In operational resilience terms, dependency mapping is not limited to documenting process steps; it also identifies the people, processes, technology, information, facilities, and third parties that must work together for the service to remain within tolerance during disruption.
The BCM Institute explains that mapping interconnections and interdependencies is meant to reveal how critical business services rely on internal and external components, while BSP Circular No. 1203 requires Philippine banks to identify the resources needed for end-to-end delivery of critical operations, including third-party-provided resources, and to use the mapping exercise to identify vulnerabilities and keep it up to date.
Deposit-taking activities and servicing withdrawals are also expressly cited by the BSP as examples of critical functions or operations.
For Security Bank, this mapping is especially relevant because its retail deposit service is delivered through a mix of branch-based servicing, online account application, account funding channels, customer service requests, and digital access through Security Bank Online and the mobile app.
These delivery channels increase customer convenience but also create cross-dependencies among front-office staff, operations teams, core deposit processing, digital banking platforms, fraud controls, telecommunications, payment rails, and outsourced service providers.
A well-structured dependency map, therefore, supports compliance with BSP Circular No. 1203 and provides a practical basis for vulnerability analysis, incident response, business continuity planning, and resilience testing.
|
Sub-CBS Code |
Sub-CBS |
Dependency Type |
Dependency Detail (What/Who is involved) |
Connectivity (How it connects/interacts with the CBS or other components) |
|
1.1 |
Customer Onboarding and Account Application |
People |
Branch sales staff, relationship officers, contact centre staff, digital onboarding support, compliance reviewers |
These teams initiate the customer relationship, capture application data, explain product features, and hand off the application to the KYC/ CDD and account-opening workflows. |
|
Process |
Product selection, application capture, consent management, document submission, channel routing, customer communication |
This is the entry point to the entire retail deposit lifecycle and feeds directly into identity verification, approval, and account creation. |
||
|
Technology |
Online application portal, branch front-end system, document upload tools, CRM/workflow tools, network connectivity |
Security Bank’s online account application and branch servicing channels depend on these platforms to capture and transmit customer applications accurately. |
||
|
Third Party |
Telco/internet providers, ID/document validation partners, cloud or hosting providers, courier/printing vendors, where relevant |
External connectivity and validation capabilities support successful application capture and progression to downstream review and account setup. |
||
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
People |
Compliance officers, onboarding analysts, branch operations staff, AML reviewers |
These personnel verify customer identity, perform screening, resolve exceptions, and decide whether the application can proceed. |
|
Process |
Customer due diligence, sanctions/AML screening, risk classification, exception handling, record retention |
KYC/CDD is a mandatory control gate before approval and opening; failure here delays or blocks downstream activation and funding. |
||
|
Technology |
KYC workflow system, sanctions screening engine, customer master file, imaging repository, case management tools |
These systems connect onboarding data to compliance decisions and create the audit trail required for regulatory and internal review. |
||
|
Third Party |
Watchlist data providers, national ID/identity sources, outsourced screening tools, connectivity providers |
External data sources and services enrich or validate internal checks and strengthen the control environment. |
||
|
1.3 |
Account Approval and Opening |
People |
Branch operations approvers, back-office account opening team, compliance sign-off authority, service supervisors |
These roles validate completeness, approve or reject the request, and authorise creation of the deposit account. |
|
Process |
Approval workflow, maker-checker control, CIF creation/update, account number generation, and account activation |
This process converts a screened application into a live customer account and triggers links to funding, servicing, and digital access. |
||
|
Technology |
Core banking/deposit system, customer information file, workflow engine, e-signature, or approval tools |
The core deposit platform is the system of record that creates the live account and makes it visible to channels and downstream processes. |
||
|
Third Party |
Digital signature providers, hosting/data centre providers, connectivity vendors |
These support the reliability of the approval workflow and the availability of the account opening infrastructure. |
||
|
1.4 |
Initial Funding and Deposit Booking |
People |
Tellers, branch operations staff, channel support staff, treasury or settlement support, where required |
These teams receive initial deposits, validate source channels, and ensure funds are correctly posted to the new account. |
|
Process |
Cash receipt, transfer-in validation, deposit posting, hold-code application, confirmation to customer |
Initial funding activates the account's practical use and links onboarding to the transaction-processing environment. |
||
|
Technology |
Teller platform, core deposit ledger, transfer interfaces, transaction monitoring tools |
