CBS-1 Retail Deposit & Account Services
Introduction
![[OR] [RCBC] [PH] [E3] [CBS] [1] [ST] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/01639fba-f1d9-4ea9-8d8e-cb4f852be0d4.png)
Scenario testing is a critical component of operational resilience, enabling Rizal Commercial Banking Corporation (RCBC) to validate whether its critical business services can remain within defined impact tolerances during severe but plausible disruptions.
According to BCM Institute guidance, scenario testing goes beyond traditional business continuity exercises by focusing on end-to-end service delivery under stress, rather than isolated system recovery.
In alignment with BSP Circular No. 1203, Series of 2024, RCBC must conduct regular scenario testing that incorporates cyber, ICT, third-party, and systemic risks.
These tests should demonstrate the Bank’s ability to continue delivering CBS-1 Deposit and Account Services, assess vulnerabilities, and provide evidence of proactive risk management.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding system outage (cloud failure) |
Delayed onboarding, customer backlog |
Tested manual onboarding fallback; alternate channels activated |
|
1.2 |
Customer Identification and Verification (KYC/ CDD) |
AML system failure/watchlist provider outage |
Compliance breach risk, onboarding delays |
Backup AML screening and offline verification tested |
|
1.3 |
Account Approval and Opening |
Core banking system disruption |
Delayed account activation |
Failover to secondary data centre validated |
|
1.4 |
Initial Funding and Deposit Booking |
Payment gateway outage |
Failed or delayed deposit posting |
Alternate clearing routes and deferred posting tested |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
System configuration error during deployment |
Incorrect product setup |
Change rollback and validation controls tested |
|
1.6 |
Deposit Transactions Processing |
Cyberattack (ransomware) on transaction systems |
Inability to process deposits |
Data recovery, system isolation, and DR site activation tested |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM network and telecom outage |
Customers are unable to access funds |
Branch fallback and alternate ATM network tested |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system outage |
Delayed service requests |
Backup CRM and manual servicing procedures tested |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch processing failure |
Incorrect or delayed postings |
Batch rerun and reconciliation processes tested |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Reporting system failure |
Delayed or inaccurate statements |
Parallel reporting and data validation tested |
|
1.11 |
Digital Account Access Enablement |
DDoS attack on mobile/internet banking |
Customers are unable to log in |
DDoS mitigation, traffic rerouting, and scaling tested |
|
1.12 |
ATM and Card-Based Access Management |
Card network outage (e.g., Visa/Mastercard) |
Transaction failures |
Multi-network routing and fallback tested |
|
1.13 |
Account Reconciliation and Exception Handling |
System integration failure, causing mismatches |
Financial discrepancies |
Automated reconciliation and exception workflows tested |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Failure to enforce account restrictions |
Compliance breach risk |
Control automation and audit trail verification tested |
|
1.15 |
Fraud Monitoring and Transaction Surveillance |
Fraud detection system outage during an attack |
Increased fraud exposure |
Real-time monitoring, backup, and manual escalation tested |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Call centre and case system outage |
Customer dissatisfaction, unresolved disputes |
Alternate communication channels and manual tracking tested |
Regulatory Alignment and Practical Considerations
Under BSP Circular No. 1203 Series of 2024, RCBC must ensure that:
- Scenario testing covers severe but plausible events, including cyberattacks, system outages, and third-party failures
- Tests are conducted using an end-to-end service approach, not just individual system recovery
- Results demonstrate the Bank’s ability to remain within impact tolerances
- Testing includes integration of cyber and ICT risks, particularly for digital banking, payment systems, and fraud monitoring
- Evidence of testing outcomes and improvements is documented for regulatory review and audit
For Example
- Cyber resilience testing (e.g., ransomware, DDoS) directly validates Sub-CBS processes such as deposit transactions (1.6) and digital access (1.11).
- Third-party failure scenarios (e.g., card networks, AML providers) validate RCBC’s vendor resilience and fallback strategies.
- Infrastructure disruption scenarios (e.g., telecom outages) test the Bank’s ability to maintain continuity of ATM and digital services.
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing provides Rizal Commercial Banking Corporation (RCBC) with a practical and evidence-based approach to validating its operational resilience.
By systematically testing each Sub-CBS under realistic disruption scenarios, the Bank can identify weaknesses, strengthen controls, and enhance its ability to deliver critical services.
Aligned with BSP Circular No. 1203 Series of 2024, this approach ensures that RCBC is prepared not only to recover from disruptions but to continue operating within acceptable thresholds.
Ultimately, effective scenario testing reinforces customer trust, supports regulatory compliance, and strengthens the Bank’s overall resilience in an increasingly complex risk environment.
![[OR] [RCBC] [PH] [E3] [CBS] [1] [ITo] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/15c8b31b-2fdd-4927-814a-f2e201998327.png)
![[OR] [RCBC] [PH] [E3] [CBS] [1] [MD] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/9a389c5d-0a68-450e-b95b-aa3c94786857.png)
![[OR] [RCBC] [PH] [E3] [CBS] [1] [MPR] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/a16cbec5-5101-427d-bd35-b12b94a2b3a8.png)
![[OR] [RCBC] [PH] [E3] [CBS] [1] [ITo] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/c83b75bd-4873-4d35-9933-3971ee2e6219.png)
![[OR] [RCBC] [PH] [E3] [CBS] [1] [SuPS] Retail Deposit & Account Services](https://no-cache.hubspot.com/cta/default/3893111/601bf7aa-c458-4c81-8b22-e5319b8c2b35.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
