[P2] [S3] Chapter 15
Practical Case Study (Banking Sector Example)
Introduction
![[OR] [P2] [S3] [ITo] [C15] Practical Case Study (Banking Sector Example)](https://no-cache.hubspot.com/cta/default/3893111/fef15761-14c6-4e2b-b157-554cceb33d14.png)
Understanding the impact tolerance conceptually is important—but its true value is realised when applied in a real-world operational context.
In the banking sector, where customer trust, regulatory compliance, and systemic stability are critical, impact tolerance must be clearly defined, tested, and embedded into day-to-day operations.
This chapter provides a practical case study illustrating how a bank sets and applies impact tolerances for two common Critical Business Services (CBS):
- CBS-1: Deposit and Account Services
- CBS-2: Payments and Funds Transfer Services
The case study follows a structured, step-by-step approach aligned with the methodology outlined in earlier chapters.
Purpose of the Chapter
The purpose of this chapter is to:
- Demonstrate the practical application of impact tolerance methodology
- Illustrate step-by-step tolerance setting for key banking services
- Provide sample outputs, tables, and analysis
- Highlight lessons learned and common considerations
Overview of the Case Study
Bank Profile (Illustrative)
- Mid-to-large retail and commercial bank
- Multi-channel operations (branch, ATM, mobile, online)
- High transaction volumes in deposits and payments
- Heavy reliance on core banking systems and third-party networks
Selected Critical Business Services
|
CBS Code |
Critical Business Service |
Description |
|
CBS-1 |
Deposit and Account Services |
Enables customers to open accounts, deposit funds, withdraw funds, and manage balances |
|
CBS-2 |
Payments and Funds Transfer Services |
Enables domestic and cross-border payments, transfers, and settlements |
Step-by-Step Tolerance Setting
Step 1: Identify Sub-CBS
CBS-1: Deposit Services
|
Sub-CBS Code |
Sub-CBS |
|
1.1 |
Customer Onboarding and Account Opening |
|
1.6 |
Deposit Transactions Processing |
|
1.7 |
Withdrawal and Funds Access |
|
1.11 |
Digital Account Access |
CBS-2: Payments Services
|
Sub-CBS Code |
Sub-CBS |
|
2.1 |
Payment Initiation |
|
2.3 |
Authentication and Authorisation |
|
2.5 |
Payment Routing |
|
2.7 |
Clearing and Settlement |
|
2.9 |
Transaction Notification |
Step 2: Map Dependencies (Simplified View)
|
Sub-CBS |
People |
Technology |
Third Parties |
|
Deposit Transactions |
Branch staff, operations |
Core banking system, ATM switch |
ATM network provider |
|
Payment Initiation |
Digital banking team |
Mobile app, payment gateway |
Payment processor |
|
Clearing & Settlement |
Payments ops, treasury |
Payment switch, RTGS |
Clearing house |
Step 3: Identify Impact Dimensions
The bank considers:
- Customer access to funds
- Transaction delays
- Regulatory compliance (e.g., payment settlement timelines)
- Financial exposure
- Systemic impact (especially for payments)
Step 4: Define Disruption Scenario
Scenario:
Core banking system outage affecting both deposit and payment services for several hours.