Security Bank states that customers may fund deposit accounts through channels such as bank transfers and payment rails; these systems support posting and visibility of the initial balance. |
||
|
Third Party |
BancNet/ATM network participants, InstaPay/PESONet ecosystem participants, cash logistics providers, telcos |
External payment and channel providers enable incoming funds and affect whether the account becomes usable on time. |
||
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
People |
Product managers, operations control staff, system administrators, and branch support teams |
These personnel maintain rate tables, fees, account rules, dormancy settings, and product parameters. |
|
Process |
Product configuration, rate/fee updates, authorisation control, change management, product governance |
Parameter management ensures the deposit product behaves correctly during day-to-day processing, statementing, and regulatory reporting. |
||
|
Technology |
Product parameter tables in core banking, pricing engines, change control tools, and testing environments |
Incorrect configuration can cascade into errors in interest accrual, fees, transaction eligibility, and customer reporting. |
||
|
Third Party |
Core banking vendor support, software maintenance vendors, and external QA/testing partners |
Vendor support may be needed for patches, rule changes, or urgent fixes affecting retail deposit products. |
||
|
1.6 |
Deposit Transactions Processing |
People |
Tellers, branch operations staff, transaction operations teams, dispute handling staff |
These teams process deposits, validate transactions, and address failed or disputed postings. |
|
Process |
Cash deposit processing, check acceptance, transfer crediting, transaction authorisation, posting, and balancing |
This is one of the core service-delivery activities of retail deposit banking and directly affects customers’ ability to place and retain funds. |
||
|
Technology |
Teller system, core deposit engine, branch network, batch/posting engine, transaction logs |
These systems record transactions in the bank’s books and keep account balances current across branches and channels. |
||
|
Third Party |
Check clearing counterparts, payment network providers, telco/network carriers |
External clearing and communications services influence transaction timeliness and integrity. |
||
|
1.7 |
Withdrawal and Funds Access Processing |
People |
Tellers, branch staff, ATM support teams, fraud operations, customer service staff |
These personnel authenticate, approve, dispense, or investigate cash withdrawal and funds access requests. |
|
Process |
Cash withdrawal, debit authorisation, daily limit control, ATM withdrawal, dispute, and reversal handling |
This sub-CBS links directly to customer access to funds and is expressly aligned with BSP examples of servicing withdrawals as a critical function. |
||
|
Technology |
ATM switch, debit card management system, core banking ledger, branch teller application, fraud monitoring tools |
Funds access depends on real-time balance validation, channel connectivity, and control checks across branch and self-service channels. |
||
|
Third Party |
ATM network operators, card scheme/network participants, cash replenishment/logistics vendors, telcos |
External parties support physical cash access, interbank ATM availability, and transaction routing. |
||
|
1.8 |
Account Servicing and Customer Maintenance |
People |
Branch servicing staff, call centre agents, customer care teams, operations support, and records administrators |
Security Bank offers banking services such as certifications, chequebook reorders, ATM card replacements, and customer maintenance support. |
|
Process |
Update customer profile, replace card/passbook/chequebook, close/freeze/unfreeze account, handle requests and complaints |
This process keeps account records up to date and supports continuity of service throughout the customer relationship. |
||
|
Technology |
CRM/service request platform, core customer master, case management tools, branch systems |
Service requests connect customer-facing channels to back-office fulfilment and account records. |
||
|
Third Party |
Printing and courier vendors, card personalisation vendors, contact-centre platform providers |
Third parties support physical fulfilment and outsourced communications or workflow components. |
||
|
1.9 |
Interest, Fees, and Charges Processing |
People |
Product control teams, finance staff, deposit operations, and customer support for fee disputes |
These teams maintain and monitor fee logic, interest application, and exception handling. |
|
Process |
Interest accrual, capitalisation, fee assessment, reversal/waiver approval, charges reconciliation |
This process affects account balances, customer fairness, profitability, and complaint handling. |
||
|
Technology |
Interest calculation engine, fee tables, batch processing jobs, and general ledger interfaces |
System configuration from Sub-CBS 1.5 feeds this process; errors here affect statements, balances, and reporting. |
||
|
Third Party |
Core banking vendor, managed infrastructure provider, audit/assurance support providers |
External support may be needed for defects, upgrades, or assurance over calculation logic. |
||
|
1.10 |
Statement, Passbook, and Balance Reporting |
People |
Operations reporting teams, branch staff, customer care, print/mailroom teams |
These teams generate, distribute, explain, and correct account statements and balance information. |
|
Process |
Statement generation, passbook update, balance inquiry, report distribution, correction, and re-issuance |
Accurate reporting depends on transaction posting, fee and interest calculation, and data completeness across channels. |
||
|
Technology |
