![x [OR] [UBP] Title Banner](https://no-cache.hubspot.com/cta/default/3893111/aa51436c-5f73-485a-aa99-6d6a6b3882db.png)
![[OR] [UBP] Legal Disclaimer Banner](https://no-cache.hubspot.com/cta/default/3893111/f97d48f5-b443-4ad0-83f8-36f7744591e6.png)
CBS-1 Deposit & Account Services
Introduction
![[OR] [UBP] [PH] [E3] [CBS] [1] [ST] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/dfb366bd-9c4a-484c-aa95-81a7de3966f2.png)
Scenario testing is a core requirement of operational resilience, as emphasised in BSP Circular No. 1203 Series of 2024.
It enables financial institutions to validate whether their critical business services—such as CBS-1 Deposit and Account Services—can remain within defined impact tolerances during disruptions.
In line with the guidance from the BCM Institute’s scenario testing framework, organisations must simulate severe but plausible disruptions across people, processes, technology, and third-party dependencies, while incorporating cyber and ICT risk considerations.
Through structured scenario testing, Union Bank of the Philippines can assess its ability to sustain operations, protect customer interests, and meet regulatory obligations even under adverse conditions such as system outages, cyberattacks, or third-party failures.
![Banner [Table] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/a45e9708-7139-4f4e-8e0e-41179f5cacc3.png)
Table P6: Perform Scenario Testing for CBS-1
|
Sub-CBS Code |
Sub-CBS |
Recommended Scenario Test Themes |
Impact / Effect |
Evidence of Proactive Risk Management Action |
|
1.1 |
Customer Onboarding and Account Application |
Digital onboarding platform outage; surge in applications during system degradation (Cyber/ICT: front-end app failure) |
Delayed onboarding, customer dissatisfaction |
Load testing results, alternate manual onboarding procedures, and redundancy in onboarding platforms |
|
1.2 |
Customer Identification and Verification (KYC/CDD) |
Failure of identity verification API or AML screening system (Cyber/ICT: third-party API disruption) |
Compliance breach risk, onboarding delays |
Backup KYC processes, secondary verification vendors, and audit logs of KYC checks |
|
1.3 |
Account Approval and Opening |
Core banking approval workflow disruption (Cyber/ICT: workflow engine failure) |
Account opening delays, revenue loss |
Workflow failover testing, approval SLA monitoring, contingency approval processes |
|
1.4 |
Initial Funding and Deposit Booking |
Payment gateway failure during initial deposit (Cyber/ICT: payment switch outage) |
Failed transactions, customer complaints |
Reconciliation logs, retry mechanisms, and alternate funding channels |
|
1.5 |
Product Terms Setup and Account Parameter Maintenance |
Incorrect parameter configuration due to system defect (Cyber/ICT: configuration error) |
Financial misstatements, regulatory risk |
Configuration controls, maker-checker controls, periodic audits |
|
1.6 |
Deposit Transactions Processing |
Core banking system outage or batch processing failure (Cyber/ICT: core system downtime) |
Transaction delays, loss of customer trust |
DR test results, RTO/RPO validation, transaction queuing mechanisms |
|
1.7 |
Withdrawal and Funds Access Processing |
ATM/POS network outage or cash withdrawal system failure (Cyber/ICT: network disruption) |
Inability to access funds, reputational damage |
ATM network redundancy, fallback withdrawal limits, and monitoring dashboards |
|
1.8 |
Account Servicing and Customer Maintenance |
CRM system outage impacting account updates (Cyber/ICT: CRM system failure) |
Service delays, increased call center load |
CRM backup systems, manual servicing procedures, and call center surge plans |
|
1.9 |
Interest, Fees, and Charges Processing |
Batch job failure for interest computation (Cyber/ICT: batch scheduler failure) |
Incorrect balances, customer disputes |
Re-run capability, reconciliation checks, automated alerts |
|
1.10 |
Statement, Passbook, and Balance Reporting |
Failure in the statement generation system (Cyber/ICT: reporting engine failure) |
Delayed statements, compliance breach |
Alternate statement generation, customer notification protocols |
|
1.11 |
Digital Account Access and Channel Integration |