Step 5: Assess Impact Severity Over Time
|
Time |
Deposit Services Impact |
Payments Services Impact |
|
0–1 hour |
Minor delays |
Minor transaction delays |
|
1–2 hours |
Customers are unable to deposit/withdraw |
Payment backlog increases |
|
2–4 hours |
High customer dissatisfaction |
Delayed payments, complaints |
|
4–6 hours |
Severe customer impact |
Regulatory concern triggered |
|
>6 hours |
Crisis |
Potential systemic impact |
Step 6: Determine Impact Tolerances
Sample Impact Tolerance Table
|
Sub-CBS Code |
Sub-CBS |
MTD |
MTDL |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.6 |
Deposit Transactions Processing |
4 hours |
15 minutes |
High – no access to deposits |
Medium |
Customer / Financial |
Moderate |
Improve system failover |
|
1.7 |
Withdrawal & Funds Access |
2 hours |
Near-zero |
Very High – customers cannot access funds |
High |
Customer / Regulatory |
Weak |
Enhance ATM and branch redundancy |
|
2.1 |
Payment Initiation |
2 hours |
5 minutes |
High – delayed payments |
High |
Customer / Systemic |
Moderate |
Strengthen gateway resilience |
|
2.7 |
Clearing & Settlement |
1 hour |
Near-zero |
Very High – systemic disruption |
Very High |
Systemic / Regulatory |
Weak |
Implement alternate routing |
Step 7: Validate with Stakeholders
Stakeholders involved:
- Business heads (retail banking, payments)
- Technology teams
- Operations teams
- Risk and compliance
- Senior management
Outcome:
- Agreement that payment services require stricter tolerances than deposit services
- Identification of gaps in clearing and settlement resilience
Step 8: Governance Approval
- Senior Management approves tolerances
- Board reviews critical CBS tolerances (e.g., payments)
- Action plans assigned to responsible owners
Scenario Testing Results
Test Scenario
Simulated 4-hour core banking outage
Results
|
CBS |
Defined Tolerance |
Actual Outcome |
Result |
|
Deposit Services |
4 hours |
3.5 hours recovery |
Within tolerance |
|
Withdrawal Services |
2 hours |
3 hours recovery |
Breach |
|
Payment Initiation |
2 hours |
2.2 hours recovery |
Near breach |
|
Clearing & Settlement |
1 hour |
2 hours recovery |
Breach |
Key Observations
- ATM network dependency created delays in withdrawal recovery
- The clearing system lacked an alternate routing capability
- Payment backlog escalated rapidly after 2 hours
Analysis of Findings
Strengths
- Deposit services largely within tolerance
- Digital channels recovered faster than expected
- Strong coordination between operations and IT
Weaknesses
- Withdrawal services are heavily dependent on a single infrastructure
- Clearing and settlement lacked redundancy
- Third-party dependencies not fully aligned with tolerance
Root Causes
- Single points of failure in ATM and clearing systems
- Insufficient failover capability
- Limited third-party resilience arrangements
Remediation Actions
|
Gap |
Action |
|
ATM dependency |
Introduce alternate network routing |
|
Clearing failure |
Establish backup clearing arrangements |
|
Payment delays |
Enhance processing capacity |
|
Recovery time |
Upgrade failover systems |
Lessons Learned
Service Criticality Matters
- Payment services require stricter tolerances due to systemic impact
- Not all CBS should have the same tolerance thresholds
Dependencies Drive Risk
- Third-party and infrastructure dependencies significantly affect outcomes
- Hidden dependencies can lead to unexpected failures
Scenario Testing Is Essential
- Realistic testing revealed gaps not identified during planning
- Near breaches highlighted areas needing improvement
Tolerances Must Be Evidence-Based
- Initial tolerances required adjustment after testing
- Data-driven refinement improves credibility
Continuous Improvement Is Critical
- Impact tolerance is not static
- Regular testing and updates are necessary
Practical Output Summary
|
Component |
Output |
|
CBS Identification |
Deposit and Payments Services |
|
Dependency Mapping |
People, technology, third parties |
|
Impact Assessment |
Time-based degradation analysis |
|
Tolerance Definition |
MTD, MTDL, customer and systemic impact |
|
Scenario Testing |
Core banking outage simulation |
|
Gap Analysis |
Identified weaknesses in withdrawal and clearing |
|
Remediation |
Technology and third-party improvements |
![Banner [Summing] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5e80e50f-5e3e-44ea-8c43-16bf42d4f3b5.png)
This case study demonstrates how impact tolerance can be applied in a practical banking context.