Statement engine, passbook printer/update devices, online banking display, reporting database |
Digital and branch channels must draw from the same source-of-record balances to avoid customer harm and complaints. |
||
|
Third Party |
Print-and-mail vendors, SMS/email notification providers, telecom, and internet providers |
External parties help distribute balances and statements through physical and digital channels. |
||
|
1.11 |
Digital Account Access and Channel Integration |
People |
Digital banking team, app support, cyber security team, IAM administrators, helpdesk staff |
These teams keep customer access channels available, secure, and integrated with the deposit platform. |
|
Process |
Login, authentication, session management, account inquiry, alerts, channel support, and recovery |
Security Bank provides access through Security Bank Online and its mobile app, making this a key access layer for the retail deposit service. |
||
|
Technology |
Online banking platform, mobile app, API/middleware layer, IAM, OTP/biometric or device-based controls, network/firewalls |
These components connect the customer to account balances, transfers, service requests, and alerts in near real time. |
||
|
Third Party |
Telcos, internet service providers, push notification providers, cloud/security vendors, device ecosystem providers |
Outages or latency in these services can interrupt access to deposit accounts even when the core ledger remains available. |
||
|
1.12 |
Reconciliation and Exception Management |
People |
Operations control teams, finance and GL teams, branch balancing staff, issue-resolution analysts |
These teams identify breaks, resolve mismatches, and ensure financial records remain accurate and complete. |
|
Process |
Suspense management, branch and ATM reconciliation, channel balancing, break investigation, and correction posting |
Reconciliation underpins service integrity by confirming that customer-visible balances match internal records and external channel outputs. |
||
|
Technology |
Reconciliation engine, GL interface, exception workflow tool, reporting dashboards |
These tools connect transaction sources to control reports and drive timely resolution of discrepancies. |
||
|
Third Party |
ATM network counterparties, payment scheme operators, outsourced reconciliation or support vendors |
External transaction files and settlement outputs are often required to complete reconciliations and clear outstanding breaks. |
||
|
1.13 |
Fraud Detection and Transaction Monitoring |
People |
Fraud risk analysts, AML monitoring teams, SOC/cyber analysts, branch investigators, customer service staff |
These teams detect suspicious behaviour, contact customers, block transactions, and escalate incidents. |
|
Process |
Transaction monitoring, alert review, case investigation, account hold/blocking, customer notification, escalation |
Fraud monitoring protects the deposit service from unauthorised access, mule activity, account takeover, and abnormal transactions. |
||
|
Technology |
Fraud monitoring engine, AML/surveillance tools, SIEM/logging, card and digital channel monitoring systems |
Monitoring tools are integrated with transaction-processing and digital access channels to identify suspicious activity early. |
||
|
Third Party |
Watchlist/intelligence providers, managed security providers, telecom/SMS providers, law enforcement liaison channels |
External feeds and service providers enhance detection, communications, and coordinated response. |
||
|
1.14 |
Regulatory Reporting and Compliance Monitoring |
People |
Compliance officers, regulatory reporting team, risk management, finance, and internal audit liaison |
These roles interpret BSP requirements, compile data, attest to controls, and monitor compliance performance. |
|
Process |
Regulatory report preparation, control testing, compliance monitoring, issue escalation, and management reporting |
This process connects operational activity and incidents in the deposit service to supervisory expectations and board reporting. |
||
|
Technology |
Data warehouse, regulatory reporting tools, GRC platform, document repository |
Reporting platforms consolidate outputs from onboarding, transactions, incidents, and reconciliation into regulatory and management reports. |
||
|
Third Party |
External auditors, compliance solution vendors, legal advisers, regtech providers |
External expertise and platforms may support compliance monitoring, assurance, and interpretation of regulatory change. |
||
|
1.15 |
Incident Response, Business Continuity, and Recovery |
People |
Incident managers, BCM coordinators, IT DR teams, business recovery leads, crisis management team, and executives |
BSP Circular No. 1203 expects incident response planning, role clarity, communications, and review of incidents affecting critical operations. |
|
Process |
Incident detection, escalation, service continuity procedures, manual workarounds, recovery execution, lessons learned |
This sub-CBS serves as the resilience wrapper for all prior sub-CBSs and is activated when a disruption threatens the bank’s ability to remain within tolerance. |
||
|
Technology |
Incident management tools, BCM platform, DR site, backup systems, alternate connectivity, communications tools |
These systems support detection, coordination, failover, restoration, and evidence capture across retail deposit operations. |
||
|
Third Party |
Alternate site providers, DR/cloud providers, telecom providers, critical vendors, emergency services |
Recovery depends on third parties restoring the network, infrastructure, and critical outsourced services within agreed recovery expectations. |
For a Philippine bank such as Security Bank, BSP Circular No. 1203 makes several requirements directly relevant to this dependency map.
