Scenario testing is a critical component of operational resilience, enabling Rizal Commercial Banking Corporation (RCBC) to validate whether its critical business services can remain within defined impact tolerances during severe but plausible disruptions.
According to BCM Institute guidance, scenario testing goes beyond traditional business continuity exercises by focusing on end-to-end service delivery under stress, rather than isolated system recovery.
In alignment with BSP Circular No. 1203, Series of 2024, RCBC must conduct regular scenario testing that incorporates cyber, ICT, third-party, and systemic risks.
These tests should demonstrate the Bank’s ability to continue delivering CBS-1 Deposit and Account Services, assess vulnerabilities, and provide evidence of proactive risk management.
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding system outage (cloud failure) |
Delayed onboarding, customer backlog |
Tested manual onboarding fallback; alternate channels activated |
|
1.2 |
Customer Identification and Verification (KYC/ CDD) |
AML system failure/watchlist provider outage |
Compliance breach risk, onboarding delays |
Backup AML screening and offline verification tested |
|
1.3 |
Account Approval and Opening |
Core banking system disruption |
Delayed account activation |
Failover to secondary data centre validated |
|
1.4 |
Initial Funding and Deposit Booking |
Payment gateway outage |
Failed or delayed deposit posting |
Alternate clearing routes and deferred posting tested |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
System configuration error during deployment |
Incorrect product setup |
Change rollback and validation controls tested |
|
1.6 |
Deposit Transactions Processing |
Cyberattack (ransomware) on transaction systems |
Inability to process deposits |
Data recovery, system isolation, and DR site activation tested |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM network and telecom outage |
Customers are unable to access funds |
Branch fallback and alternate ATM network tested |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system outage |
Delayed service requests |
Backup CRM and manual servicing procedures tested |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch processing failure |
Incorrect or delayed postings |
Batch rerun and reconciliation processes tested |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Reporting system failure |
Delayed or inaccurate statements |
Parallel reporting and data validation tested |
|
1.11 |
Digital Account Access Enablement |
DDoS attack on mobile/internet banking |
Customers are unable to log in |
DDoS mitigation, traffic rerouting, and scaling tested |
|
1.12 |
ATM and Card-Based Access Management |
Card network outage (e.g., Visa/Mastercard) |
Transaction failures |
Multi-network routing and fallback tested |
|
1.13 |
Account Reconciliation and Exception Handling |
System integration failure, causing mismatches |
Financial discrepancies |
Automated reconciliation and exception workflows tested |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Failure to enforce account restrictions |
Compliance breach risk |
Control automation and audit trail verification tested |
|
1.15 |
Fraud Monitoring and Transaction Surveillance |
Fraud detection system outage during an attack |
Increased fraud exposure |
Real-time monitoring, backup, and manual escalation tested |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Call centre and case system outage |
Customer dissatisfaction, unresolved disputes |
Alternate communication channels and manual tracking tested |
Scenario testing provides Rizal Commercial Banking Corporation (RCBC) with a practical and evidence-based approach to validating its operational resilience.
By systematically testing each Sub-CBS under realistic disruption scenarios, the Bank can identify weaknesses, strengthen controls, and enhance its ability to deliver critical services.
Aligned with BSP Circular No. 1203 Series of 2024, this approach ensures that RCBC is prepared not only to recover from disruptions but to continue operating within acceptable thresholds.
Ultimately, effective scenario testing reinforces customer trust, supports regulatory compliance, and strengthens the Bank’s overall resilience in an increasingly complex risk environment.
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Retail Deposit & Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|