Mobile/internet banking outage or cyberattack (Cyber/ICT: DDoS attack) |
Customers are unable to access their accounts |
DDoS protection testing, channel failover, cybersecurity monitoring (SOC) |
|
1.12 |
ATM and Card-Based Access Management |
Card management system breach or outage (Cyber/ICT: card system compromise) |
Fraud risk, transaction disruption |
Card blocking controls, fraud detection systems, and incident response drills |
|
1.13 |
Account Reconciliation and Exception Handling |
Reconciliation system mismatch due to data corruption (Cyber/ICT: data integrity issue) |
Financial discrepancies, audit findings |
Daily reconciliation controls, exception reporting, and data validation tools |
|
1.14 |
Dormancy, Holds, Restrictions, and Account Control Administration |
Erroneous account freezing due to system bug (Cyber/ICT: rule engine failure) |
Customer complaints, legal risk |
Rule validation testing, override controls, and audit trails |
|
1.15 |
Fraud Monitoring and Transaction Surveillance for Deposit Accounts |
Failure of the fraud detection system during peak transactions (Cyber/ICT: monitoring tool outage) |
Increased fraud exposure |
Real-time monitoring redundancy, fraud simulation testing, and escalation procedures |
|
1.16 |
Complaints, Disputes, and Service Recovery |
Contact centre system outage during dispute surge (Cyber/ICT: call centre system failure) |
Delayed resolution, reputational impact |
Business continuity plans for the contact centre, alternate communication channels |
|
1.17 |
Regulatory Reporting and Compliance Monitoring |
Failure to generate regulatory reports due to system outage (Cyber/ICT: reporting system failure) |
Non-compliance penalties |
Regulatory reporting backup systems, submission contingency plans |
|
1.18 |
Incident Response, Business Continuity, and Recovery |
Cyberattack causing prolonged service disruption (Cyber/ICT: ransomware attack) |
Service downtime beyond tolerance, regulatory breach |
Incident response drills, cyber resilience testing, and DR/BCP exercise results |
![Banner [Summing] [OR] [E3] Perform Scenario Testing](https://no-cache.hubspot.com/cta/default/3893111/11895c06-91e9-4cec-acb6-4356741952e4.png)
Scenario testing for CBS-1 Deposit and Account Services enables Union Bank of the Philippines to validate its operational resilience against a wide range of disruptions, particularly those involving cyber and ICT risks.
By systematically testing each sub-process, the bank ensures that critical services remain within defined impact tolerances and that recovery strategies are both effective and actionable.
Aligned with BSP Circular No. 1203 Series of 2024, these scenario tests demonstrate proactive risk management by integrating cyber resilience, third-party risk oversight, and business continuity planning.
Ultimately, this structured approach strengthens the bank’s ability to safeguard customer trust, maintain regulatory compliance, and sustain critical operations under adverse conditions.
![[OR] [UBP] [PH] [E3] [CBS] [1] [DP] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/caed34e9-155d-45e6-988d-03e9bcbb003d.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [MD] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/113936d7-f143-4c8c-87ce-63cf4fced435.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [MPR] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/64c8092a-a90a-403b-9b46-b356a1396c07.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [ITo] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/aeed3fca-6ddb-4656-8785-190e39bdc8db.png)
![[OR] [UBP] [PH] [E3] [CBS] [1] [SuPS] Deposit and Account Services](https://no-cache.hubspot.com/cta/default/3893111/bf6cd570-c698-489d-a90b-cebfddf55d7a.png)
Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.
More Information About OR-5000 [OR-5] or OR-300 [OR-3]
To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.
![[BL-OR] [3-4-5] View Schedule](https://no-cache.hubspot.com/cta/default/3893111/d0d733a1-16c0-4b68-a26d-adbfd4fc6069.png)
![[BL-OR] [3] FAQ OR-300](https://no-cache.hubspot.com/cta/default/3893111/f20c71b4-f5e8-4aa5-8056-c374ca33a091.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
