[OR] [WFP] [E3] [CBS] [1] [MD] Map Dependency

CBS-1 Payment & Transaction Processing

For Wells Fargo Philippines, mapping dependencies for CBS-1 Payment & Transaction Processing is essential because payment services are delivered through an interconnected chain of people, controls, applications, infrastructure, internal support functions, and third-party networks.

Wells Fargo states that its India and Philippines organisations play a pivotal role in the firm’s global delivery strategy, supporting a broad portfolio across business operations, corporate functions, and technology, while its Technology function enables 24/7 banking access, and its COO and Corporate Risk teams strengthen operational, risk, and control infrastructure.

That operating model makes dependency mapping especially important for payment services, where a disruption in one control, platform, or service partner can quickly affect upstream initiation, downstream settlement, customer communication, and regulatory obligations.

Table P2: Map Dependency for CBS-1

Sub-CBS Code	Sub-CBS	Dependency Type	Dependency Detail (What/Who is involved)	Connectivity (How it connects/interacts with the CBS or other components)
1.1	Payment Initiation and Capture	People	Operations staff, payment service teams, channel support analysts, branch/service desk personnel	Capture payment instructions from corporate, institutional, or internal channels and pass structured transaction data to authentication, validation, and routing stages
1.1	Payment Initiation and Capture	Process	Payment intake procedures, cut-off management, file upload controls, maker-checker workflow	Serves as the entry point for all downstream payment processing activities and determines the completeness of transaction data for subsequent control checks
1.1	Payment Initiation and Capture	Technology	Payment portals, host-to-host file transfer, API gateways, SWIFT/file ingestion tools, workflow engines	Interfaces with customer channels, internal payment hubs, and validation engines to create the transaction record used throughout the payment lifecycle
1.1	Payment Initiation and Capture	Third Party	Network carriers, secure connectivity providers, file transmission vendors, corporate ERP connectivity partners	Enables secure submission of instructions from external clients or partner systems into Wells Fargo payment processing environments
1.2	Customer Authentication and Authorization	People	Identity and access administrators, security operations staff, customer support teams, approvers/signatories	Confirms the identity and authority of users before transactions can move to the compliance and processing stages
1.2	Customer Authentication and Authorization	Process	MFA procedures, user entitlement checks, approval matrix enforcement, privileged access control	Prevents unauthorized initiation and links payment instructions to approved user rights, limits, and dual-control rules
1.2	Customer Authentication and Authorization	Technology	IAM platforms, MFA tools, SSO services, token servers, authentication logs, and access governance tools	Connects customer or employee identities to payment applications and control logs used by monitoring, audit, and incident teams
1.2	Customer Authentication and Authorization	Third Party	Identity technology vendors, telecom/SMS providers, and authentication certificate providers	Supports the delivery of OTPs, tokens, or digital certificates needed to complete secure payment approval
1.3	Payment Validation and Compliance Screening	People	Sanctions screening analysts, AML investigators, compliance officers, payment controls team	Reviews transaction details for completeness, suspicious indicators, sanctions, embargoes, and policy exceptions
1.3	Payment Validation and Compliance Screening	Process	Data validation rules, sanctions filtering, AML screening, threshold checks, hold/release procedures	Acts as a control gate before routing and execution; exceptions are escalated to repair, fraud, or compliance functions
1.3	Payment Validation and Compliance Screening	Technology	Screening engines, rules engines, reference data repositories, and case management tools	Integrates with payment hub, customer data, watchlists, and monitoring systems to approve, block, or queue transactions
1.3	Payment Validation and Compliance Screening	Third Party	Sanctions/watchlist data providers, AML utilities, regulatory data feeds	Supplies external reference lists and data updates needed for effective compliance filtering
1.4	Transaction Routing and Network Integration	People	Payments operations, network specialists, SWIFT/clearing connectivity support, and infrastructure teams	Determine the correct route based on currency, corridor, scheme, urgency, and market convention
1.4	Transaction Routing and Network Integration	Process	Routing logic, message formatting, queue prioritization, and network failover procedures	Directs validated payments to the proper internal processor, correspondent path, clearing network, or settlement rail
