The BCM Institute’s mapping guidance explains that interconnection and interdependency mapping should identify the links among people, processes, information, technology, facilities, and service providers that support each critical business service, so that weaknesses and points of disruption can be identified before an incident occurs.
BSP Circular No. 1203 takes the same direction by requiring BSFIs to identify critical operations, map interconnections and interdependencies, assess vulnerabilities, and use the results to inform tolerance-setting, risk management, and scenario testing.
For PNB, this is especially relevant because retail deposit services are delivered through a mix of branches, ATMs, passbook/ debit-based accounts, and PNB Digital channels.
PNB publicly indicates that customers can access deposit accounts through branch and ATM networks and can enrol eligible debit, passbook, checking, pensioner, and other accounts in PNB Digital, which means the retail deposit service depends on tightly connected front-office staff, core banking processes, digital authentication, transaction monitoring, settlement, and customer communications.
Recommended operational resilience dependency map for CBS-1 Retail Deposit and Account Services at the Philippine National Bank.
This is a practitioner-style mapping based on the BCM Institute's dependency-mapping method, the requirements of BSP Circular No. 1203, and PNB’s publicly visible retail banking delivery model.
|
Sub-CBS Code |
Sub-CBS |
Dependency Type |
Dependency Detail (What/ Who is involved) |
Connectivity (How it connects/ interacts with the CBS or other components) |
|
1.1 |
Customer Onboarding and Account Application |
People |
Branch sales staff, customer service officers, relationship officers, contact centre support, operations supervisors |
They receive customer applications, explain products, capture account requirements, and hand off documents and data to KYC, approval, and account setup processes. |
|
Process |
Product selection, application form completion, document capture, customer consent, channel selection |
This is the entry point to the retail deposit lifecycle and triggers KYC/CDD, approval, initial account creation, and channel enrollment. |
||
|
Technology |
Branch workstation systems, customer onboarding platform, CRM, document imaging/workflow tools, queue systems |
Captures customer data and documents, routes applications for review, and sends data onward to KYC, core banking, and customer communications. |
||
|
Third Party |
ID verification utilities, courier/document service providers, telecom/SMS providers, and public utilities for connectivity |
Supports customer contactability, document movement, and the connectivity needed to transmit onboarding records to downstream processes. |
||
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
People |
Compliance officers, AML analysts, branch operations staff, account officers, and sanction screening reviewers |
They validate identity, screen customers, and determine whether the account can move to approval or must be escalated. |
|
Process |
Identity validation, customer due diligence, sanctions/PEP screening, risk classification, record retention |
This process is a control gate between onboarding and account opening and directly affects fraud prevention, regulatory compliance, and account activation. |
||
|
Technology |
KYC platform, AML/sanctions screening tools, document repository, case management tools, core customer file |
Interfaces with onboarding data, screening engines, compliance workflow, and account approval to prevent unverified accounts from proceeding. |
||
|
Third Party |
Screening data providers, identity databases, telecom/internet providers, and external reference sources |
External data feeds and network access support screening and validation before accounts are approved and activated. |
||
|
1.3 |
Account Approval and Opening |
People |
Approving officers, branch managers, operations approvers, compliance reviewers |
They review completed onboarding and KYC results, approve exceptions, and authorise account creation. |
|
Process |
Review of application completeness, risk-based approval, CIF/account number generation, and account activation |
Connects verified customer records to the core banking environment, enabling funding, transactions, and channel access. |
||
|
Technology |
Core banking system, approval workflow engine, CIF master file, account parameter templates |
Creates the live deposit account and feeds downstream modules for funding, statements, interest accrual, digital access, and monitoring. |
||
|
Third Party |
Signature card/forms printers, courier support, telecom/network infrastructure |
Supports completion, record dispatch, and operational connectivity for formal account establishment and customer notification. |
||
|
1.4 |
Initial Funding and Deposit Booking |
People |
Tellers, branch cash custodians, branch operations staff, treasury/cash management staff |
They receive initial deposits, validate instruments, and ensure the first funding transaction is correctly posted. |
|
Process |
