![x [OR] [PTC] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/eb5b75e5-6faa-45be-b4bf-f22ddb4f8509.png)
![x [PH] [PTC] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/7c430549-26ff-4b42-bdb6-332f54f85759.png)
![[OR] [PTC] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/2a42a72f-401a-4bbf-90cc-59e68a0cf4e8.png)
For Philippine Trust Company, CBS-1 Deposit & Account Services is a core customer-facing service because it supports account opening, funding, transaction posting, withdrawals, account maintenance, channel access, exception handling, fraud control, and service recovery across savings, current/checking, ATM-linked, and digital-access deposit relationships.
Philtrust’s public channels and product pages show that its deposit franchise is supported through Savings & Deposits, Philtrust Online, InstaPay, PESONet, bill payment, ATM/branch access, and related account services. Philtrust also identifies savings, checking, and time deposits among its primary products and services in its 2024 annual report.
Bangko Sentral ng Pilipinas Circular No. 1203 requires BSFIs to identify critical operations, set clearly defined tolerances for disruption, consider both quantitative and qualitative metrics, and, at a minimum, include a time-based metric.
The Circular also says that other metrics may include the maximum number of customers affected and the volume and value of affected transactions, and that tolerance for disruption should be tested against severe but plausible scenarios and reviewed by the board.
BCM Institute’s operational resilience guidance is directionally consistent: impact tolerance is the maximum tolerable level of disruption to a critical business service and should be set using stakeholder consultation, customer impact, data loss, downtime, and regulatory considerations.
Accordingly, the table below provides a summary of practical impact tolerances for each Sub-CBS under CBS-1 Deposit & Account Services.
These values are management planning assumptions for operational resilience design, not regulatory absolutes.
They should be validated by the Philippine Trust Company’s Board, operations, technology, risk, compliance, and business continuity stakeholders using actual transaction volumes, customer segmentation, legal obligations, product terms, and third-party dependencies.
![Banner [Table] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/627c33a8-714d-40af-9a2b-0d7957fb8afa.png)
Table P4: Establish Impact Tolerance for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.1 |
Customer Onboarding and Account Application |
1 business day |
Near-zero for submitted application records; up to 30 mins for workflow metadata if recoverable |
Delayed new account acquisition; branch queue build-up; digital onboarding interruption |
Moderate, as service availability and record integrity must be maintained |
Customer / Operational / Reputational |
Partially resilient |
Digitise intake fallback, standardise manual forms, and ensure same-day batch capture and image archival |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
4 hours |
Zero loss of identification, screening, and due diligence evidence |
Customers cannot complete account opening |
High, because KYC/CDD evidence and screening controls are compliance-critical |
Regulatory / Financial Crime / Reputational |
Needs strengthening |
Maintain offline verification fallback, dual storage of KYC images, and priority restoration of screening tools |
|
1.3 |
Account Approval and Opening |
4 hours |
Zero loss of approved account master data |
Customers cannot activate new accounts or receive account details |
High, due to governance, approval, and record-creation controls |
Customer / Regulatory / Operational |
Partially resilient |
Enforce maker-checker fallback, queued approval recovery, and immediate core banking replay controls |
|
1.4 |
Initial Funding and Deposit Booking |
2 hours |
Zero loss of ledger-impacting transaction data |
Failed or delayed first funding; customer confidence was affected immediately |
High, because inaccurate deposit booking affects books and balances |
Financial / Customer / Reputational |
Partially resilient |
Prioritise real-time transaction journaling, suspense-account procedures, and end-of-day reconciliation |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
1 business day |
Zero loss of product parameter changes once approved |
Wrong fees, limits, interest, holds, or account conditions may be applied |
High if terms are applied incorrectly across many accounts |
Regulatory / Financial / Conduct |
Partially resilient |
Tighten change management, version control, and pre-production validation for product parameter changes |
|
1.6 |
Deposit Transactions Processing |
2 hours |
Zero loss of posted transactions; target near-zero with synchronous logging |
Customers are unable to credit deposits; branch and channel disruption |
High, since this is a core critical operation affecting balances and funds availability |
Customer / Financial / Systemic / Reputational |
Material resilience required |
Implement active monitoring, transaction queuing, automatic failover, and branch/channel fallback procedures |
|
1.7 |
Withdrawal and Funds Access Processing |
1 hour |
Zero loss of approved withdrawal and cash-dispense records |
Customers lose access to funds; immediate harm and complaints |
Very high, given the direct effect on access to customer money |
Customer / Liquidity / Reputational / Regulatory |
High priority |
Ensure ATM/branch fallback, channel rerouting, cash contingency, and real-time balance integrity controls |
|
