For Security Bank Corporation, CBS-1 Retail Deposit and Account Services covers the end-to-end delivery of account opening, deposit servicing, funds access, balance reporting, digital access, fraud monitoring, reconciliation, compliance monitoring, and recovery activities that retail customers depend on every day.
Security Bank’s public channels indicate that deposit accounts can be opened through the mobile app via electronic KYC, that some accounts may be opened immediately, and that customers also rely on the Security Bank app and online banking for ongoing account access.
This makes the service highly time-sensitive from both a customer-outcome and regulatory-resilience perspective.
Under BSP Circular No. 1203, Philippine banks are expected to identify critical operations, set a disruption tolerance for each critical operation, use at least a time-based metric, consider other metrics such as affected customers and transaction volume/value, and test those tolerances against severe but plausible scenarios.
The Circular also states that the criteria for identifying critical operations and setting tolerance for disruption should be reviewed, challenged, and approved by the board of directors.
Accordingly, the table below is a proposed operational resilience summary for Security Bank’s CBS-1 sub-services. It is designed as a practical benchmark for chapter drafting and management review.
The actual tolerances should still be calibrated using Security Bank’s real transaction volumes, customer commitments, regulatory obligations, dependencies, recovery capabilities, and scenario-testing results, then formally approved through governance.
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.1 |
Customer Onboarding and Account Application |
8 hours |
15 minutes |
Moderate to high inconvenience; new-to-bank acquisition delayed |
Moderate, especially if service disruption becomes prolonged or misleading disclosures arise |
Customer / Conduct / Revenue |
Partially resilient |
Strengthen alternate onboarding path via branch/contact center; predefine manual capture and deferred processing |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
4 hours |
Near-zero; no loss of identity or screening records |
Customers cannot complete account opening |
High due to AML/CFT and customer due diligence obligations |
Regulatory / Compliance / Customer |
Partially resilient |
Harden KYC tool redundancy, sanctions/PEP screening continuity, and evidence retention controls |
|
1.3 |
Account Approval and Opening |
4 hours |
15 minutes |
Customers are unable to activate newly opened accounts |
High where delays affect mandated controls and customer commitments |
Customer / Regulatory / Operational |
Partially resilient |
Implement maker-checker fallback, queued approvals, and rapid restart procedures |
|
1.4 |
Initial Funding and Deposit Booking |
2 hours |
Near-zero for posted transactions |
Customer funds may not reflect correctly; trust the impact immediately |
High if ledger integrity or safeguarding is affected |
Financial / Customer / Regulatory |
Partially resilient |
Prioritize real-time posting recovery, suspense-account controls, and transaction replay capability |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
1 business day |
30 minutes |
Usually limited immediate effect, but a wrong setup may affect pricing/access |
Moderate to high if terms, fees, or customer treatment become inaccurate |
Conduct / Compliance / Operational |
Partially resilient |
Tighten configuration governance, version control, and pre-release validation |
|
1.6 |
Deposit Transactions Processing |
2 hours |
Near-zero |
Severe impact; customers cannot deposit, transfer internally, or receive correct posting |
High because core deposit processing is a critical banking function |
Customer / Financial / Systemic / Regulatory |
Needs enhancement |
Improve core banking failover, queue management, and branch/channel contingency processing |
|
1.7 |
Withdrawal and Funds Access Processing |
1 hour |
Near-zero |
Severe and immediate harm; customers may lose access to cash/funds |
Very high due to customer detriment and reputational escalation |
Customer / Financial / Reputational / Regulatory |
Needs enhancement |
Prioritize ATM/branch/card switching resilience, liquidity fallback, and manual override controls |
|
1.8 |
Account Servicing and Customer Maintenance |
8 hours |
30 minutes |
Moderate; customers cannot update profiles, replace cards, or request servicing changes |
Moderate if KYC refresh or record maintenance is delayed too long |
Customer / Compliance / Operational |
Partially resilient |
Enable branch/manual servicing fallback and queued non-financial maintenance |
|
1.9 |
Interest, Fees, and Charges Processing |
End of day |
15 minutes |
Medium: incorrect charges or missed accruals create complaints and restitution risk |
High if fees/interest are misapplied at scale |
Financial / Conduct / Regulatory |
Partially resilient |
Add automated reconciliations, rate-table controls, and restitution playbooks |
|
1.10 |
Statement, Passbook, and Balance Reporting |
24 hours |
30 minutes |
Medium to high; customers lose visibility of balances and transaction history |
Moderate, rising if reporting inaccuracies persist |
Customer / Conduct / Reputational |
Partially resilient |
Build alternate statement generation and cached balance-view capabilities |
|
1.11 |
Digital Account Access and Channel Integration |
1 hour |
Near-zero for authentication/session data; no loss of posted transactions |
Very high; customers locked out of accounts and self-service channels |
