[OR] [MBT] [E3] [CBS] [5] [SuPS] Identify Severe but Plausible Scenarios

Sub-CBS Code

Sub-CBS

Impact/Effect

Severe but Plausible Scenario

Proactive Risk Management Action

Link to Integration of Cyber and ICT Risks

5.1

Retail Loan Origination and Assessment

Disruption in the loan origination process

Cyberattack on credit score providers, causing a delay in assessment and risk of incorrect scoring

Establish alternative channels for credit score assessment, and implement regular penetration testing on external data providers.

Ensure cybersecurity measures are in place to protect against data breaches in third-party integrations.

5.2

Corporate and Commercial Credit Underwriting

Loan approval delays, reputational damage

Ransomware attack on underwriting systems, leading to inaccessibility of key borrower data

Implement data backup and recovery strategies, and conduct regular staff training on phishing and ransomware attacks

Integrate anti-ransomware systems and cybersecurity monitoring for underwriting software.

5.3

SME Financing and Credit Processing

Financial loss due to loan processing errors

API failure or disruption with external partners, causing incorrect SME loan disbursals

Implement stronger API monitoring, redundancy, and ensure testing with all third-party integrations

Link to broader cybersecurity protocols in the vendor management system.

5.4

Credit Approval and Sanctioning

Incorrect sanctioning, compliance risks

Data corruption in approval systems leads to incorrect loan terms or missing compliance checks

Introduce robust validation systems, automated compliance checks, and regular audits of sanctioning systems

Ensure encryption and data integrity protocols are maintained in approval workflows.

5.5

Loan Documentation and Contract Execution

Legal disputes, customer dissatisfaction

Malware affecting contract generation tools, leading to incorrect terms being included in loan contracts

Develop fail-safes for contract generation systems, such as manual checks or alternate document generation options.

Implement security and audit logs for contract systems to detect tampering.

5.6

Collateral Management and Security Registration

Fraud or incorrect collateral valuation

Unauthorized access to collateral management systems, allowing fraudulent collateral to be registered

Use multi-factor authentication and continuous monitoring of collateral systems, alongside periodic audits of collateral verification processes.

Align with intrusion detection systems and secure access controls for collateral systems.

5.7

Loan Disbursement and Account Setup

Financial loss, customer complaints

A system glitch in the loan disbursement system is causing delayed or incorrect fund transfers

Implement transaction monitoring systems with automated alerts for any anomalies or discrepancies in disbursement workflows

Integrate transaction security with real-time fraud detection and reporting tools.

5.8

Loan Servicing and Customer Support

Customer dissatisfaction, operational strain

Loss of customer data or delays in loan servicing due to a cyberattack or an internal system crash

Strengthen CRM systems, introduce regular system upgrades, and train customer service teams on handling service disruptions effectively.

Include customer data protection and incident response capabilities in CRM systems.

5.9

Credit Monitoring and Risk Review

Increased credit risk, regulatory penalties

System vulnerability leading to delayed credit monitoring or inaccurate risk reviews due to a cybersecurity breach or system error

Regularly update and patch credit risk management software, conduct third-party security assessments, and implement risk-based security protocols for real-time monitoring.

Integrate cybersecurity tools that ensure real-time detection and response to credit data breaches.

5.10

Collections and Delinquency Management

Financial loss, compliance breaches

Hackers are tampering with the collection of data, causing customer records to be falsely marked as delinquent

Employ encryption of customer payment data, increase fraud detection protocols, and use AI-powered collection risk analysis systems.

Implement real-time monitoring tools to detect unauthorized access or data tampering in collection systems.

5.11

Regulatory Reporting and Compliance

Non-compliance, legal fines

Breach of regulatory reporting due to a cybersecurity incident, leading to incorrect or delayed filings

Enhance regulatory reporting systems with built-in security features and periodic checks for compliance alignment.

Ensure that regulatory compliance tools are protected against cyber threats and data manipulation.

5.12

Loan Portfolio Analytics and Strategy

Financial risk due to inaccurate analytics

Cyberattack on portfolio analytics systems is causing delayed or incorrect risk assessments and decision-making

Regularly back up data, implement real-time monitoring, and ensure business continuity plans are in place for analytical systems di