1.8 |
Account Servicing and Customer Maintenance |
8 hours |
Zero loss of customer maintenance requests after acceptance |
Delays in updates to address, contact data, mandates, and service requests |
Moderate to high, especially where customer data accuracy or mandate control is affected |
Customer / Data / Conduct |
Partially resilient |
Introduce tracked manual servicing logs, workflow recovery queues, and stronger audit trails |
|
1.9 |
Interest, Fees, and Charges Processing |
End of business day |
Zero loss of calculation inputs and posting files |
Customer disputes if balances, charges, or accrued interest are wrong |
High due to fair treatment, disclosure, and financial reporting impact |
Financial / Conduct / Reputational |
Partially resilient |
Strengthen batch controls, parameter validation, and back-out/recompute capability |
|
1.10 |
Statement, Passbook, and Balance Reporting |
1 business day for statements; 2 hours for balance inquiry |
Up to 15 mins for regenerated report extracts; zero loss for official statements once issued |
Customers may lose access to proof of balance or transaction history |
Moderate; rises to high if complaints, audit, or regulatory requests are affected |
Customer / Reputational / Regulatory |
Generally resilient |
Separate inquiry services from statement generation and maintain reproducible reporting archives |
|
1.11 |
Digital Account Access and Channel Integration |
2 hours |
Zero loss of customer credentials, entitlements, and posted digital instructions |
Customers cannot view balances or transact through online channels |
High due to customer harm, reputational damage, and cyber/availability exposure |
Customer / Cyber / Reputational / Operational |
High dependency risk |
Improve channel redundancy, identity services resilience, API monitoring, and customer communication playbooks |
|
1.12 |
ATM and Card-Based Access Management |
1 hour |
Zero loss of card status, limits, hotlist, and ATM transaction records |
Immediate inability to withdraw cash or access ATM-linked accounts |
Very high because cash access is customer-critical |
Customer / Operational / Reputational / Fraud |
High priority |
Maintain network redundancy, stand-in controls, ATM switch monitoring, and hot card update resilience |
|
1.13 |
Account Reconciliation and Exception Handling |
End of next business day for full recon; 4 hours for critical breaks |
Zero loss of exception logs and unmatched-item evidence |
Customer impact may be delayed, but can become material if unreconciled items accumulate |
High for financial integrity, GL accuracy, and control assurance |
Financial / Control / Regulatory |
Partially resilient |
Automate break prioritisation, suspense ageing alerts, and daily executive exception escalation |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
4 hours |
Zero loss of hold/restriction instructions and authorisations |
Customers may be wrongly blocked or wrongly allowed to transact |
High because legal holds and account restrictions are compliance-sensitive |
Regulatory / Legal / Customer / Fraud |
Needs strengthening |
Enforce strict approval audit trails, dual control, and immediate restoration priority for control tables |
|
1.15 |
Fraud Monitoring and Transaction Surveillance for Deposit Accounts |
30 minutes for alerting degradation; 2 hours absolute max |
Zero loss of fraud alerts, watchlist hits, and case notes |
Fraudulent activity may go undetected, causing direct customer loss |
Very high due to AML/fraud control obligations and customer protection |
Financial Crime / Regulatory / Reputational / Customer |
Critical control dependency |
Implement real-time alert buffering, alternate monitoring procedures, and 24/7 escalation coverage |
|
1.16 |
Complaints, Disputes, and Service Recovery |
1 business day |
Zero loss of complaint records, dispute evidence, and case actions |
Customer dissatisfaction escalates quickly if cases are not acknowledged or tracked |
Moderate to high, depending on response-time rules and fair treatment expectations |
Customer / Conduct / Reputational |
Partially resilient |
Centralise complaint intake, preserve evidence repositories, and define crisis service-recovery workflows |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
By regulatory deadline; internal monitoring outage not more than 4 hours |
Zero loss of source data, report logic, and submitted returns |
Little immediate customer harm, but the latent risk is high |
Very high, because missed or inaccurate reporting may trigger supervisory concern |
Regulatory / Legal / Reputational |
High consequences if failed |
Maintain reporting calendars, backup preparers, controlled data lineage, and submission contingency channels |
|
1.18 |
Incident Response, Business Continuity, and Recovery |
15 minutes to invoke; 2 hours to stabilise priority deposit services |
Zero loss of incident logs, decisions, recovery records, and communication trails |
Broad customer harm if mobilisation is delayed during disruption |
Very high, as this underpins the resilience of all other Sub-CBS components |
Enterprise / Operational / Regulatory / Reputational |
Foundational, but must be continually tested |
Formalise invocation triggers, crisis communications, alternate site readiness, and scenario-based exercising |
Notes for Applying the Table
The recommended tolerances above align with the BSP expectation that tolerance for disruption should not rely solely on time but also on outcome-based measures, such as the number of customers affected, transaction volumes/values affected, and the broader effect on external stakeholders.