Cash acceptance, check acceptance, funds validation, transaction posting, provisional/cleared balance handling |
Provides the initial monetary value that makes the newly opened account usable and links directly to transaction posting and reconciliation. |
||
|
Technology |
Teller system, core banking ledger, cash counting devices, clearing interfaces, and branch transaction terminals |
Posts the initial deposit and updates balances, while handing cleared or uncleared items into settlement and reconciliation processes. |
||
|
Third Party |
Clearing houses, armoured cash/logistics support, correspondent/settlement participants, utilities |
External payment and clearing actors support instrument validation and finality of deposit funding. |
||
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
People |
Product managers, deposit operations staff, system administrators, authorised approvers |
They maintain rates, fees, thresholds, dormancy rules, and account attributes used across the deposit service. |
|
Process |
Product configuration, parameter approval, maintenance requests, change control, and effective-date updates |
Feeds downstream interest, fee charging, statements, transaction validation, and compliance treatment of accounts. |
||
|
Technology |
Product tables in core banking, parameter engines, maker-checker workflow, change logs, and configuration repositories |
Ensures all transaction and servicing modules apply consistent business rules across branches, ATMs, and digital channels. |
||
|
Third Party |
External rate/reference sources, managed service support, technology vendors |
Vendor support and external reference data may affect product configuration and the timeliness of updates across connected channels. |
||
|
1.6 |
Deposit Transactions Processing |
People |
Tellers, branch operations teams, customer service officers, and back-office transaction processors |
They execute over-the-counter deposits, validate instruments, and manage exceptions or posting issues. |
|
Process |
Deposit acceptance, validation, posting, reversal handling, and cutoff management |
This is a core daily operating activity that updates customer balances and feeds reconciliation, statements, fraud monitoring, and reporting. |
||
|
Technology |
Teller platform, core banking transaction engine, branch connectivity, image capture/scanning, audit trails |
Real-time or batch interfaces update account balances and send transaction data to monitoring and reporting systems. |
||
|
Third Party |
Clearing/settlement networks, cash/logistics providers, telecom, and power providers |
External dependencies support check deposit settlement, branch operability, and continuity of transaction processing. |
||
|
1.7 |
Withdrawal and Funds Access Processing |
People |
Tellers, ATM support staff, branch approvers, fraud monitoring staff, customer support staff |
They process cash withdrawals, handle card/passbook exceptions, and respond to disputed or suspicious access events. |
|
Process |
Withdrawal validation, signature/passbook/ID checks, card-based access, limit checks, exception approval |
Connects account balances to cash access through branches and ATM/debit channels and relies on fraud, authentication, and balance accuracy. |
||
|
Technology |
ATM switch, debit card systems, teller system, core banking balance engine, authentication controls, CCTV/security integration |
Enables customers to access funds and sends event data to fraud monitoring, reconciliation, dispute handling, and customer notifications. |
||
|
Third Party |
ATM network partners, card scheme/service providers, cash replenishment vendors, telecom/power utilities |
Third parties support cash availability, network routing, and operational continuity of customer access channels. |
||
|
1.8 |
Account Servicing and Customer Maintenance |
People |
Branch service staff, customer contact centre, account maintenance staff, and supervisors |
They process changes to customer information, replacement requests, account updates, and service instructions. |
|
Process |
Update of customer profile, address/contact changes, replacement of cards/passbooks/chequebooks, status maintenance |
Keeps customer records up to date and supports secure downstream authentication, statement delivery, fraud monitoring, and regulatory reporting. |
||
|
Technology |
CRM, customer master file, workflow tools, document archive, core banking maintenance screens |
Synchronises changes across service channels so customer data remains consistent for operations, risk, and communications. |
||
|
Third Party |
Card/personalisation vendors, courier providers, telecom/SMS/email providers |
External providers help deliver replacement instruments and customer alerts after profile or account changes. |
||
|
1.9 |
Interest, Fees, and Charges Processing |
People |
Deposit product managers, finance staff, operations controllers, and system support teams |
They oversee rate setup, fee schedules, exception approvals, and periodic review of charging logic. |
|
Process |
Interest accrual, capitalisation, fee assessment, tax/withholding treatment, adjustment handling |
