![x [OR] [PBCOM] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/8411b9c7-8ede-4f5f-b20e-a2c6767234a0.png)
CBS-1 Retail Deposit & Account Services
Introduction
![[OR] [PBCOM] [E3] [CBS] [1] [SuPS] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/e7d74cf4-d2d4-42b7-91ff-4f3940baee4a.png)
Identifying Severe but Plausible Scenarios (SBPS) is a core requirement in operational resilience, focusing on events that are extreme enough to test the organisation’s ability to remain within its defined impact tolerances, yet realistic enough to occur.
According to BCM Institute, these scenarios should challenge critical business services across multiple dimensions—people, process, technology, and third-party dependencies—and be used as the basis for scenario testing and resilience improvement.
For The Philippine Bank of Communications (PBCom), this aligns with the expectations of Bangko Sentral ng Pilipinas under BSP Circular No. 1203 Series of 2024, which requires banks to identify severe but plausible scenarios such as natural disasters (e.g., earthquake/typhoon), cyberattacks, third-party failures, and payment system disruptions, and to assess whether critical services can continue within tolerance.
The table below provides a structured set of recommended scenarios for each Sub-CBS of CBS-1 Deposit and Account Services, including cyber/ICT linkages and proactive risk management actions.
![Banner [Table] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/f4f3c007-e864-48cd-8bc1-0242c8b7fd86.png)
Table P5: Identify Severe but Plausible Scenarios for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Severe but Plausible Scenario |
Impact / Effect |
Proactive Risk Management Action |
Link to Integration of Cyber and ICT Risks |
|
1.1 |
Customer Onboarding and Account Application |
A major typhoon causes branch closures and staff unavailability |
Inability to onboard customers physically; backlog buildup |
Enable digital onboarding, remote processing, alternate branch routing |
Dependence on digital onboarding platforms and network availability |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
Cyberattack disables KYC screening systems |
Inability to verify customers; onboarding halted |
Maintain offline verification procedures and alternate screening provider |
Critical reliance on AML/KYC systems and data integrity controls |
|
1.3 |
Account Approval and Opening |
System outage in the core banking approval workflow |
Delayed or failed account activation |
Manual approval fallback and queue prioritisation |
Core banking availability and workflow system resilience |
|
1.4 |
Initial Funding and Deposit Booking |
Payment clearing network disruption |
Deposits not credited or delayed |
Use suspense accounts and deferred posting controls |
Dependency on external payment/clearing infrastructure |
|
1.5 |
Product Setup and Account Parameter Maintenance |
Erroneous system configuration due to failed change deployment |
Incorrect fees, interest, or account rules applied |
Strengthen change control, rollback procedures, and validation testing |
System configuration management and access control vulnerabilities |
|
1.6 |
Deposit Transactions Processing |
Core banking system failure or ransomware attack |
All deposit transactions halted; severe customer impact |
Activate DR site, transaction queuing and replay capability |
High dependency on core banking, database, and cybersecurity controls |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM network outage or cash shortage due to logistics disruption |
Customers are unable to access funds |
Provide branch cash alternatives and emergency withdrawal protocols |
ATM switch, telecom, and cash logistics ICT dependencies |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system outage due to infrastructure failure |
Inability to update customer records or process service requests |
Enable manual servicing forms and delayed batch updates |
CRM system resilience and data synchronisation risks |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch processing failure during the end-of-day cycle |
Incorrect or delayed interest/fees application |
Re-run batch jobs, reconciliation checks, and the adjustment process |
Batch scheduling system and database integrity risks |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Data warehouse or reporting system outage |
Customers are unable to access statements or balances |
Provide alternative inquiry channels and regenerate reports post-recovery |
Reporting system, database, and storage infrastructure dependencies |
|
1.11 |
Digital Account Access Enablement |
Telecom outage affecting OTP delivery and authentication |
Customers are unable to log in or transact digitally |
Provide alternate authentication methods and fallback channels |
Dependency on telecom, IAM, and authentication systems |
|
1.12 |
ATM and Card-Based Access Management |
