![x [OR] [UBP] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/aa51436c-5f73-485a-aa99-6d6a6b3882db.png)
![[OR] [UBP] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/f97d48f5-b443-4ad0-83f8-36f7744591e6.png)
CBS-1 Deposit & Account Services
Introduction
![[OR] [UBP] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/aeed3fca-6ddb-4656-8785-190e39bdc8db.png)
For a Philippine bank, impact tolerance should be set at the level of disruption that management and the board are willing to accept for each identified critical operation, to sustain delivery through severe but plausible disruption.
BSP Circular No. 1203 requires BSFIs to identify critical operations end-to-end, set clearly defined tolerances for disruption, include at a minimum a time-based metric, consider other quantitative and qualitative measures, and test those tolerances against severe but plausible scenarios.
The Circular also emphasises that operational resilience should encompass supporting assets, including people, technology, information, facilities, third parties, and dependencies on public infrastructure.
For UnionBank, the setting of impact tolerances for Deposit and Account Services should reflect the bank’s digitally enabled operating model, including digital account opening, UnionBank Online access, funds transfer, and app-based check deposit capabilities.
These customer-facing features mean that tolerances for transaction processing, withdrawals, digital access, fraud monitoring, and incident recovery should generally be tighter than tolerances for reporting, complaints handling, or non-real-time administrative activities.
![Banner [Table] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/627c33a8-714d-40af-9a2b-0d7957fb8afa.png)
Table P4: Establish Impact Tolerance for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Maximum Tolerable Downtime (MTD) |
Maximum Tolerable Data Loss (MTDL) |
Customer Impact |
Regulatory Impact |
Impact Type |
Current Resilience Status |
Action Required |
|
1.1 |
Customer Onboarding and Account Application |
8 hours |
15 minutes |
Medium – delays in new account acquisition and onboarding experience |
Medium – onboarding backlogs may affect service commitments and fair treatment expectations |
Customer / Compliance / Financial |
Moderate |
Maintain digital and branch fallback intake; queue and replay applications automatically |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
4 hours |
0 minutes for verified identity records; 15 minutes for workflow logs |
High – customers cannot complete onboarding |
High – AML/CFT and customer due diligence obligations may be breached if controls fail |
Regulatory / Compliance / Customer |
Moderate |
Strengthen eKYC redundancy, sanctions screening resilience, and maker-checker fallback |
|
1.3 |
Account Approval and Opening |
4 hours |
0 minutes for approved account master data |
Highly approved customers cannot activate or use accounts |
High – account opening controls and record integrity are regulatory-sensitive |
Customer / Regulatory / Financial |
Moderate |
Ensure core banking failover, account-number reservation controls, and post-recovery reconciliation |
|
1.4 |
Initial Funding and Deposit Booking |
2 hours |
0 minutes for posted deposit entries |
High funding delays affect account usability and customer trust |
High ledger inaccuracies and unreconciled balances may create prudential issues |
Financial / Customer / Regulatory |
Needs strengthening |
Prioritize real-time posting recovery, suspense management, and channel reconciliation |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
1 business day |
0 minutes for approved parameter changes |
Medium – wrong rates, limits, or product rules may affect many accounts |
High pricing, disclosures, and product governance errors may cause compliance breaches |
Compliance / Financial / Customer |
Moderate |
Tighten change controls, versioning, rollback, and dual authorization |
|
1.6 |
Deposit Transactions Processing |
1 hour |
Near-zero; not more than 1 minute |
Very High – deposits not posted, balances inaccurate, service disruption across channels |
Very High – prolonged disruption may affect critical deposit-taking operations |
Financial / Customer / Systemic / Regulatory |
Requires high resilience |
Maintain active-active or rapid failover processing, automated replay, and real-time monitoring |
|
1.7 |
Withdrawal and Funds Access Processing |
30 minutes |
Near-zero; not more than 1 minute |
Very High – customers lose access to funds |
Very High – disruption to withdrawals is explicitly relevant to critical operations |
Customer / Financial / Conduct / Regulatory |
Requires high resilience |
Prioritize channel failover, cash access alternatives, ATM/network contingencies, and manual escalation |
|
1.8 |
Account Servicing and Customer Maintenance |