Links product parameters to customer account balances and affects statements, profitability, disputes, and regulatory accuracy. |
||
|
Technology |
Core banking accrual engine, fee tables, EOD/batch processing, finance interfaces, reporting modules |
Applies rules automatically to accounts and passes results to statements, general ledger, reconciliation, and customer servicing. |
||
|
Third Party |
Tax/regulatory reference sources, vendor support for batch systems, utility/infrastructure providers |
External support and reference information affect the timeliness and accuracy of calculation and posting cycles. |
||
|
1.10 |
Statement, Passbook, and Balance Reporting |
People |
Branch staff, statement operations team, customer service staff, print/mail support teams |
They respond to balance inquiries, update passbooks where applicable, and distribute or support statements. |
|
Process |
Balance generation, statement production, passbook updating, inquiry servicing, and report dispatch |
Converts ledger data into customer-facing information and supports transparency, complaint handling, and evidence for reconciliation. |
||
|
Technology |
Statement generation systems, passbook printers/updaters, online/mobile balance inquiry tools, data warehouse |
Pulls posted transaction data from core systems and redistributes it through branch, digital, and customer communication channels. |
||
|
Third Party |
Print-and-mail vendors, SMS/email providers, telecom/internet providers |
Supports physical and electronic delivery of balance and statement information to customers. |
||
|
1.11 |
Digital Account Access and Channel Integration |
People |
Digital banking support teams, IT operations, cybersecurity teams, contact centre agents, and channel product owners |
They administer access, support customer enrollment and recovery, and maintain secure channel availability. |
|
Process |
Enrollment, login/authentication, device registration, transaction viewing, profile linkage, password/OTP reset |
Connects retail deposit accounts to PNB Digital and other remote channels, extending the CBS beyond branch-only delivery. |
||
|
Technology |
Mobile app, online banking platform, IAM/authentication tools, OTP/SMS services, API/integration middleware, core banking interfaces |
Enables customers to view and use accounts digitally and exchanges data with core banking, fraud systems, and alerting services. |
||
|
Third Party |
Telecom/SMS gateway providers, internet service providers, app platform ecosystems, cybersecurity vendors |
External connectivity and security services are essential to digital channel availability and secure authentication. |
||
|
1.12 |
Reconciliation and Exception Management |
People |
Operations control teams, finance/recon analysts, branch operations staff, IT support teams |
They investigate mismatches, resolve breaks, and escalate unresolved exceptions affecting balances or customer records. |
|
Process |
Daily reconciliation, suspense monitoring, exception investigation, correction posting, escalation, and closure |
Connects branch, ATM, digital, clearing, and ledger records to ensure the deposit CBS remains accurate and auditable. |
||
|
Technology |
Reconciliation tools, core banking extracts, GL interfaces, exception dashboards, case management |
Compares transactions across systems and routes discrepancies for correction, improving the integrity of downstream reporting and service. |
||
|
Third Party |
External clearing files, settlement counterparties, managed service providers, utilities |
External files and partner responses are often needed to resolve unreconciled items and close exceptions. |
||
|
1.13 |
Fraud Detection and Transaction Monitoring |
People |
Fraud analysts, AML/compliance teams, branch investigators, digital fraud monitoring teams, and incident handlers |
They review alerts, investigate suspicious activity, block transactions or accounts, and coordinate with operations and customer support. |
|
Process |
Alert generation, transaction surveillance, case investigation, escalation, hold/block decisions, reporting |
Protects deposit accounts and linked access channels by detecting suspicious behaviour before losses or breaches spread. |
||
|
Technology |
Fraud monitoring engines, AML tools, rule/scoring systems, case management, channel logs, security monitoring tools |
Consumes data from branch, ATM, card, and digital channels and feeds decisions back to servicing, withdrawals, and compliance functions. |
||
|
Third Party |
Fraud intelligence providers, telecom/SMS providers, law enforcement interfaces, specialist cybersecurity vendors |
External intelligence, message delivery, and specialist support strengthen detection and response capability. |
||
|
1.14 |
Regulatory Reporting and Compliance Monitoring |
People |
Compliance officers, regulatory reporting teams, finance, operational risk teams, and senior management reviewers |
They interpret requirements, compile evidence, monitor compliance, and submit or support required regulatory outputs. |
|
Process |
Regulatory data aggregation, compliance checks, exception reporting, audit trail preservation, issue remediation |
