![[OR] [PNB] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/b38949f8-c0f0-41e7-b859-ff8da7a6f16c.png)
CBS-1 Retail Deposit & Account Services
Introduction
![[OR] [PNB] [PH] [E3] [CBS] [1] [ST] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/a7c4007e-2c5a-48b9-a0f5-ef16ecb8dd91.png)
Scenario testing is a core requirement under the BSP Circular No. 1203, which mandates banks to validate their ability to remain within defined impact tolerances during severe but plausible disruptions.
For CBS-1 Retail Deposit and Account Services, scenario testing enables the Philippine National Bank to assess its operational resilience across end-to-end customer journeys—from onboarding to transaction processing and recovery.
This chapter applies structured scenario testing principles aligned with industry guidance, such as the BCM Institute’s “[OR] [P2-S4] What is Scenario Testing in Operational Resilience?” and integrates Cyber and ICT Risk considerations, ensuring alignment with regulatory expectations on technology resilience, third-party risk, and cyber threats.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding platform outage; surge in onboarding requests during crisis |
Inability to onboard new customers; reputational damage |
Load testing reports; alternate manual onboarding procedures; onboarding SLA monitoring |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
Failure of KYC systems; third-party identity verification outage |
Delayed or non-compliant onboarding; regulatory breaches |
KYC fallback procedures; vendor SLA monitoring; periodic compliance audits |
|
1.3 |
Account Approval and Opening |
Core banking approval system downtime; data validation errors |
Delayed account activation; customer dissatisfaction |
Dual approval workflows; system redundancy testing; audit trails |
|
1.4 |
Initial Funding and Deposit Booking |
Payment gateway failure; reconciliation mismatch during funding |
Failed or delayed deposits; financial discrepancies |
Automated reconciliation controls; contingency funding channels |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
Configuration errors; unauthorized parameter changes (cyber breach scenario) |
Incorrect interest/fees applied; customer disputes |
Change management controls; access monitoring; periodic configuration audits |
|
1.6 |
Deposit Transactions Processing |
Core banking system outage; batch processing failure |
Inability to process deposits; financial impact on customers |
System failover testing, transaction queuing mechanisms, and DR drills |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM/POS network outage; liquidity shortage scenario |
Customers unable to access funds; systemic trust issues |
ATM network resilience tests; liquidity contingency planning |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system outage; unauthorised account changes |
Delayed servicing; fraud risk exposure |
Access control reviews; customer service continuity plans |
|
1.9 |
Interest, Fees, and Charges Processing |
Interest calculation engine failure; incorrect fee application |
Financial misstatements; customer complaints |
Automated validation checks; reconciliation reports; periodic testing |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Statement generation failure; data corruption scenario |
Customers are unable to access account information |
Backup data validation; alternate reporting channels (e.g., e-statements) |
|
1.11 |
Digital Account Access and Channel Integration |
Mobile/online banking outage due to cyberattack (e.g., DDoS) |
Loss of digital access; high customer impact |
Cyber resilience testing (DDoS simulation); multi-channel fallback (branch/ATM) |
|
1.12 |
Reconciliation and Exception Management |
Failure in reconciliation systems; delayed exception handling |
Financial discrepancies; audit findings |
Daily reconciliation controls; exception tracking dashboards |
|
1.13 |
Fraud Detection and Transaction Monitoring |
Fraud monitoring system outage; AI model failure |
Increased fraud losses; regulatory penalties |
Fraud scenario simulations; manual monitoring fallback; model validation testing |
|
1.14 |
Regulatory Reporting and Compliance Monitoring |
Regulatory reporting system failure; inaccurate submissions |
Non-compliance penalties; supervisory actions |
Regulatory reporting validation checks; backup submission procedures |
|
1.15 |
Incident Response, Business Continuity, and Recovery |
Data centre outage; ransomware attack; third-party service disruption |
Service disruption beyond tolerance; recovery delays |
BCP/DR testing results; crisis management exercises; cyber incident response drills |
Integration of Cyber and ICT Risks
Across all Sub-CBS processes, scenario testing incorporates Cyber and ICT Risk integration, as required by BSP regulations. This includes:
- Cyberattack simulations (e.g., ransomware, phishing, DDoS)
- ICT infrastructure failure (data centre, network, cloud outages)
- Third-party service provider disruptions (e.g., payment gateways, KYC utilities)
- Data integrity and confidentiality breaches
These scenarios validate the bank’s cyber resilience posture, ensuring that critical services remain available, secure, and recoverable within defined tolerances.
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing for CBS-1 Retail Deposit and Account Services enables the Philippine National Bank to move beyond theoretical resilience planning into practical validation of its operational capabilities.
By simulating severe but plausible disruptions across people, processes, technology, and third-party dependencies, the bank can identify vulnerabilities, validate recovery strategies, and strengthen its ability to maintain critical services.
Aligned with BSP Circular No. 1203, this structured approach ensures that resilience is not only designed but tested, evidenced, and continuously improved, reinforcing customer trust and regulatory compliance in an increasingly complex risk environment.
![[OR] [PNB] [PH] [E3] [CBS] [1] [DP] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/8e6870f3-c593-492d-a426-37672d7e82cb.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [MD] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/d95777e4-66a8-4bc6-92e7-17ac8e0d02f0.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [MPR] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/a6dfdeec-a1ee-4951-9ab6-470cd435b7d9.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [ITo] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/59676cf6-b0b0-42d5-9d91-4aab36b0714e.png)
![[OR] [PNB] [PH] [E3] [CBS] [1] [SuPS] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/6b79b9ec-5782-4226-a5bf-a26891e5720e.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