1.4	Transaction Routing and Network Integration	Technology	Payment hub, SWIFT interface, ISO 20022/message translators, middleware, network gateways	Connects initiation channels and validation engines to execution, clearing, settlement, and cross-border processing services
1.4	Transaction Routing and Network Integration	Third Party	SWIFT, ACH operators, card/payment schemes, domestic clearing houses, telecom carriers	Provides external rails and message transport needed to deliver payments to counterparties and market infrastructures
1.5	Funds Availability Check and Reservation	People	Treasury support, account services teams, operations controllers, liquidity analysts	Verify account balance, credit line availability, and reservation of funds before execution
1.5	Funds Availability Check and Reservation	Process	Balance verification, lien/hold checks, limit management, reserve posting, release rules	Links account data to processing decisions so that only eligible and funded payments proceed
1.5	Funds Availability Check and Reservation	Technology	Core ledger, balance engines, credit systems, limit management tools, and real-time account inquiry services	Exchanges balance and position information with the payment hub and liquidity systems to authorize or reject payment execution
1.5	Funds Availability Check and Reservation	Third Party	External account service partners, market data or settlement balance providers, where relevant	Supports availability checks for transactions involving external settlement accounts or nostro positions
1.6	Payment Processing and Execution	People	Payment operations analysts, supervisors, control room staff, operations managers	Execute approved payment instructions, manage queues, and ensure timely dispatch to downstream settlement channels
1.6	Payment Processing and Execution	Process	Straight-through processing, queue management, release controls, batch, and real-time execution workflows	Core production stage that transforms approved instructions into completed outbound or internal transactions
1.6	Payment Processing and Execution	Technology	Payment engines, orchestration tools, batch schedulers, transaction databases, and high-availability servers	Consumes validated and funded transactions, then writes outputs to routing, settlement, notification, and reconciliation components
1.6	Payment Processing and Execution	Third Party	External schemes, network operators, utility processors	Supports final transmission or external handoff, where Wells Fargo relies on market infrastructures or partner processors
1.7	Interbank Clearing and Settlement Processing	People	Settlement operations, treasury operations, finance controllers, and correspondent operations teams	Manage clearing submissions, settlement positions, funding windows, and post-settlement confirmations
1.7	Interbank Clearing and Settlement Processing	Process	Clearing file exchange, settlement confirmation, nostro/vostro management, cut-off, and end-of-day procedures	Connects executed payments to market infrastructures and final accounting outcomes
1.7	Interbank Clearing and Settlement Processing	Technology	Clearing interfaces, settlement platforms, general ledger interfaces, and nostro account monitoring tools	Feeds payment execution outputs into clearing houses, correspondent accounts, and internal books and records
1.7	Interbank Clearing and Settlement Processing	Third Party	Central banks, clearing houses, settlement agents, and correspondent banks	Externalises the final movement of funds and confirmation of settlement across banking networks
1.8	Cross-Border Payment Processing	People	International payments specialists, FX operations, correspondent banking teams, and sanctions specialists	Handle corridor-specific requirements, currency conversion, beneficiary bank details, and jurisdictional controls
1.8	Cross-Border Payment Processing	Process	FX conversion, correspondent routing, country-specific formatting, international sanctions review, and fee handling	Extends domestic payment processing into multi-jurisdictional, multi-currency flows with added compliance and settlement complexity
1.8	Cross-Border Payment Processing	Technology	SWIFT systems, FX platforms, cross-border payment engines, and currency rate feeds	Connects payment instructions to foreign exchange, correspondent routes, and international settlement rails
1.8	Cross-Border Payment Processing	Third Party	Correspondent banks, FX counterparties, overseas clearing systems, and sanctions data providers	Required for offshore routing, liquidity, beneficiary reach, and international regulatory screening
1.9	Transaction Monitoring and Fraud Detection	People	Fraud analysts, cyber security teams, financial crime operations, risk officers	Monitor live and post-event transaction patterns for anomalies, attacks, abuse, or suspicious activity
1.9	Transaction Monitoring and Fraud Detection	Process	Alert generation, case triage, escalation, block/release workflow, fraud rule tuning	Provides detective controls across initiation, authentication, execution, and post-payment stages
