eBook OR

[OR] [MBT] [E3] [CR] [P5] [SuPS] Identify Severe but Plausible Scenarios

Written by Moh Heng Goh | Jan 5, 2026 3:32:51 PM

Consolidated Report 
Identify Severe but Plausible Scenarios for CBF-1 to CBF-12

This chapter, “Identify Severe but Plausible Scenarios for CBS-1 to CBS-12 for Metrobank,” establishes a critical foundation for strengthening Metrobank’s operational resilience across all Critical Business Services (CBS). 

It introduces a structured, forward-looking approach to identifying disruption scenarios that are severe enough to test resilience limits yet plausible enough to be credible and actionable. 

By systematically examining scenarios across retail banking, payments, digital channels, lending, treasury, wealth management, regulatory reporting, and third-party services, the chapter helps readers understand how diverse threats—such as cyber-attacks, system failures, third-party outages, market shocks, and regulatory disruptions—can impact end-to-end service delivery.

The purpose of this chapter is to guide readers in developing a consistent, defensible scenario-identification methodology aligned with operational resilience principles. 

Before engaging in impact tolerance setting and scenario testing, readers are expected to learn how to define scenarios that meaningfully challenge Metrobank’s people, processes, technology, facilities, and third-party dependencies. 

This chapter clarifies why scenario identification is essential, what constitutes a severe but plausible scenario, and how these scenarios should be framed to support later resilience testing, risk prioritisation, and regulatory assurance. 

By the end of this chapter, readers should be able to articulate scenarios that reflect Metrobank’s real operational risks and customer harm considerations, rather than generic or purely theoretical events.

Table P5: Severe but Plausible Scenarios for CBS-1 to CBS-12 

Sub-CBS Code

Name of Sub-CBS

Severe but Plausible Scenario

Impact/ Effect

Proactive Risk Management Action

1.1

Cash Deposit at Branches

Natural disasters (e.g., earthquakes or floods) render branches inaccessible; Cyber-attacks disrupt branch systems.

