[OR] [MAS] [E3] [C2] Scenario Design – Severe but Plausible Events

eBook 3: Chapter 2

Scenario Design – Severe but Plausible Events

Introduction

Scenario design is a critical component of operational resilience testing. It translates regulatory expectations and resilience objectives into realistic disruption events that challenge an organisation’s ability to deliver its Critical Business Services (CBS).

Under the guidance of the Monetary Authority of Singapore (MAS), financial institutions are required to test against severe but plausible scenarios—events that are extreme in impact yet credible within their operating environments.

Aligned with BCM Institute’s scenario testing methodology, the goal is not to simulate hypothetical extremes detached from reality, but to design credible stress events that expose weaknesses across people, process, technology, and third-party dependencies.

This chapter outlines how to design such scenarios and explores key categories of severe but plausible events relevant to financial institutions.

Principles of Severe but Plausible Scenario Design

A well-designed scenario must strike a careful balance: it should be severe enough to challenge resilience capabilities, yet plausible enough to reflect real-world risks.

Key Design Principles

• Credibility and Relevance
  Scenarios must be grounded in actual threat landscapes, regulatory concerns, and the organisation’s operating context.
  
  
• Service-Centric Focus
  Each scenario should test the organisation’s ability to maintain or recover its CBS, rather than focusing on isolated systems or functions.
  
  
• End-to-End Disruption
  Scenarios should incorporate failures across the full value chain, including internal operations and external dependencies.

• Escalation and Complexity
  Effective scenarios evolve over time, introducing compounding challenges such as resource constraints, communication breakdowns, or decision delays.
  
  
• Cross-Functional Involvement
  Scenario design must involve stakeholders across IT, operations, risk, compliance, and crisis management to ensure realism.

MAS expects institutions to demonstrate that these scenarios are used to validate impact tolerances, test response capabilities, and identify resilience gaps.

Cyberattack Scenarios

Cyber threats are among the most significant risks to operational resilience. MAS explicitly emphasises the importance of testing cyber resilience through realistic attack scenarios.

Common Cyberattack Scenarios

• Ransomware Attack
  Encryption of critical systems affecting CBS, such as payments or digital banking services.

• Distributed Denial-of-Service (DDoS)
  Overwhelming of online banking platforms, leading to service unavailability.

• Data Breach or Data Integrity Compromise
  Exposure or manipulation of sensitive customer data affects trust and regulatory compliance.
• Insider Threat
  Malicious or negligent actions by employees leading to system compromise.

Key Testing Objectives

• Validate incident detection and response capabilities
• Assess cyber incident escalation and crisis management
• Test system recovery and data restoration processes
• Evaluate customer communication and regulatory reporting readiness

Cyber scenarios should also consider cascading effects, such as reputational damage and regulatory intervention.

Cloud Service Provider Outages

With increasing reliance on cloud infrastructure, third-party disruptions have become a critical area of concern in operational resilience.

Typical Cloud Disruption Scenarios

• Major Cloud Provider Outage
  Loss of access to critical applications hosted on cloud platforms.

• Regional Data Centre Failure
  Disruption affecting specific geographic zones, impacting service availability.
• Third-Party Service Degradation
  Performance issues affecting transaction processing or customer access.

Key Testing Objectives

• Validate failover and redundancy mechanisms
• Assess dependency mapping accuracy
• Test third-party communication and coordination
• Evaluate manual workarounds and fallback processes

MAS expects institutions to demonstrate that they understand and can manage concentration risk and third-party dependencies, particularly in cloud environments.

Pandemic or Workforce Disruption

The COVID-19 pandemic highlighted the importance of workforce resilience as a key pillar of operational continuity.

Typical Workforce Disruption Scenarios

• Pandemic Resurgence
  High absenteeism affecting critical operations.
  
  
• Workplace Denial (e.g., building closure)
  Loss of access to primary work locations.
  
  
• Critical Staff Unavailability
  Absence of key personnel with specialised knowledge.

Key Testing Objectives

• Validate remote working capabilities and infrastructure
• Assess cross-training and staff substitution strategies
• Test communication channels and employee coordination
• Evaluate sustained operations under prolonged disruption

These scenarios emphasise that resilience is not purely technological—it is equally dependent on people and organisational adaptability.

Multi-Event Scenarios

Real-world disruptions rarely occur in isolation. MAS encourages institutions to design multi-event or compound scenarios that reflect the complexity of actual crises.

Examples of Multi-Event Scenarios

• Cyberattack During a Cloud Outage
  Simultaneous system compromise and infrastructure failure.
  
  
• Pandemic with Third-Party Disruption
  Workforce shortages combined with vendor service degradation.
  
  
• Natural Disaster Triggering Technology Failures
  Physical disruption leading to cascading IT outages.

Key Testing Objectives

• Assess organisational resilience under compounded stress
• Evaluate decision-making under uncertainty and ambiguity
• Test prioritisation of critical services
• Identify systemic vulnerabilities across interconnected dependencies

Multi-event scenarios are particularly valuable in revealing hidden interdependencies and systemic weaknesses that single-event scenarios may not expose.

Integrating Scenario Design with Impact Tolerances

Scenario design must be closely aligned with impact tolerances defined for each CBS. Each scenario should aim to answer:

• Can the organisation remain within impact tolerance thresholds?
• If not, how quickly can it recover within acceptable limits?
• What gaps or weaknesses prevent successful recovery?

This alignment ensures that testing is not abstract but directly linked to measurable resilience outcomes, as required by MAS.

Designing severe but plausible scenarios is fundamental to effective operational resilience testing. 

Guided by the expectations of the Monetary Authority of Singapore and aligned with BCM Institute’s scenario testing principles, organisations must develop realistic, service-centric scenarios that challenge their ability to deliver critical business services under disruption.

By incorporating cyber threats, cloud outages, workforce disruptions, and multi-event crises, institutions can move beyond basic testing and achieve a deeper understanding of their resilience capabilities. 

Ultimately, well-designed scenarios enable organisations to uncover vulnerabilities, strengthen response strategies, and ensure that resilience is not assumed—but proven.

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.