8 hours |
15 minutes |
Medium to High – inability to update profiles, contact details, or service instructions |
Medium – inaccurate customer records may affect downstream compliance |
Customer / Compliance / Operational |
Moderate |
Provide branch/contact-center fallback and batch catch-up processing |
|
1.9 |
Interest, Fees, and Charges Processing |
End of day |
15 minutes |
Medium – financial detriment, complaints, and trust issues if incorrect |
High – unfair charging or incorrect interest calculation can trigger conduct and compliance concerns |
Financial / Compliance / Reputational |
Moderate |
Implement pre-run validation, exception reporting, and customer remediation workflow |
|
1.10 |
Statement, Passbook, and Balance Reporting |
24 hours |
30 minutes |
Medium – customers may lack visibility on balances and history |
Medium – delayed statements/reporting may affect disclosures and complaints handling |
Customer / Reputational / Compliance |
Moderate |
Enable alternate statement generation and cached balance inquiry with clear advisories |
|
1.11 |
Digital Account Access and Channel Integration |
30 minutes |
Near-zero for authentication and session data; 5 minutes for non-financial logs |
Very High – customers locked out of online/mobile access |
High – service continuity, security, and incident handling expectations apply |
Customer / Cyber / Reputational / Financial |
Requires high resilience |
Strengthen IAM redundancy, API gateway failover, DDoS protection, and degraded-mode access |
|
1.12 |
ATM and Card-Based Access Management |
1 hour |
Near-zero for card status and transaction authorisation data |
Very High – card usage and ATM withdrawals disrupted |
High customer harm and fraud exposure increase during outages |
Customer / Financial / Fraud / Reputational |
Requires high resilience |
Maintain network-provider contingencies, hot-standby authorization, and rapid card-status synchronization |
|
1.13 |
Account Reconciliation and Exception Handling |
1 business day |
15 minutes |
Medium – customer errors may persist longer if exceptions are unresolved |
High – prolonged unreconciled items can create control and reporting issues |
Financial / Compliance / Operational |
Moderate |
Automate exception queues, aging triggers, and prioritized break resolution |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
4 hours |
0 minutes for status flags and hold instructions |
High – improper release or failure to impose controls can cause direct harm |
Very High – legal, AML, court-order, and fraud-control breaches may arise |
Regulatory / Compliance / Financial |
Needs strengthening |
Protect status-control tables, dual controls, and real-time propagation across channels |
|
1.15 |
Fraud Monitoring and Transaction Surveillance for Deposit Accounts |
15 minutes for alerting degradation; 1 hour for full restoration |
Near-zero for alerts, watchlists, and case data |
Very High – fraud losses and customer harm may escalate quickly |
Very High – breakdown in monitoring creates material compliance and prudential risk |
Fraud / Regulatory / Customer / Reputational |
Critical capability |
Implement always-on monitoring, alternate rules engine, and surge-response procedures |
|
1.16 |
Complaints, Disputes, and Service Recovery |
1 business day |
30 minutes |
Medium – customers experience delays in redress and communication |
Medium to High – complaint-handling and fair treatment expectations may be affected |
Customer / Reputational / Conduct |
Moderate |
Ensure omnichannel case logging, outage scripts, and service recovery playbooks |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
4 hours for urgent breach reporting; end of day for routine regulatory submissions |
0 minutes for official reporting data sets |
Low immediate customer impact, but potentially high indirect impact |
Very High – reporting failures and delayed escalation may breach BSP or AML obligations |
Regulatory / Compliance / Reputational |
Moderate |
Maintain regulatory reporting data mart resilience, escalation matrix, and manual submission fallback |
|
1.18 |
Incident Response, Business Continuity, and Recovery |
15 minutes for activation; 2 hours for coordinated stabilisation |
Near-zero for incident logs, decision records, and recovery status data |
Very High – slow response amplifies disruption across all deposit services |
Very High – BSP expects integrated incident response, BCM, and recovery for critical operations |
Operational / Regulatory / Customer / Enterprise |
Foundational but must be continuously tested |
Tighten crisis triggers, command structure, communication protocols, and scenario-based exercising |
Notes on Calibration
The table above is a recommended starting point for UnionBank’s management calibration, not a statement of the bank’s currently approved tolerances.
