In the evolving financial landscape of the Philippines, operational resilience is no longer a reactive requirement but a strategic imperative. For Metrobank, performing Scenario Testing represents a crucial validation step in the Implement phase of its Operational Resilience Planning Methodology.
Through this exercise, Metrobank ensures that its Critical Business Services (CBS)—such as deposit and withdrawal operations, payment and fund transfers, and ATM services—can withstand severe yet plausible disruptions while maintaining continuity of essential services to customers.
In alignment with the Bangko Sentral ng Pilipinas (BSP) Circular No. 1149 (Series of 2022) on Operational Resilience of BSP-Supervised Financial Institutions (BSFIs), scenario testing is required to assess the bank’s ability to continue operations, recover within established impact tolerances, and protect the integrity of the Philippine financial system.
Metrobank’s testing program embodies BSP’s principle of “proportionate resilience”—ensuring preparedness that matches the bank’s size, complexity, and systemic importance.
The objectives of scenario testing are to:
Metrobank begins by defining the scope of each scenario test based on its Critical Business Services (CBS) identified in earlier phases. The objectives of each test are clearly articulated—for example, verifying that fund transfer services can recover within the set impact tolerance of two hours following a major systems outage.
Example:
A scenario may focus on testing Metrobank’s payment processing capability during a cyberattack that disrupts access to its data centres in Makati and Quezon City.
Scenarios must represent realistic yet challenging disruptions. BSP emphasises that BSFIs must test their resilience against both idiosyncratic (institution-specific) and systemic (market-wide) events.
Example Scenario Categories:
Metrobank’s Operational Risk Management (ORM) and IT Risk teams collaborate with the Business Continuity Management (BCM) Office to ensure scenarios reflect emerging threats and regulatory concerns.
Each scenario must be measured against Metrobank’s impact tolerance thresholds, which were defined during the Establish Impact Tolerance stage. These include metrics such as maximum allowable downtime, acceptable data loss, and customer transaction recovery time.
Example
For CBS-2 (Payments and Fund Transfers), the impact tolerance is defined as no more than two hours of service unavailability. The scenario test will evaluate whether the bank’s recovery plan meets this tolerance during a simulated cyberattack.
Metrobank performs scenario testing through a structured and controlled exercise that engages cross-functional teams from Operations, IT, Risk, Compliance, and Business Units. The test should simulate conditions closely resembling real-life crises while ensuring data and systems integrity.
Types of Scenario Testing:
Example
Metrobank’s Integrated Crisis Exercise 2025 tests simultaneous loss of primary data center connectivity and ATM network outage, evaluating the effectiveness of communication and recovery coordination across business units.
All results from scenario tests must be documented and analysed. The BCM Office compiles detailed reports, including:
Example
If a simulated cyberattack test reveals delayed decision-making in the activation of the crisis management team, corrective actions such as refined escalation triggers or updated playbooks are proposed.
Post-test reviews should lead to continuous improvement. Gaps identified are addressed through action plans that may involve:
BSP mandates periodic reviews and “lessons learned” documentation to ensure sustained improvement of operational resilience practices.
The following compliance principles are drawn from the BSP Operational Resilience Framework (Circular No. 1149, Series of 2022):
|
BSP Expectation |
Metrobank’s Implementation Approach |
|
BSFIs must test their resilience against severe but plausible scenarios. |
Metrobank conducts annual scenario testing for all CBS, validated by the ORM and BCM committees. |
|
Scenario tests must include third-party and technology dependencies. |
Vendor failure scenarios are integrated into system outage and payment disruption simulations. |
|
Results of testing should be reported to senior management and the Board. |
BCM Office prepares detailed test summaries for the Management Committee (MANCOM) and the Risk Oversight Committee (ROC). |
|
Testing programs should be proportionate to size and complexity. |
Metrobank’s scenario scope and frequency are scaled to reflect its critical role as one of the largest universal banks in the Philippines. |
|
Continuous improvement must follow from testing insights. |
Post-test reviews form part of Metrobank’s annual BCM and resilience enhancement plan. |
|
CBS Code |
Critical Business Service |
Scenario Description |
Impact Tolerance (Max Allowable Disruption) |
Actual Recovery Time |
Key Dependencies |
Test Outcome |
Identified Gaps / Lessons Learned |
Corrective Actions |
Management Review / Sign-Off |
|
CBS-1 |
Deposit and Withdrawal Services |
Core banking system outage due to hardware failure |
3 hours |
2.5 hours |
Data Centre, Teller System, Branch Network |
Within Tolerance |
Need for improved teller communication flow |
Update crisis communication SOP |
✅ COO |
|
CBS-2 |
Payments and Fund Transfers |
Cyberattack disrupting online banking platform |
2 hours |
3 hours |
Internet Banking Platform, SOC Team |
Exceeded Tolerance |
Delay in escalation to Crisis Team |
Revise escalation triggers |
⚠️ CISO |
|
CBS-3 |
ATM Network |
Loss of telecom connectivity is affecting 50% of ATMs nationwide |
4 hours |
3.5 hours |
Telecom Providers, ATM Switch |
Within Tolerance |
Limited visibility on regional outage status |
Enhance the monitoring dashboard |
✅ Head of IT Ops |
Scenario testing is the cornerstone of Metrobank’s operational resilience capability—transforming preparedness into measurable assurance.
Through rigorous simulation of adverse scenarios, Metrobank not only validates its ability to operate within impact tolerances but also strengthens its governance, risk awareness, and recovery capabilities in line with BSP’s operational resilience principles.
This proactive approach ensures that even amid severe disruptions—whether technological, cyber, or environmental—Metrobank can continue delivering essential financial services, maintaining trust, and supporting the stability of the Philippine banking system.
Building Resilient Banking Operations: The Metrobank Operational Resilience Implementation Guide |
|||||
"Implement" Phase of the Operational Resilience Planning Methodology |
|||||
| C8 | C9 | C10 | C11 | C12 | C13 |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|