Scenario testing is a core requirement under
For LBP, CBS-1 Deposit and Account Services represents a high-impact service affecting retail and institutional customers nationwide.
Scenario testing validates whether critical processes, dependencies, and recovery strategies can withstand disruptions such as cyberattacks, system failures, third-party outages, and operational errors.
Aligned with the BCM Institute guidance in “[OR] [P2-S4] What is Scenario Testing in Operational Resilience?”, the following table presents targeted scenario testing themes, mapped to each Sub-CBS, incorporating integration of cyber and ICT risks, and demonstrating evidence of proactive risk management actions expected under regulatory supervision.
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding platform outage; surge in applications during crisis |
Delayed onboarding; customer dissatisfaction |
Redundant onboarding channels; manual fallback procedures; load testing reports |
|
1.2 |
Customer Identification and Verification |
Failure of KYC/AML systems due to API outage or cyberattack |
Inability to verify customers; regulatory breach risk |
Integration with backup KYC providers; periodic KYC system resilience testing |
|
1.3 |
Account Approval and Opening |
Core banking system latency or approval workflow disruption |
Delayed account activation; backlog accumulation |
Workflow automation recovery scripts; approval SLA monitoring |
|
1.4 |
Initial Funding and Deposit Booking |
Payment gateway failure or interbank settlement disruption |
Failed or delayed initial deposits |
Alternate settlement channels; reconciliation controls |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
Data corruption or configuration errors in product setup systems |
Incorrect interest/fees applied; financial loss |
Change management controls; configuration audit logs |
|
1.6 |
Deposit Transactions Processing |
Core banking outage or batch processing failure |
Transaction backlog; customer access disruption |
Active-active data centres; transaction replay capability |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM/POS network outage or liquidity shortage |
Customers unable to access funds |
ATM network redundancy; cash contingency planning |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system outage or branch system failure |
Service delays; inability to update customer records |
Branch-level manual servicing procedures; CRM failover |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch job failure or incorrect parameter updates |
Financial misstatements; customer complaints |
Automated reconciliation checks; dual validation controls |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Reporting system outage or data inconsistency |
Customers unable to view balances/statements |
Multi-channel reporting (online, branch); data validation routines |
|
1.11 |
Digital Account Access Enablement |
Internet/mobile banking outage due to DDoS attack |
Loss of digital access; reputational impact |
DDoS protection services; cyber incident response drills |
|
1.12 |
ATM and Card-Based Access Management |
Card management system compromise or network outage |
Card transaction failures; fraud risk |
Card system redundancy; fraud monitoring integration |
|
1.13 |
Account Reconciliation and Exception Handling |
Reconciliation engine failure or delayed batch processing |
Unresolved discrepancies; financial risk |
Automated exception handling workflows; reconciliation SLAs |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Incorrect account restriction triggers due to system error |
Customer access wrongly restricted |
Rule validation testing; audit trails for account controls |
|
1.15 |
Fraud Monitoring and Transaction Surveillance |
Failure of fraud detection systems during cyber incident |
Increased fraud losses; delayed detection |
AI-based fraud monitoring backup; real-time alert escalation |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Contact centre outage or case management system failure |
Customer dissatisfaction; regulatory complaints |
Alternate contact channels; incident response playbooks |
|
1.17 |
Regulatory Reporting and Compliance Support |
Reporting system failure or inaccurate data submission |
Regulatory penalties; compliance breach |
Regulatory reporting validation checks; backup reporting processes |
|
1.18 |
Business Continuity and Recovery for Deposit Services |
Full-scale disaster (data centre outage, cyberattack, natural disaster) |
Service unavailability beyond tolerance |
Tested DR sites; BCM exercises; recovery time validation reports |
Under Bangko Sentral ng Pilipinas guidelines, LBP must demonstrate that:
Each scenario above explicitly integrates Cyber and ICT risks, ensuring compliance with regulatory expectations and alignment with international operational resilience practices.
Scenario testing for CBS-1 Deposit and Account Services enables the Land Bank of the Philippines to validate its ability to deliver critical banking services during disruptions while remaining within defined impact tolerances.
By systematically mapping severe but plausible scenarios to each Sub-CBS, LBP can identify vulnerabilities across people, processes, technology, and third-party dependencies.
More importantly, the inclusion of evidence-based proactive risk management actions ensures that scenario testing is not merely theoretical but drives continuous improvement in resilience capabilities.
This aligns with BSP Circular No. 1203 Series of 2024, reinforcing the bank’s ability to safeguard customer trust, maintain regulatory compliance, and sustain critical operations under stress conditions.
|
Strengthening Operational Resilience in Land Bank of the Philippines: A Practical Implementation Guide |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Deposit & Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
| |
|
||||
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|