Under BSP Circular No. 1203, the tolerances for disruption should be reviewed, challenged, and approved by the board, supported by quantitative and qualitative measures, and refreshed as the business environment, interdependencies, and vulnerabilities change.
The BSP also expects critical operations to be mapped end-to-end, with attention to third-party arrangements, telecommunications, energy, and other public infrastructure dependencies.
A practical way to calibrate these tolerances is to use at least five lenses: time to customer harm, volume/value of transactions affected, legal or regulatory exposure, data integrity risk, and recovery complexity across channels and third parties.
This is consistent with the BCM Institute guidance that impact tolerance should link downtime, data loss, financial loss, and customer impact, and with the BSP requirement that, at a minimum, a time-based metric must be set and then validated through severe but plausible scenario testing.
Examples of Philippine Regulatory Requirements Relevant to Union Bank of the Philippines
For a Philippine bank, BSP Circular No. 1203 contains several operational resilience requirements that directly affect how impact tolerances should be established for CBS-1 Deposit & Account Services:
- Critical operations must be identified end-to-end. BSP says identification should cover the end-to-end activities necessary in delivering critical operations, not merely individual systems or teams. For deposit services, onboarding, account opening, posting, access channels, fraud controls, reconciliation, and recovery must be considered an integrated service chain.
- Tolerance for disruption must be explicitly set for each identified critical operation. BSP requires a clearly defined tolerance for disruption, including, at a minimum, a time-based metric, and encourages the use of additional metrics such as affected customers and transaction volume/value. This supports the use of MTD, MTDL, customer impact, and regulatory impact in the table above.
- Tolerance must be tested using severe but plausible scenarios. BSP states that tolerances should be tested against severe but plausible scenarios to determine their relevance and propriety. For UnionBank, examples would include core banking degradation, a telecom outage, a cyberattack on digital channels, an ATM switch failure, or a fraud-monitoring disruption.
- BCM and incident response must be integrated with operational resilience. BSP says the BCM and BCP should be integrated into the operational resilience framework and that periodic exercises must cover identified critical operations, their interconnections, and key dependencies. That is why Sub-CBS 1.18 has the tightest activation tolerance.
- Third-party and infrastructure dependencies must be considered. BSP specifically calls out third-party service arrangements and dependencies on telecommunications, transportation, and energy as factors that must be assessed against the bank’s tolerance for disruption. This is especially relevant to UnionBank’s digital channels, ATM/card services, and app-based deposit capabilities.
![Banner [Summing] [OR] [E3] Establish Impact Tolerance](https://no-cache.hubspot.com/cta/default/3893111/5e80e50f-5e3e-44ea-8c43-16bf42d4f3b5.png)
Setting impact tolerance for CBS-1 Deposit & Account Services is not simply a recovery-time exercise; it is a board-level decision on how much disruption UnionBank can safely absorb before customer harm, regulatory breach, or material financial impact becomes unacceptable.
In practice, the tightest tolerances should be assigned to deposit posting, withdrawals, digital access, card/ ATM access, fraud monitoring, and coordinated incident response because these processes most directly affect customers’ access to funds and the integrity of the deposit service.
The next step is to validate these proposed tolerances through mapping, severe-but-plausible scenario design, and structured testing.
Where the bank cannot yet remain within the proposed tolerance, BSP expects management to identify vulnerabilities, adopt remedial actions, and prioritise investments that strengthen the resilience of critical operations.
![[OR] [UBP] [PH] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/caed34e9-155d-45e6-988d-03e9bcbb003d.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/113936d7-f143-4c8c-87ce-63cf4fced435.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/64c8092a-a90a-403b-9b46-b356a1396c07.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [SuPS] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/bf6cd570-c698-489d-a90b-cebfddf55d7a.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/dfb366bd-9c4a-484c-aa95-81a7de3966f2.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