Branch services crippled; delayed deposits

Resilient infrastructure, continuity planning & disaster recovery drills

1.2

Deposit via ATMs

ATM network failure due to a cyber-attack or malfunction

ATM deposits unavailable

Cybersecurity audits, real-time monitoring, secure updates

1.3

Online/ Internet Banking Deposits

DDoS attacks or system overloads cause unavailability

Online deposit outages

Multi-layered authentication & DDoS protection

1.4

Cash Withdrawal at Branches

Power failure affecting withdrawal systems

The customer's inability to withdraw cash

Backup power, failover systems

1.5

ATM Withdrawals

ATM skimming or cash-out attacks

Financial loss & service disruption

Encryption, transaction monitoring

1.6

Online/Internet Banking Withdrawals

Account takeover fraud; DDoS

Service disruption & data loss

Two-factor authentication, fraud monitoring

1.7

Failed Deposits or Withdrawals

System errors/technical faults

Transaction failures or delays

Redundancy & incident response

1.8

Fraud Detection and Prevention

APT attacks on fraud systems

Fraud systems compromised

AI detection & continuous monitoring

2.1

Transaction Initiation

DDoS halting initiation

Delayed or failed payments

DDoS tools, network monitoring

2.2

Transaction Validation

Corrupted database failure

Operational delays & errors

Backup systems & validation audits

2.3

Transaction Authorisation

Malicious insider access

Fraudulent transactions

User access controls, MFA

2.4

Transaction Settlement

After-hours outage causing settlement delays

Liquidity issues & reputation risk

24/7 monitoring & fallback systems

2.5

Reconciliation

Reconciliation system failure

Inaccurate balances

Automated reconciliation & frequent testing

2.6

Dispute Resolution

Legal disputes/fraud claims

Service halt & dissatisfaction

Fast-track dispute protocols

2.7

Compliance & Reporting

Cybersecurity breach reporting

Regulatory penalties

Data encryption & compliance checks

2.8

System Maintenance & Monitoring

Bugs during updates

Downtime or error propagation

Rigorous testing & structured maintenance

3.1

ATM Cash Withdrawal Services

ATM network failure from a cyberattack

Disruption of cash access

Cybersecurity audits & DDoS protection

3.2

Branch Cash Withdrawal Services

Cash vault breach + system outage

Loss of funds & reputation damage

CCTV, access controls

3.3

Cash Deposit Services

Misrouting due to fraud or a glitch

Mishandled funds

Biometric authentication & redundancy

3.4

Cash Handling and Replenishment

Theft during transport + IT disruption

Operational & financial loss

GPS tracking & real-time monitoring

3.5

ATM Maintenance & Troubleshooting

Simultaneous hardware failures

Extended downtime

Preventive maintenance & remote diagnostics

4.1

Corporate Account Setup & Onboarding

KYC onboarding outage from vendor compromise

Onboarding delays

Redundant tools & vendor assurance

4.2

Receivables Management

Ransomware stops receivables

Processing disruption

Endpoint protection & backups

4.3

Payables & Disbursement

DDoS on payment infrastructure

Disbursement failures

DDoS mitigation & anomaly monitoring

4.4

Electronic Banking & Treasury Support

Zero-day exploit shuts platform

Access loss

Intrusion detection & patching

4.5

Cash Concentration & Liquidity

Data corruption in the liquidity engine

Poor liquidity management

Immutable backups & anomaly detection

4.6

Cheque Clearing & Settlement

Clearinghouse cyber incident

Market trust issues

Manual contingency & operator coordination

4.7

Corporate Deposits & Cash Vault

Insider collusion disrupts logistics

Vault operation delays

Route encryption & secure audits

4.8

Collections Reconciliation

Data integrity breach

Inaccurate reporting

Continuous validation & audit trails

4.9

Complaint, Exception & Dispute

Fraud via social engineering

Customer dissatisfaction

Fraud analytics & staff training

4.10

Regulatory & Compliance Monitoring

Malware corrupts reporting

Fines & reputational damage

Alternate reporting pipelines

5.1

Retail Loan Origination & Assessment

Cyberattack on credit score providers

Delays & inaccuracies

Alternate channels & penetration testing

5.2

Corporate & Commercial Underwriting

Ransomware in underwriting

Data inaccessibility & delays

Backup strategies & staff training

5.3

SME Financing & Credit Processing

API failure with partners

Incorrect disbursals

API monitoring & redundancy

5.4

Credit Approval & Sanctioning

Data corruption in systems

Incorrect terms

Validation systems & compliance checks

5.5

Loan Documentation & Contract Execution

Malware alters contracts

Legal disputes

Fail-safes & system checks

5.6

Collateral Management

Unauthorised access to collateral systems

Fraudulent registrations

MFA & monitoring

5.7

Loan Disbursement & Setup

System glitch in disbursement

Delays & incorrect transfers

Transaction monitoring

5.8

Loan Servicing & Support

System crash or attack

Customer dissatisfaction

CRM upgrades & training