1.9	Transaction Monitoring and Fraud Detection	Technology	Fraud monitoring engines, behavioural analytics, SIEM, and case management platforms	Consumes events and logs from payment systems, IAM, networks, and customer channels to identify threats
1.9	Transaction Monitoring and Fraud Detection	Third Party	Fraud intelligence providers, consortium data services, cyber threat feeds	Enhances internal monitoring with external threat indicators and industry fraud patterns
1.10	Exception Handling and Repair Processing	People	Payment repair teams, client service staff, operations specialists, compliance reviewers	Investigate rejects, missing fields, mismatches, delayed items, and compliance-related stops
1.10	Exception Handling and Repair Processing	Process	Repair queues, investigation workflow, return/reject handling, and manual intervention controls	Restores failed or incomplete transactions back into normal flow or routes them to cancellation, dispute, or reporting processes
1.10	Exception Handling and Repair Processing	Technology	Workflow tools, repair dashboards, queue managers, case records, audit trail repositories	Interfaces with payment hub, screening systems, and customer communication tools to correct and reprocess transactions
1.10	Exception Handling and Repair Processing	Third Party	External banks, clearing operators, message counterparties	Required where exception resolution depends on amended information or confirmation from outside institutions
1.11	Reconciliation and Ledger Balancing	People	Finance teams, reconciliation analysts, controllers, operations assurance staff	Match transaction records between payment systems, nostro accounts, clearing outputs, and general ledger balances
1.11	Reconciliation and Ledger Balancing	Process	Intraday and end-of-day reconciliation, break management, suspense account review, and balancing controls	Validates the financial integrity of executed payments and supports downstream financial reporting and risk management
1.11	Reconciliation and Ledger Balancing	Technology	Reconciliation platforms, ledger systems, data warehouses, and reporting engines	Draws transaction data from execution, settlement, and accounting systems to identify and resolve breaks
1.11	Reconciliation and Ledger Balancing	Third Party	Correspondent statements, clearing reports, external confirmations, and account servicers	Provides source data needed to validate whether external settlement matches internal records
1.12	Payment Status Notification and Reporting	People	Client service teams, reporting analysts, operations support, and relationship managers	Communicate transaction status, confirmations, returns, and service information to customers and internal stakeholders
1.12	Payment Status Notification and Reporting	Process	Acknowledgement workflow, confirmation generation, exception notices, and MIS reporting	Converts operational events into customer-facing updates and management visibility across the payment lifecycle
1.12	Payment Status Notification and Reporting	Technology	Notification engines, email/SMS gateways, reporting platforms, customer portals, APIs	Pulls status information from payment hub, repair queues, and settlement systems to provide timely updates
1.12	Payment Status Notification and Reporting	Third Party	Telecom providers, messaging vendors, portal support providers	Supports outbound transmission of payment confirmations and service messages
1.13	Customer Dispute and Claims Handling	People	Claims handlers, customer service staff, fraud/dispute investigators, legal, and compliance support	Receive and assess customer complaints, duplicate payment claims, unauthorised transaction reports, and recovery requests
1.13	Customer Dispute and Claims Handling	Process	Case intake, evidence gathering, chargeback/claim review, reimbursement approval, resolution workflow	Connects customer-facing remediation to payment records, fraud findings, ledger adjustments, and regulatory reporting
1.13	Customer Dispute and Claims Handling	Technology	CRM, dispute management systems, case tools, document repositories	Uses payment and fraud data to investigate claims and coordinate remedial postings or communications
1.13	Customer Dispute and Claims Handling	Third Party	Card/payment schemes, correspondent banks, external investigators, legal counsel	Supports recovery, rule interpretation, and coordination where disputes involve external parties or schemes
1.14	Regulatory Reporting and Compliance Monitoring	People	Regulatory reporting teams, compliance officers, operational risk, and internal audit liaison	Compile regulatory submissions, monitor breaches, and evidence control performance over payment operations
1.14	Regulatory Reporting and Compliance Monitoring	Process	Regulatory return preparation, escalation of breaches, control attestation, compliance reviews	Translates payment activity, incidents, and control outcomes into regulatory disclosures and management actions
