CBS-5 Loan and Credit Services
![[OR] [MBT] [E3] [CBS] [5] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/bcb334a6-8027-4feb-a42b-090587358386.png)
Performing scenario testing is a critical component of operational resilience, ensuring that Metrobank's CBS-5 Loan and Credit Services can effectively handle severe but plausible events that could disrupt operations.
Scenario testing enables Metrobank to simulate various risk events, ranging from cyber attacks to system outages, ensuring that the organisation can identify vulnerabilities and develop effective response strategies.
By integrating cyber and ICT risks into each process of CBS-5, Metrobank can better safeguard sensitive information, ensure business continuity, and minimise financial and reputational damage. The proactive risk management actions listed in the table ensure that each process is resilient to disruptions and that Metrobank is prepared for any eventuality.
This is a table of recommended "Scenario Testing" for each detailed process of the Critical Business Service (CBS-5) Loan and Credit Services at Metrobank. The table also highlights the integration of cyber and ICT risks, along with proactive risk management actions.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-5
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact/Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
5.1 |
Retail Loan Origination and Assessment |
Cyber-attack disrupting loan application portals |
Delayed loan processing, customer dissatisfaction |
Regular penetration testing, enhance multi-factor authentication |
Cyber resilience through secure access controls |
|
5.2 |
Corporate and Commercial Credit Underwriting |
Data breach exposing sensitive corporate data |
Loss of reputation, financial penalties |
Data encryption, access control policies |
Integration of data protection and encryption standards |
|
5.3 |
SME Financing and Credit Processing |
System outage is preventing SME loan approvals |
Disruption in loan processing, delays in SME funding |
Backup systems, regular disaster recovery drills |
ICT continuity and data recovery plans |
|
5.4 |
Credit Approval and Sanctioning |
Decision-making system failure leading to incorrect credit approvals |
Increased loan defaults, financial loss |
Automated decisioning review, monitoring systems |
Cybersecurity measures for decision-making integrity |
|
5.5 |
Loan Documentation and Contract Execution |
Signature software malfunction or fraud risk |
Delay in contract execution, legal liabilities |
Implement digital signature verification, fraud detection |
Strong anti-fraud measures and cybersecurity monitoring |
|
5.6 |
Collateral Management and Security Registration |
Failure in the collateral registration system |
Legal and financial risk due to unregistered collateral |
Regular updates to collateral systems, audit trails |
Cyber risk integration in digital collateral management systems |
|
5.7 |
Loan Disbursement and Account Setup |
Technical failure in the loan disbursement platform |
Disruption in fund transfer, customer complaints |
Redundant systems, manual backup protocols |
Integration of secure transfer protocols for financial transactions |
|
5.8 |
Loan Servicing and Customer Support |
The customer service system crashes during peak periods |
Service delays, customer dissatisfaction |
Increase in system capacity, customer service AI tools |
Cyber-attack preparedness for customer support systems |
|
5.9 |
Credit Monitoring and Risk Review |
Inaccurate credit score updates due to a system glitch |
Wrongful credit rating, regulatory issues |
Continuous system auditing, AI-driven monitoring |
Cybersecurity for maintaining accurate customer data integrity |
|
5.10 |
Collections and Delinquency Management |
System breach affecting collection systems |
Inability to contact clients, non-compliance with regulations |
Monitoring systems for data integrity, secure payment gateways |
Integration of cyber risk mitigation in collection management |
|
5.11 |
Regulatory Reporting and Compliance |
Failure in the reporting platform during regulatory submission deadlines |
Regulatory fines, compliance issues |
Automated backup systems, regulatory compliance checks |
Cyber compliance in reporting systems to protect data integrity |
|
5.12 |
Loan Portfolio Analytics and Strategy |
Data corruption or inaccuracy in loan performance analytics |
Poor decision-making, portfolio mismanagement |
Regular data audits, use of AI to detect anomalies |
Cyber risk management for data analytics platforms |
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
The chapter on "Performing Scenario Testing" for CBS-5 Loan and Credit Services highlights the importance of preparing for severe but plausible scenarios that could impact Metrobank's loan and credit services.
By mapping out potential disruptions and implementing proactive risk management actions, Metrobank can ensure its critical business services remain resilient and compliant with operational resilience regulations.
Incorporating cyber and ICT risk integration into every process ensures the bank is prepared for the evolving landscape of cybersecurity threats, safeguarding both the bank’s operations and its customers.
Through continuous testing, refinement of risk mitigation strategies, and adaptation to new challenges, Metrobank will be equipped to navigate unforeseen disruptions effectively.
![[OR] [MBT] [E3] [CBS] [5] [DP] Loan and Credit Services](https://no-cache.hubspot.com/cta/default/3893111/2354a2d7-c4a2-4c61-a0ec-1d12406770a7.png)
![[OR] [MBT] [E3] [CBS] [5] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/514399e6-d4bb-4f32-a768-9ffdb1268df0.png)
![[OR] [MBT] [E3] [CBS] [5] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/a910f80d-9706-4d89-9377-1c966c78054c.png)
![[OR] [MBT] [E3] [CBS] [5] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/7a6969df-3e94-4fa3-bf8e-785daebc5716.png)
![[OR] [MBT] [E3] [CBS] [5] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/418868dc-1354-459d-b5d7-a5f852a60f0d.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