5.9

Credit Monitoring & Risk Review

Breach delaying monitoring

Regulatory penalties

Patch management & security reviews

5.10

Collections & Delinquency

Data tampering in record-keeping

Compliance breaches

Encryption & real-time monitoring

5.11

Regulatory Reporting & Compliance

Reporting breach

Legal fines

Secure reporting systems

5.12

Loan Portfolio Analytics

Attack on analytics systems

Risk assessment errors

Backups & continuity planning

6.1

Liquidity & Cash Management

Systemic liquidity crisis + mass withdrawals

Settlement delays & liquidity squeeze

Contingency funding & monitoring

6.2

Money Market Operations

Major counterparty failure

Funding delays

Exposure monitoring & diversification

6.3

FX Trading & Settlement

Global clearing system disruption

Market & settlement failures

Multi-venue settlement & secure interfaces

6.4

Fixed Income & Securities Trading

Market freeze from shock

Failed trades & liquidity freeze

Liquidity buffers & monitoring

6.5

Derivatives Trading & Risk Mgmt

Volatility spikes margin stress

Margin pressures

Stress testing & risk limits

6.6

Treasury Operations & Back-Office

Operational outage backlog

Settlement backlogs

Dual-site ops & cross-training

6.7

Collateral & Margin Management

Exchange outage affecting margin

Shortfalls & breaches

Alternative channels & protocols

6.8

Treasury Risk Monitoring & Compliance

Disrupted surveillance systems

Compliance fines

Manual monitoring triggers

6.9

Investment Portfolio Management

Flash crash across markets

Value erosion

Dynamic allocation & stress tests

6.10

Market Data & Pricing Support

Pricing vendor outage

Mispricing risk

Vendor SLAs & data scanning

7.1

Online Banking Platform Management

Extended unavailability due to cloud service outage

Significant downtime, customer dissatisfaction, and reputational damage

Implement multi-cloud redundancy & availability testing

7.2

Mobile Banking Application Services

Critical vulnerability exploited in a mobile app

Customer access disruption, transaction delays

Secure code reviews, penetration testing, app hardening

7.3

Digital Account Access and Authentication

Credential stuffing/ phishing compromises users

Customer lockouts, unauthorised access

Adaptive authentication & behavioural biometrics

7.4

Online Funds Transfer and Payment Processing

Payment gateway compromise

Financial loss, regulatory breach

Transaction anomaly detection & out-of-band verification

7.5

Digital Customer Onboarding & e-KYC

Third-party API compromise

Regulatory non-compliance, identity theft

Diversify verification vendors & API isolation

7.6

Digital Customer Support & Service Channels

DDoS attack on support channels

Inability to serve customers, reputational harm

DDoS protection, load balancing & alternate channels

7.7

CNP & e-Commerce Transaction Processing

Surge in fraudulent transactions

Financial loss & fraud escalation

AI-driven fraud detection & merchant risk scoring

7.8

ATM & Electronic Channel Management

Malware across the ATM network

Service disruption, public trust erosion

Endpoint protection & network segmentation

7.9

Cybersecurity & Fraud Monitoring for Digital Channels

Simultaneous ransomware + phishing attack

Undetected breaches, financial loss

Cyber incident playbooks & automated containment

7.10

Digital Banking Data Management & Reporting

Insider or ransomware data breach

Data corruption/loss, loss of regulatory confidence

Data validation, encryption & immutable backups

8.1

Client Onboarding & Profiling

Data breach during onboarding

Client trust loss & legal consequences

MFA, encrypted storage & continuous monitoring

8.2

Investment Advisory & Portfolio Mgmt

Flash crash/market disruption

Client losses & reputational damage

Stress tests & emergency response strategies

8.3

Trust Account Establishment & Admin

System failure

Non-compliance, regulatory fines

Reliability upgrades, backups & drills

8.4

Fund & Asset Mgmt Operations

Regulatory audit failure

Investor confidence loss & penalties

Compliance audits & real-time reporting automation

8.5

Wealth & Estate Planning Services

Legal dispute in estate planning

Client dissatisfaction & legal costs

Improved legal review & client communication

8.6

Regulatory & Fiduciary Compliance Mgmt

Missing regulatory deadlines

Fines & reputational loss

Automated compliance tracking & staff training

8.7

Client Reporting & Relationship Mgmt

Communication system breakdown

Client churn & reputational damage

Upgraded comms infrastructure & protocols

8.8

Custodial & Safekeeping Services

Physical/cyber breach of custodial assets

Client asset loss & regulatory action

Security audits & real-time monitoring

9.1

Credit Card Application & Onboarding

Database corruption/malware outage

Application processing failure & reputational loss

Secure backups & redundancy in platforms

9.2

Card Issuance & Fulfilment

Ransomware at a third-party vendor

Delayed issuance & SLA breach