Draws on all upstream deposit processes to evidence compliance with KYC, AML, operational resilience, and other obligations. |
||
|
Technology |
Data warehouse, reporting engines, compliance monitoring dashboards, document repositories, workflow systems |
Consolidates activity from deposit operations, risk, and incident records into management and regulatory reporting outputs. |
||
|
Third Party |
External auditors, consultants, regtech/reporting utilities, telecom/infrastructure providers |
External support may assist validation, submission capability, and independent assurance over compliance-related outputs. |
||
|
1.15 |
Incident Response, Business Continuity, and Recovery |
People |
Incident management team, BCM coordinators, IT disaster recovery teams, crisis management team, branch leaders, communications team |
They lead disruption response, recovery decisions, customer communications, and restoration of critical deposit services within tolerance. |
|
Process |
Incident detection, escalation, invocation of BCP/ DR, manual workarounds, alternate site/channel activation, recovery validation, lessons learned |
This sub-CBS supports all other sub-CBSs by coordinating response when people, process, technology, or third-party dependencies fail. |
||
|
Technology |
Incident management platforms, DR environments, backup systems, communication tools, monitoring dashboards, and alternate connectivity |
Provides the tooling to detect disruptions, recover platforms, reroute operations, and communicate service status across the CBS. |
||
|
Third Party |
Alternate site providers, cloud/hosting vendors, telecom and power providers, recovery service vendors, key outsourced partners |
External recovery and infrastructure providers are essential to maintaining or restoring branch, ATM, and digital deposit services during disruption. |
Under BSP Circular No. 1203, the board is expected to approve the identified critical operations, which then drive the next steps of setting disruption tolerances and mapping interconnections and interdependencies.
The circular also expects BSFIs to use the operational risk management function to identify vulnerabilities affecting critical operations and to keep the identification process dynamic as threats, weaknesses, and business conditions change.
For dependency mapping, the circular gives several practical expectations that are directly relevant to a retail deposit service such as this one. It says the mapping exercise should be harmonised with operational risk, third-party risk, business continuity, and ICT risk activities.
It also requires banks to assess the effect of change management on delivery of critical operations and on their interconnections and interdependencies, to conduct due diligence on third parties supporting critical operations, to ensure third-party arrangements explain how services will be maintained during disruption or exited safely, and to assess dependencies on public infrastructure such as telecommunications, transportation, and energy.
The BSP also highlights the importance of technology and cyber resilience in maintaining critical operations. It expects risk-based, integrated, multi-layer strategies to protect the confidentiality, integrity, and availability of the IT environment, and it expects ICT protection, detection, response, and recovery capabilities to be tested under severe but plausible scenarios.
The circular even gives examples of scenarios that banks are strongly encouraged to consider, including a major earthquake, a severe typhoon, a failure of a critical third-party provider, payment and settlement disturbances, and a coordinated cyberattack or ransomware event.
The dependency map for CBS-1 Retail Deposit and Account Services shows that the service is not delivered by a single department or system; it is sustained by a tightly linked operating chain across branch personnel, compliance controls, core banking platforms, digital channels, ATM and cash-access infrastructure, reconciliation routines, fraud monitoring, and recovery capabilities.
Using the BCM Institute approach, the real value of mapping lies in making those links visible so that PNB can identify where a single point of failure, weak handoff, vendor dependency, or infrastructure outage could interrupt service delivery.
For PNB, this chapter’s map should be treated as a working baseline for operational resilience implementation.
It can now be used to support the next required activities under BSP Circular No. 1203, namely, validating critical operation boundaries, confirming vulnerability points, setting tolerances for disruption, developing severe but plausible scenarios, and testing whether the bank can continue or restore deposit services within acceptable limits.
In practice, the stronger the dependency map, the stronger the bank’s ability to protect customers, maintain confidence, and recover its retail deposit services through disruption.
|
Building Operational Resilience: Implementation Methodology for the Philippine National Bank |
|||||
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Retail Deposit & Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|