The “Establishing Impact Tolerance” stage is a key component of Metrobank’s Operational Resilience Planning Methodology's Implement phase.
In this chapter, we will describe how Metrobank can define its impact tolerance for each critical business service, implement steps to set and agree on thresholds, link with regulatory requirements (especially those from the Bangko Sentral ng Pilipinas [BSP]), and integrate this into its operational resilience framework.
Taking a forward-looking and encouraging tone, we will illustrate practical steps and examples that Metrobank can adopt to embed impact tolerance meaningfully across the organisation.
Below are the key implementation steps Metrobank should follow in the “Establishing Impact Tolerance” stage, along with examples and linkages to compliance requirements.
Before setting tolerances, Metrobank must reaffirm and document its critical business services (CBS). For each service, determine the types of potential impacts that would arise if a disruption occurs.
This step ensures a common understanding of “what we must protect” and “what we are trying to tolerate”.
Example
Once impact types are defined, Metrobank should establish, for each CBS, the level of disruption it can tolerate while continuing to deliver its obligations.
This involves setting thresholds for both duration (how long service can be degraded) and magnitude (how much degradation is acceptable), as well as tolerances for reputational, financial, regulatory, and customer-service impacts.
Example
For the payment clearing & settlement service, Metrobank may determine: “We will tolerate no more than 2 hours of full outage before activating contingency; and we will tolerate customer transaction failure rate up to 0.5% before escalation to senior management.”
Qualitative thresholds might include: “We will not accept any instance where regulatory capital or liquidity ratios are materially impacted, or where customer trust is irreversibly eroded.”
In the Philippines, Metrobank, as a BSP-supervised financial institution, must align its tolerance definitions with the guidelines issued by the specifically the BSP Circular No. 1203 (Series of 2024) “Guidelines on Operational Resilience”.
These guidelines emphasise that banks must determine their tolerance for disruption and ensure they remain within their established limits.
Compliance examples include:
By explicitly aligning the thresholds set at Metrobank with these regulatory expectations, management ensures that tolerances are credible, auditable, and embedded in the broader resilience framework.
The thresholds developed must be approved by appropriate governance bodies—ideally by Metrobank’s Board (or a Board Committee) and senior management.
They should reflect what the organisation is willing to live with, trade-off-wise, under disruption. After approval, they become part of policy, and dashboards or monitoring tools should be built to track adherence.
Example
Metrobank’s Risk Oversight Committee reviews the proposed tolerances for each critical service and endorses them to the Board. Senior management then budgets for the capability (people, technology, outsourcing) required to meet those tolerances.
Once defined and approved, Metrobank must communicate the tolerances throughout the organisation (business units, IT, operations, third parties).
They must be embedded into key processes: for example, business continuity plans reference the tolerance thresholds; service agreements with outsourcers reflect both acceptable downtime and breach escalation; IT incident management uses the thresholds to trigger escalation.
Then Metrobank must monitor performance against the tolerances and track when tolerances are breached, trigger remedial plans, lessons learned, and refine tolerances if required.
Example
If Metrobank’s online retail deposit service experiences a performance degradation lasting 3 hours (exceeding the tolerance of 2 hours), an automatic escalation to senior management occurs, root cause analysis is carried out, customer communications are executed, and the tolerance is reviewed to determine if it remains appropriate.
Tolerance levels should not be static. As Metrobank conducts scenario testing (e.g., cyber-attack simulation, branch network outage due to typhoon), the outcomes may show that the service impact was larger than envisaged.
Metrobank should refine its tolerances based on learnings, changes in the business environment, regulatory evolution (e.g., new BSP guidelines), and the evolving risk profile.
Example
A scenario test reveals that the bank’s branch network backup capabilities take 4 hours to restore (versus a tolerance of 2 hours).
Metrobank may revise the tolerance for branch service or invest in improved backup, or split the tolerance between branches and digital channels with weighted tolerances.
Below is a sample table Metrobank can adopt and adapt, showing key critical business services, associated impact types (i.e., different adverse consequences of disruption), and example tolerance thresholds (duration and magnitude).
Note: the tolerance numbers should be calibrated by Metrobank’s own analysis of risk appetite, business model, regulatory context, and cost-benefit.
|
Critical Business Service |
Impact Types (negative consequences if disrupted) |
Example Impact Tolerance* |
|
Retail deposit acceptance (branch + digital) |
• Customer's inability to deposit funds • Liquidity strain • Reputational damage/customer churn • Regulatory non-compliance (e.g., liquidity ratios) |
Full branch network outage ≤ 2 hrs; digital channel degraded ≤ 1.0% failed transactions; liquidity impact must not breach regulatory minimum. |
|
Payment clearing & settlement (wholesale & retail) |
• Settlement delays → legal/financial penalties • Loss of market confidence • Systemic inter-bank network impact • Reputational damage |
Settlement window delay ≤ 30 mins; transaction failure rate ≤ 0.2%; Customer/market impact escalated if tolerance breached. |
|
Credit underwriting & disbursement |
• Delays in credit processing → customer dissatisfaction • Competitive disadvantage • Higher default risk (if process breaks) |
Credit decision/batch processing outage ≤ 4 hrs; backlog growth rate ≤ 5% above normal; customer satisfaction dip not >10% in cycle. |
|
ATM/cash-services availability |
• Customer inability to withdraw cash → reputational damage • Cash-flow/logistics cost increase • Increased dependence on branches |
ATM network outage ≤ 3 hrs; per-ATM failure rate ≤ 0.5% of network; branch fallback capability must engage. |
|
Outsourced IT/cloud service platform |
• Service provider outage → multiple CBS impacted • Data loss or exposure • Regulatory breach (third-party risk) |
Supplier outage ≤ 1 hr for Tier-1 services; business continuity fallback invoked if >1hr; data recovery point objective (RPO) ≤ 15 mins. |
* The example tolerances are illustrative and must be adapted by Metrobank according to its context.
While setting and embedding impact tolerances, Metrobank must actively reference the regulatory environment overseen by the BSP:
By embedding these regulatory requirements into Metrobank’s tolerance-setting process, the bank ensures that its resilience posture not only supports business continuity but also meets supervisory expectations — thereby enhancing organisational credibility and stakeholder confidence.
Establishing impact tolerance is a proactive and strategic step for Metrobank in the journey of operational resilience. It translates abstract notions of “we must keep going” into concrete thresholds, governance decisions, monitoring metrics, and escalation triggers.
By defining the critical business services, identifying the types of disruptions, setting realistic yet robust tolerance thresholds, aligning with BSP guidelines, engaging governance, embedding monitoring, and reviewing the tolerances over time, Metrobank ensures that it is not only prepared for disruption but also confident in how much disruption it can tolerate while remaining viable, credible, and compliant.
By doing so, Metrobank positions itself as a forward-thinking institution that embraces resilience as a strategic enabler — ensuring that its commitment to operational continuity supports its role in the real economy, honours regulatory expectations, protects its customers, and maintains competitiveness even in the face of uncertainty.
Building Resilient Banking Operations: The Metrobank Operational Resilience Implementation Guide |
|||||
"Implement" Phase of the Operational Resilience Planning Methodology |
|||||
| C8 | C9 | C10 | C11 | C12 | C13 |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|