Alternate vendors & continuity agreements

9.3

Transaction Authorisation & Processing

DDoS or switch failure

Transaction declines & financial loss

DDoS mitigation & high-availability systems

9.4

Merchant Acquiring & Onboarding

Portal outage due to a bad patch

Merchant onboarding delays

Staging patch tests & change control

9.5

Merchant Transaction & Settlement Services

Payment gateway compromise

Settlement delays & data breach liabilities

Encryption & enhanced reconciliation controls

9.6

Cardholder Servicing & Collections

CRM/collections downtime

Disrupted service & increased delinquency

Mirrored systems & alternate channels

9.7

Fraud Detection & Security Monitoring

Fraud system failure

Undetected fraud & financial/exposure risk

Failover engines & model validation

9.8

Compliance & Regulatory Management

API vulnerability breach

Penalties & compliance breaches

Security audits & encryption

10.1

International Remittance Processing

DDoS attack on remittance platform

Processing disruption & financial loss

Multi-layer DDoS protection & monitoring

10.2

Remittance Partner & Correspondent Bank Mgmt

Key partner insolvency

Transaction processing inability

Contingency agreements & multi-partner support

10.3

FX Conversion & Rate Mgmt

Extreme market volatility

Loss from currency positions & compliance issues

Hedging strategies & real-time monitoring

10.4

OFW Remittance Facilitation

Political instability

Service interruptions & fines

Diversify channels & regulatory engagement

10.5

Cross-Border Compliance & Sanctions Screening

Data breach of compliance data

Trust loss & delays

Encrypt data & cybersecurity audits

10.6

Customer Enrolment & KYC for Remittances

Regulatory changes to KYC

Onboarding delays & lost business

Adaptive KYC platforms & training

10.7

Dispute Resolution & Trace Requests

Surge in disputes from security vulnerability

Backlog & reputation damage

Advanced fraud detection & AI service bot

10.8

FX Transaction Settlement & Reporting

System overload or bug

Settlement delays & reporting issues

Scalability tests & redundancy protocols

11.1

Regulatory Reporting Framework

Cyberattack on reporting systems

Loss of capability & penalties

Patching, cybersecurity & training

11.2

Compliance Monitoring & Auditing

System failure

Compliance monitoring failure & fines

Redundant systems & backups

11.3

Submission of Regulatory Reports

Misreporting due to error/malfunction

Legal & operational delays

Automated reports with validation checks

11.4

Risk Assessment & Mitigation in Reporting

Data corruption

Inaccurate risk reporting & compliance issues

Integrity checks & encryption

11.5

Reporting Systems & Technology

DDoS/software failure

Interruptions & missed deadlines

Disaster recovery & failover testing

12.1

Vendor Risk Management

Major vendor ransomware

Service disruption & delayed transactions

Vendor due diligence & cyber assessment

12.2

Third-Party Contract Management

Contract dispute → service suspension

SLA breach & non-compliance

Contract reviews & continuity clauses

12.3

Outsourced Service Monitoring

Multi-site outage

Transaction delays & downtime

Real-time monitors & redundancy planning

12.4

Service Continuity Planning

Data centre outage

Failure to deliver services within tolerance

BCP activation & backup site switching

12.5

Compliance & Regulatory Assurance

Regulatory audit finds non-compliance

Fines & reputational damage

Periodic & cybersecurity audits

12.6

Incident Management & Response

Coordinated third-party cyber-attack

Data breaches & unavailability

Incident plans & tabletop exercises

In conclusion, identifying severe yet plausible scenarios for CBS-1 through CBS-12 provides Metrobank with a robust lens to reveal and understand operational vulnerabilities. 

These scenarios bridge risk awareness and resilience validation, ensuring subsequent scenario testing is grounded in realistic, high-impact disruptions that matter most to customers, regulators, and the organisation.

This chapter prepares Metrobank to move confidently into the next phase of operational resilience by establishing a clear, structured inventory of challenge scenarios. 

When used effectively, these scenarios enable management to assess preparedness, strengthen controls, enhance recovery strategies, and demonstrate a proactive commitment to maintaining critical services within acceptable impact tolerances—even under extreme but credible conditions.

 

Building Resilient Banking Operations: The Metrobank Operational Resilience Implementation Guide
eBook 3: Starting Your OR Implementation
Consolidated Report
P1 DP P2 MD P3 MPR P4 ITo P5 SuPS P6 ST
Identify Severe but Plausible Scenarios for Critical Business Services for Metrobank [CBS 1 - CBS 12]
CBS 1 CBS 2 CBS 3 CBS 4 CBS 5 CBS 6
CBS 7 CBS 8 CBS 9 CBS 10 CBS 11 CBS 12
 

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

 

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.

If you have any questions, click to contact us.

 
View full post