First, operational resilience is defined as the ability to deliver critical operations through significant operational disruptions, and those critical operations include not just the service itself but also the supporting assets needed to deliver it, such as people, technology, information, facilities, internal processes, IT systems, clearing and settlement facilities, and outsourced services.
The BSP also states that examples of critical services include servicing withdrawals and certain deposit-taking activities, which strongly support the treatment of Retail Deposit and Account Services as a critical business service.
Second, the BSP requires governance and accountability over operational resilience. The board must oversee and approve the operational resilience framework, and senior management must implement it, allocate resources, assess resilience capabilities, and report periodically to the board.
The framework should also leverage related disciplines such as operational risk, business continuity, third-party risk, and ICT/ cybersecurity risk, which is why the dependency table above does not treat deposit operations as a stand-alone process but as a service dependent on multiple control domains.
For example, a disruption in digital banking access may be caused by a failure of ICT or telecom dependencies, while a disruption in account opening may stem from a breakdown in third-party identity verification.
Third, BSP’s self-assessment questionnaire makes it clear that the mapping exercise should identify vulnerabilities, define how the mapping will be kept up to date, and support the bank’s plans, processes, and resources for delivery of critical operations during disruptive events.
It also asks whether the bank has developed an incident response plan that covers the disruption life cycle, roles and responsibilities, succession planning, and internal/external communications.
In practical terms, for Security Bank, examples would include: maintaining alternate channels when the online application portal fails, ensuring manual or alternate branch procedures when teller connectivity is unavailable, preserving ATM and branch cash access when network links are degraded, and coordinating with external payment or telecom providers when funding or digital access channels are disrupted.
The dependency mapping for CBS-1 Retail Deposit and Account Services shows that Security Bank’s retail deposit service is sustained by a tightly connected ecosystem of front-line staff, control functions, process discipline, core banking and digital platforms, data and reporting layers, and critical third parties.
The main value of this chapter is not merely to document who does what, but to make visible the end-to-end service chain that must remain functional for customers to open accounts, deposit funds, access balances, withdraw money, receive statements, and continue banking during disruptions.
This is fully aligned with the BCM Institute’s view on mapping interconnections and interdependencies, and with BSP Circular No. 1203’s requirement to identify resources, vulnerabilities, and resilience actions for critical operations.
Used properly, this map becomes the foundation for the next stages of operational resilience implementation: vulnerability analysis, process-and-resource mapping, impact tolerance setting, severe-but-plausible scenario design, and scenario testing.
For Security Bank, the chapter therefore serves as a practical control document for management and business units to understand where the weak points may be, what dependencies are most concentration-prone, and which internal and third-party capabilities must be protected or recovered first to keep retail deposit services within acceptable disruption limits.
| eBook 3: Starting Your OR Implementation |
|||||
| CBS-1 Retail Deposit & Account Services | |||||
| CBS-1 DP | CBS-1 MD | CBS-1 MPR | CBS-1 ITo | CBS-1 SuPS | CBS-1 ST |
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
|
If you have any questions, click to contact us. |
||
|
|