High, especially if the outage is prolonged or security controls weaken |
Customer / Cyber / Reputational / Operational |
Needs enhancement |
Strengthen channel redundancy, identity services, authentication resilience, and app/web failover |
|
1.12 |
Reconciliation and Exception Management |
End of day |
15 minutes |
Usually indirect at first, but breaks can cascade into unresolved customer issues |
High because unresolved breaks can distort books and controls |
Financial / Control / Regulatory |
Partially resilient |
Automate break prioritization, define escalation SLAs, and maintain exception backlogs within tolerance |
|
1.13 |
Fraud Detection and Transaction Monitoring |
30 minutes |
Near-zero |
Potential immediate customer loss if suspicious activity is not detected |
Very high due to fraud, AML, and supervisory concerns |
Fraud / Financial / Regulatory / Reputational |
Needs enhancement |
Ensure real-time monitoring resilience, alternate alert routing, and 24/7 decision coverage |
|
1.14 |
Regulatory Reporting and Compliance Monitoring |
1 business day for routine reporting; 2 hours for critical incident/regulatory escalations |
Near-zero for compliance records |
Limited immediate retail impact, but high enterprise consequence |
Very high if statutory, prudential, AML, or incident reporting deadlines are missed |
Regulatory / Compliance / Reputational |
Partially resilient |
Separate critical vs routine reporting tolerance, maintain reporting data lineage, and pre-approve escalation triggers |
|
1.15 |
Incident Response, Business Continuity, and Recovery |
15 minutes to activate; 2 hours to stabilise priority services |
Near-zero for incident logs and recovery decisions |
Broad cross-service impact if the response is delayed |
Very high because this function underpins the resilience of all other sub-services |
Enterprise / Operational / Regulatory / Reputational |
Partially resilient |
Define invocation triggers, succession authority, crisis communication, and regular exercising under severe scenarios |
The proposed tolerances above align with BSP’s expectation that banks use both time-based and other relevant metrics when setting tolerances for disruption. In practice, Security Bank should not rely on downtime alone.
For CBS-1, it would be sensible to supplement each tolerance with thresholds such as the maximum number of affected customers, the maximum value/volume of unposted or blocked transactions, the maximum duration of unavailable digital access, the number of unresolved reconciliation breaks, the fraud alert backlog, and regulatory reporting deadlines at risk.
The stricter tolerances in this table are assigned to sub-services where disruption causes immediate customer harm, loss of access to funds, loss of transaction integrity, exposure to fraud, or inability to contain an ongoing incident.
This is why withdrawal processing, digital access, fraud monitoring, deposit processing, and incident response are set more tightly than statement production or routine parameter maintenance.
That prioritisation is consistent with the resilience principle that tolerance should be exercised only when disruption begins to pose a material risk to the bank and external stakeholders.
BSP Circular No. 1203 also makes clear that tolerances should be tested against severe but plausible scenarios.
Examples explicitly mentioned include a major earthquake linked to the West Valley Fault, a severe typhoon, a failure of a critical third-party service provider, disruptions to payment and settlement systems, and a coordinated cyberattack or ransomware affecting banks.
Those examples are directly relevant to CBS-1 because retail deposit services depend on core systems, digital channels, telecommunications, energy, and third-party services.
Establishing impact tolerance for CBS-1 Retail Deposit and Account Services is not just a documentation exercise; it is the point at which Security Bank translates operational resilience into measurable service outcomes.
A sound tolerance statement tells management how long a disruption can be endured, how much data loss is acceptable, what level of customer harm is intolerable, and when escalation, recovery, and board attention become mandatory.
BSP Circular No. 1203 expects these tolerances to be formally set, tested, challenged, and used to drive improvements in resilience capability.
For Security Bank, the practical implication is clear: sub-services that affect customer access to funds, deposit posting integrity, fraud detection, digital channel availability, and incident response should carry the most stringent tolerances and the strongest recovery arrangements.
Sub-services such as statements, parameter maintenance, and routine reporting can tolerate slightly longer disruption, but only where accuracy, control, and downstream recovery remain protected.
This is consistent with BSP’s requirement to map interconnections and dependencies, consider third parties and public infrastructure, integrate BCM into the resilience framework, and test critical operations using severe but plausible scenarios.
The next step for this chapter would be to validate these proposed tolerances against actual Security Bank recovery performance, technology architecture, vendor commitments, branch- and channel-fallback procedures, and historical incident data.
After that calibration, the bank can convert this summary into formally approved impact tolerances and use them as the benchmark for scenario testing, investment prioritisation, and remediation planning.
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Retail Deposit & Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|