By following a structured methodology—identifying CBS, mapping dependencies, defining tolerances, and validating through scenario testing—the organisation gains a clear understanding of its resilience capabilities.
The results highlight a key insight: impact tolerance is only as strong as the organisation’s ability to operate within it under stress.
Testing, analysis, and continuous improvement are essential to ensuring that tolerances are realistic, defensible, and aligned with both customer expectations and regulatory requirements.
Ultimately, this approach enables banks to move beyond compliance and build a robust, service-centric operational resilience capability that protects customers, maintains trust, and safeguards financial stability.
![[OR] [P2] [S3] [ITo] [C1] Introduction to Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/a2d06a13-c2ac-4e0a-b8ea-c5afcab91844.png)
![[OR] [P2] [S3] [ITo] [C2] Regulatory and Standards Landscape](https://no-cache.hubspot.com/cta/default/3893111/04df8f17-629c-458f-af01-67e3da528b63.png)
![[OR] [P2] [S3] [ITo] [C3] Understanding Impact Tolerance in Context](https://no-cache.hubspot.com/cta/default/3893111/ea66bac0-7b34-4d56-9c93-c33c8f7964bc.png)
![[OR] [P2] [S3] [ITo] [C4] Linking Impact Tolerance to Critical Business Services (CBS)](https://no-cache.hubspot.com/cta/default/3893111/24ceb290-50c2-4af4-be00-41894f00c7cb.png)
![[OR] [P2] [S3] [ITo] [C5] Key Components of Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/6e9d8a15-c0a3-4e28-b9a4-c2dcc3e2081e.png)
![[OR] [P2] [S3] [ITo] [C6] Methodology for Setting Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/77526e47-fc15-4c7b-bf03-cadd672b40db.png)
![[OR] [P2] [S3] [ITo] [C7] Impact Tolerance Assessment Framework](https://no-cache.hubspot.com/cta/default/3893111/abf28462-aba4-4970-81be-55cf66dc6147.png)
![[OR] [P2] [S3] [ITo] [C8] Scenario-Based Calibration of Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/23b3a54d-37ce-494b-acb1-33b3cc5e1655.png)
![[OR] [P2] [S3] [ITo] [C9] Role of Dependency Mapping in Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/d35fd8b0-e936-4ab3-9706-4366bfcb8cbe.png)
![[OR] [P2] [S3] [ITo] [C10] Governance, Ownership, and Accountability](https://no-cache.hubspot.com/cta/default/3893111/de12fefd-b6c6-4156-83a9-5d19ca5bc508.png)
![[OR] [P2] [S3] [ITo] [C11] Integration with Operational Resilience Framework](https://no-cache.hubspot.com/cta/default/3893111/84d3d3c4-0647-4ffd-99b4-a20a12526019.png)
![[OR] [P2] [S3] [ITo] [C12] Testing and Validation of Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/9a9cb7eb-1ca3-4790-b39e-f6b0035a1eae.png)
![[OR] [P2] [S3] [ITo] [C13] Monitoring, Metrics, and Continuous Improvement](https://no-cache.hubspot.com/cta/default/3893111/1a32f981-3a16-427a-a63f-5a40ab93ea21.png)
![[OR] [P2] [S3] [ITo] [C14] Common Challenges and Pitfalls](https://no-cache.hubspot.com/cta/default/3893111/8831463d-a357-4203-806b-fb31ef71d615.png)
![[OR] [P2] [S3] [ITo] [C16] Future Trends in Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/b6a701db-167e-4630-88ad-de0d43deb322.png)
![[OR] [P2] [S3] [ITo] [C17] Key Takeaways and Call to Action](https://no-cache.hubspot.com/cta/default/3893111/bf49e0c2-33a3-48bc-97d2-eb939aed77bd.png)
![[OR] [P2] [S3] [ITo] [C18] Back Cover](https://no-cache.hubspot.com/cta/default/3893111/3623335d-0b26-4ee7-afbf-0d431358b390.png)
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
