![[OR] [PNB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/b38949f8-c0f0-41e7-b859-ff8da7a6f16c.png)
CBS-1 Retail Deposit & Account Services
Introduction
![[OR] [PNB] [PH] [E3] [CBS] [1] [ITo] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/59676cf6-b0b0-42d5-9d91-4aab36b0714e.png)
For the Philippine National Bank, CBS-1 Retail Deposit and Account Services is a core banking service because it supports customers onboarding, deposit account opening, balance access, transaction processing, account maintenance, fraud control, reporting, and service recovery across branch and digital channels.
PNB publicly presents itself as a universal bank serving personal, corporate, and digital banking needs, while its digital channels support balance access, e-statements, and fund transfers.
That makes disruption to this CBS highly visible to customers and potentially material to regulatory compliance, access to liquidity, and confidence in banking services.
BSP Circular No. 1203 requires BSFIs to identify critical operations, set a disruption tolerance for each identified critical operation, and use both quantitative and qualitative indicators.
The circular states that tolerance for disruption must include, at a minimum, a time-based metric for restoration and may also include metrics such as the number of customers affected and the volume or value of affected transactions.
It also requires these tolerances to be reviewed, challenged, and approved by the board, and tested against severe but plausible scenarios.
Purpose of this Chapter
This chapter sets out a practical impact tolerance summary for each Sub-CBS under CBS-1 Retail Deposit and Account Services. Its purpose is to help the Philippine National Bank translate a high-level critical business service into measurable disruption thresholds that management can monitor, test, and improve.
The table below is therefore a recommended starting point for operational resilience design, aligned to BSP Circular No. 1203 and consistent with BCM Institute’s framing of impact tolerance as the maximum tolerable level of disruption before harm becomes unacceptable.
![Banner [Table] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/627c33a8-714d-40af-9a2b-0d7957fb8afa.png)
Table P4: Establish Impact Tolerance for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.1 |
Customer Onboarding and Account Application |
8 hours |
30 minutes |
Delayed new account applications; moderate reputational impact |
Low to moderate if a prolonged backlog develops |
Service / Reputational / Compliance |
Partially resilient |
Digitise application fallback, enable branch-to-branch workload transfer, set backlog-clearing SLA |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
4 hours |
15 minutes |
Customers cannot complete onboarding; high friction at branches/digital channels |
High due to AML/CFT and customer due diligence obligations |
Compliance / Service / Regulatory |
Partially resilient |
Strengthen KYC system redundancy, alternate ID-verification procedures, manual review escalation |
|
1.3 |
Account Approval and Opening |
4 hours |
15 minutes |
Approved applicants cannot activate accounts or receive account details |
High if customer acceptance and account controls are bypassed or delayed materially |
Service / Compliance / Reputational |
Partially resilient |
Define maker-checker manual fallback, pre-approved contingency workflow, approval queue monitoring |
|
1.4 |
Initial Funding and Deposit Booking |
2 hours |
Near-zero to 15 minutes |
Customers may lose confidence if initial funds are not reflected promptly |
High because inaccurate booking affects books, records, and customer balances |
Financial / Service / Regulatory |
Needs strengthening |
Enforce real-time posting recovery, suspense-account controls, dual verification for manual booking |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
1 business day |
30 minutes |
Product errors may affect rates, fees, limits, or account features |
High if terms are misapplied unfairly or in breach of disclosure obligations |
Compliance / Conduct / Financial |
Partially resilient |
Tighten change controls, pre-production testing, parameter rollback, configuration audit trail |
|
1.6 |
Deposit Transactions Processing |
2 hours |
Near-zero |
Customers unable to deposit or see updated balances; branch and channel congestion |
High because this affects the ongoing delivery of a critical banking service |
Service / Financial / Systemic |
Core resilient but vulnerable to concentration risk |
Improve core banking HA/DR, real-time monitoring, queue replay, branch manual receipting controls |
|
1.7 |
Withdrawal and Funds Access Processing |
1 hour |
Near-zero |
Direct customer harm; inability to access own funds; severe complaints escalation |
Very high due to consumer harm and possible prudential concern if widespread |
Customer Harm / Liquidity Access / Reputational |
Critical control area |
Prioritise ATM/branch/channel failover, cash contingency process, transaction limit override governance |
|
1.8 |
Account Servicing and Customer Maintenance |
8 hours |
30 minutes |
Customers cannot update profiles, mandates, contact details, or service requests |
Moderate to high where unupdated information affects fraud, notices, or access |
Service / Compliance / Fraud |
Partially resilient |
Introduce workflow backup, CRM recovery process, deferred-update queue with reconciliation |
|
1.9 |
Interest, Fees, and Charges Processing |
1 business day |
30 minutes |
Misstated balances, incorrect charges, and customer dissatisfaction |
High because charging and interest errors create conduct, disclosure, and reporting issues |
Financial / Conduct / Compliance |
Partially resilient |
Add batch rerun capability, exception thresholds, customer remediation playbook |
|
1.10 |
Statement, Passbook, and Balance Reporting |
8 hours for balance inquiry; 2 business days for statements/passbooks |
30 minutes |
Customers lose visibility of balances and transaction history; moderate trust impact |
Moderate to high if statements are delayed or inaccurate |
Service / Reputational / Compliance |
Partially resilient |
Prioritise balance inquiry restoration first, maintain e-statement fallback, manual statement fulfilment |
|
1.11 |
Digital Account Access and Channel Integration |
1 hour |
Near-zero |
