where disruption is most likely to produce intolerable customer harm or supervisory concern.
The next step is to validate these illustrative tolerances through dependency mapping, process-and-resource mapping, scenario testing, and board review.
In BSP Circular No. 1203 terms, the tolerances must be actionable, tested, and supported by recovery options, third-party arrangements, and BCM capabilities so that critical deposit services can continue through severe but plausible disruptions.
![x [OR] [LandBank] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/5af8c6f4-33f3-4662-b9e6-064232570c94.png)
![[OR] [LBP] [PH] [E3] [CBS] [1] [DP] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/912392ab-7a11-4801-8ee5-b72502b1872d.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