For deposit services, the most severe impact types are typically: loss of customer access to funds, inaccurate posting to customer balances, failure of fraud/AML controls, and inability to maintain or restore critical operations within the bank’s defined tolerance.
In practice, Philippine Trust Company should calibrate these thresholds using actual service data, such as peak ATM withdrawals, online login volumes, deposit posting cut-offs, complaint backlogs, reconciliation ageing, regulatory submission deadlines, and manual fallback capacity.
The bank should also explicitly incorporate dependencies on telecommunications, energy, third-party service arrangements, and technology/security controls, as BSP Circular No. 1203 highlights these as material to operational resilience.
Examples of Regulatory Expectations Relevant to the Philippine Trust Company
BSP Circular No. 1203 gives several clear expectations that directly affect this chapter’s impact tolerance design:
- Identify critical operations proportionate to the bank’s size, nature, and complexity. Deposit and account services clearly meet this requirement for a retail/commercial bank, as they are central to customer access to accounts and transaction continuity.
- Set a clearly defined tolerance for disruption using both qualitative and quantitative indicators. For example, Philtrust should not define tolerance for ATM withdrawal processing only as “restore within one hour”; it should also specify the maximum number of customers, branches, ATMs, transaction values, or unresolved exceptions that can be tolerated before the disruption becomes unacceptable.
- Test tolerances using severe but plausible scenarios. For example, the bank should test whether the one-hour tolerance for withdrawals can still be met during a simultaneous ATM switch outage, branch network disruption, and telecommunications degradation.
- Review and approve criteria at the board level. This means the impact tolerance thresholds in the table should be challenged, approved, and periodically refreshed as products, transaction patterns, customer channels, and third-party dependencies change.
- Address third-party and public infrastructure dependencies. Since Philtrust publicly offers digital banking, InstaPay, PESONet, branch, and ATM-related access, tolerances for Sub-CBS 1.11 and 1.12 should explicitly account for third-party or infrastructure failure modes and viable substitutes or exit arrangements.
![Banner [Summing] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5e80e50f-5e3e-44ea-8c43-16bf42d4f3b5.png)
Establishing impact tolerance for CBS-1 Deposit & Account Services helps Philippine Trust Company define the point at which disruption becomes unacceptable from the perspective of customers, regulators, financial integrity, and institutional viability.
For a deposit-taking bank, the most stringent tolerances belong to transaction posting, withdrawals, and funds access, ATM/card access, fraud monitoring, and incident response because these functions directly affect customer money, market confidence, and supervisory expectations.
The table in this chapter should therefore be used as a management baseline for board review, scenario testing, business continuity enhancement, technology recovery planning, and third-party resilience oversight.
The next step is to validate each tolerance against actual operating data and test whether Philippine Trust Company can continue or restore these deposit services within tolerance under severe but plausible disruptions, as required by BSP Circular No. 1203.
![[OR] [PTC] [PH] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/10501ea6-f700-45f9-aeab-5b1e723d7f90.png)
![[OR] [PTC] [PH] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/83b3397a-bfae-4450-94e5-5fa7a03d3629.png)
![[OR] [PTC] [PH] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/11ced2a5-04b8-4c17-8bf2-d6cff7940beb.png)
![[OR] [PTC] [PH] [E3] [CBS] [1] [SuPS] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/bc4e9089-a76b-43d2-9138-61a4c7887476.png)
![[OR] [PTC] [PH] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/2ae96dd4-c876-4d1a-a255-122762fad1d1.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