Customers locked out of mobile/online banking; high complaint and reputational risk |
High if the outage materially disrupts access to deposit services and payments |
Availability / Cyber / Reputational |
Critical exposure area |
Harden IAM, channel redundancy, DDoS protection, rapid rollback, customer communication triggers |
|
1.12 |
Reconciliation and Exception Management |
End of business day |
30 minutes |
Customer-facing impact may be delayed, but unresolved breaks undermine confidence |
Very high because unreconciled items affect GL integrity, balances, and reporting |
Financial Control / Regulatory |
Partially resilient |
Tighten auto-recon coverage, ageing thresholds, exception escalation, end-of-day recovery timetable |
|
1.13 |
Fraud Detection and Transaction Monitoring |
30 minutes |
Near-zero |
Increased risk of customer losses and unauthorised transactions |
Very high due to fraud-loss, AML, and consumer protection implications |
Fraud / Compliance / Customer Harm |
High-priority resilience area |
Ensure active-active monitoring, alert failover, manual fraud watch procedures, 24/7 SOC/FMU escalation |
|
1.14 |
Regulatory Reporting and Compliance Monitoring |
1 business day unless the statutory deadline is sooner |
30 minutes |
Indirect immediate customer impact, but high enterprise exposure |
Very high due to breach of BSP and related reporting obligations |
Regulatory / Compliance / Reputational |
Partially resilient |
Map reporting dependencies, automate data lineage checks, maintain alternate reporting templates |
|
1.15 |
Incident Response, Business Continuity, and Recovery |
30 minutes to invoke; 2 hours to stabilise priority services |
Near-zero for incident logs and recovery decisions |
Poor response amplifies all customer impacts across the service chain |
Very high because weak response capability undermines compliance with operational resilience expectations |
Enterprise Resilience / Governance / Recovery |
Foundational, but must be continuously tested |
Define crisis triggers, command structure, communications matrix, and scenario-led exercising cadence |
Notes on the Recommended Tolerances
The recommended tolerances above are designed to reflect BSP Circular No. 1203’s requirement that tolerance for disruption be set per critical operation and that it use both time-based and other impact metrics.
In practice, PNB should supplement each line item with supporting thresholds, such as the maximum number of affected customers, transaction backlog, value at risk, unresolved exceptions, fraud losses, and the number of unavailable channels.
The stricter tolerances are assigned to Sub-CBS processes that directly affect customer access to funds, balance integrity, fraud containment, and digital channel availability.
This follows the logic that impact tolerance should represent the point at which disruption becomes unacceptable, not merely inconvenient.
BCM Institute’s guidance describes impact tolerance as the maximum tolerable disruption level before harm becomes unacceptable to the organisation and its stakeholders.
Examples of Regulatory Requirements Relevant to a Philippine Bank
Under BSP Circular No. 1203, a Philippine bank such as PNB is expected to:
- identify its critical operations;
- set a tolerance for disruption for each critical operation;
- include at least a time-based restoration metric;
- consider other metrics such as customers affected and transaction volume/value affected;
- test tolerances using severe but plausible scenarios;
- harmonise mapping with operational risk, third-party risk, business continuity, and ICT risk management; and
- have the criteria for critical operations and tolerances reviewed, challenged, and approved by the board.
A practical example is deposit withdrawal and funds access processing. Because it directly affects customers’ ability to access their money, a bank would usually assign a tighter tolerance, such as one hour or less, near-zero data loss, and heightened monitoring of affected customers and transaction value.
Another example is fraud detection and transaction monitoring, where even a brief outage can expose customers and the bank to financial loss and regulatory scrutiny, justifying a very short tolerance and a near-zero data-loss objective.
These examples are consistent with the circular’s emphasis on protecting critical operations and keeping disruption within approved thresholds.
![Banner [Summing] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5e80e50f-5e3e-44ea-8c43-16bf42d4f3b5.png)
Establishing impact tolerance for CBS-1 Retail Deposit and Account Services allows the Philippine National Bank to move from a descriptive process inventory to a measurable resilience framework.
The value of this chapter lies not only in assigning MTD and MTDL figures but also in defining the level of disruption that becomes unacceptable to customers, regulators, and the bank itself.
This creates a basis for recovery prioritisation, investment decisions, dependency mapping, scenario testing, and governance oversight.
The table should therefore be treated as a management baseline rather than a static end-state.
PNB should validate and refine these tolerances through data analysis, business impact assessment, testing against severe but plausible scenarios, and board approval.
Once validated, these tolerances become the operating thresholds against which the bank can assess whether its people, processes, technology, third parties, and recovery capabilities are sufficient to maintain the continuous delivery of this critical business service.
![[OR] [PNB] [PH] [E3] [CBS] [1] [DP] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/8e6870f3-c593-492d-a426-37672d7e82cb.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [MD] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/d95777e4-66a8-4bc6-92e7-17ac8e0d02f0.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [MPR] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/a6dfdeec-a1ee-4951-9ab6-470cd435b7d9.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [SuPS] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/6b79b9ec-5782-4226-a5bf-a26891e5720e.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [ST] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/a7c4007e-2c5a-48b9-a0f5-ef16ecb8dd91.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