Third-party card network failure or cyber breach |
Card transactions declined; widespread service disruption |
Switch to alternate networks and enable rapid card controls |
External card network and payment switch vulnerabilities |
|
1.13 |
Account Reconciliation and Exception Handling |
Failure in the reconciliation system or delayed data feeds |
Unresolved breaks leading to inaccurate balances |
Manual reconciliation procedures and prioritised exception clearing |
Data feed integrity and reconciliation system dependencies |
|
1.14 |
Dormancy, Holds, and Account Restrictions Management |
Unauthorised system access leading to incorrect account restrictions |
Customers wrongly blocked or allowed access |
Strengthen access controls, audit trails, and dual authorisation |
Cybersecurity risks related to privileged access management |
|
1.15 |
Fraud Monitoring and Transaction Surveillance |
Sophisticated cyber fraud attack bypassing detection rules |
Financial loss and customer harm |
Enhance real-time monitoring, AI detection, and rapid response |
Integration with fraud analytics, cybersecurity monitoring systems |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Surge in complaints during system outage overwhelming the call centre |
Delayed response and reputational damage |
Activate surge capacity, crisis communication, and prioritisation |
Dependence on CRM, call centre systems, and digital channels |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
Data corruption affecting regulatory reporting submissions |
Incorrect or delayed regulatory reporting |
Implement data validation, backup reporting templates, and escalation protocols |
Data integrity and reporting system vulnerabilities |
|
1.18 |
Business Continuity and Service Recovery |
Large-scale cyberattack combined with natural disaster (“compound event”) |
Prolonged service disruption across all Sub-CBS |
Activate crisis management, DR site, and cross-functional recovery |
Full integration of ICT resilience, DR infrastructure, and cyber response |
Regulatory Requirements and Examples (BSP Circular 1203)
Under BSP Circular No. 1203 Series of 2024, banks must:
- Identify severe but plausible scenarios that could disrupt critical operations
- Include a range of scenarios such as:
- Natural disasters (e.g., earthquake, typhoon)
- Cyberattacks and ransomware incidents
- Failure of critical third-party service providers
- Disruptions in payment and settlement systems
- Use these scenarios to test whether operations remain within impact tolerance
- Integrate cyber and ICT risks into operational resilience planning
- Ensure board oversight and periodic review of scenario testing outcomes
For CBS-1 Deposit and Account Services, BSP examples such as a “Big One” earthquake, telecom failure, or coordinated cyberattack across banks are particularly relevant, as they directly impact customer access to deposits, transaction processing, and financial system stability.
![Banner [Summing] [OR] [E3] Identify Severe but Plausible Scenarios](https://no-cache.hubspot.com/cta/default/3893111/446ccb83-e056-40d0-aae5-834d73c13f43.png)
The identification of Severe but Plausible Scenarios for CBS-1 Deposit and Account Services provides PBCom with a structured way to stress-test its most critical customer-facing services.
By mapping each Sub-CBS to realistic disruption scenarios, the bank can better understand how failures in technology, third-party providers, or operational processes could cascade across the service lifecycle.
In line with Bangko Sentral ng Pilipinas expectations, these scenarios must not remain theoretical—they should be actively used in scenario testing, simulation exercises, and continuous improvement programs.
The integration of cyber and ICT risks into each scenario ensures that PBCom is prepared not only for traditional disruptions but also for increasingly complex digital threats.
Ultimately, this strengthens the bank’s ability to maintain service continuity, protect customers, and operate within defined impact tolerances even under extreme conditions.
![[OR] [PBCOM] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/97a5a5ca-090f-4ff6-88e1-74f83df74b8a.png)
![[OR] [PBCOM] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/9ce02257-0280-4ea4-a5ad-4951ba0d07fd.png)
![[OR] [PBCOM] [E3] [CBS] [1] [MD] Map Dependency](https://no-cache.hubspot.com/cta/default/3893111/f33f70bb-40b6-4baa-8100-90b2b4b5c95e.png)
![[OR] [PBCOM] [E3] [CBS] [1] [MPR] Map Processes and Resources](https://no-cache.hubspot.com/cta/default/3893111/a9cd33e1-a816-4986-bb34-1447a7f67422.png)
![[OR] [PBCOM] [E3] [CBS] [1] [ITo] Establish Impact Tolerances](https://no-cache.hubspot.com/cta/default/3893111/008171cf-041b-4253-89e1-cca9382c1802.png)
![[OR] [PBCOM] [E3] [CBS] [1] [ST] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/9beaea6d-89b2-41ea-893c-63c6c173b036.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