1.14	Regulatory Reporting and Compliance Monitoring	Technology	GRC tools, regulatory reporting systems, compliance dashboards, and records retention systems	Aggregates data from payment, risk, incident, and reconciliation systems for reporting and supervisory review
1.14	Regulatory Reporting and Compliance Monitoring	Third Party	Regulatory utilities, compliance data providers, and external auditors were engaged	Supports regulatory data enrichment, assurance, and specialised reporting requirements
1.15	Liquidity and Settlement Risk Management	People	Treasury, ALM, settlement risk managers, finance, and payments leadership	Monitor liquidity buffers, settlement exposures, prefunding requirements, and intraday funding needs
1.15	Liquidity and Settlement Risk Management	Process	Liquidity forecasting, collateral/funding allocation, settlement risk assessment, contingency funding procedures	Ensures payment obligations can be met within cut-offs and tolerance for disruption, especially during stressed conditions
1.15	Liquidity and Settlement Risk Management	Technology	Treasury platforms, cash position tools, nostro monitoring, stress testing models	Receives payment flow projections and settlement data to manage funding, exposures, and contingency action triggers
1.15	Liquidity and Settlement Risk Management	Third Party	Correspondent banks, central bank accounts, market utilities, liquidity providers	Provide access to settlement balances, market liquidity, and external funding channels necessary for payment continuity
1.16	Third-Party and Correspondent Bank Coordination	People	Vendor managers, correspondent relationship managers, procurement, legal, operations oversight	Manage service levels, performance, incident escalation, and resilience assurance for critical external dependencies
1.16	Third-Party and Correspondent Bank Coordination	Process	Third-party due diligence, SLA monitoring, concentration risk review, exit planning, continuity clauses	Governs external entities whose services are embedded in routing, settlement, communications, and recovery arrangements
1.16	Third-Party and Correspondent Bank Coordination	Technology	Vendor monitoring tools, contract repositories, service dashboards, and integration monitoring	Tracks the availability and performance of third-party connections supporting payment flow and recovery options
1.16	Third-Party and Correspondent Bank Coordination	Third Party	Correspondent banks, SWIFT/service bureaus, clearing operators, cloud or managed service providers	Represents the external service ecosystem required to sustain normal and disrupted payment operations
1.17	System Availability and Infrastructure Support	People	Infrastructure engineers, database administrators, network teams, production support, cyber defenders	Maintain uptime, resilience, patching, monitoring, and recoverability of the payment processing estate
1.17	System Availability and Infrastructure Support	Process	Capacity management, backup and recovery, change control, vulnerability management, and incident escalation	Underpins every payment sub-process by keeping critical systems, networks, and security controls available
1.17	System Availability and Infrastructure Support	Technology	Data centres/cloud environments, servers, storage, databases, middleware, monitoring tools, network devices	Provides the technical backbone linking channels, payment engines, ledgers, security tools, and reporting platforms
1.17	System Availability and Infrastructure Support	Third Party	Cloud providers, hardware vendors, telecom carriers, managed service partners, utility providers	Supplies infrastructure components and connectivity that affect the continuity of critical payment operations
1.18	Incident Response and Service Recovery	People	Incident commanders, crisis management teams, BCM coordinators, technology recovery teams, business owners	Lead response, decision-making, communication, workaround activation, and restoration of payment services during disruption
1.18	Incident Response and Service Recovery	Process	Incident response plan, BCP invocation, disaster recovery procedures, crisis communications, post-incident review	Coordinates cross-functional recovery across all payment dependencies when tolerance thresholds are threatened or breached
1.18	Incident Response and Service Recovery	Technology	Incident management platforms, DR sites, backup environments, communication tools, and failover infrastructure	Enables recovery orchestration, system restoration, alternate routing, and evidence capture during operational disruption
1.18	Incident Response and Service Recovery	Third Party	DR/backup vendors, telecom providers, critical service partners, external recovery sites, correspondent banks	Supports alternate service delivery, emergency communications, and restoration of external network participation

Regulatory Alignment and Examples for Wells Fargo Philippines

BSP Circular No. 1203 requires BSFIs to identify critical operations, set tolerances for disruption, and map interconnections and interdependencies to identify and resolve vulnerabilities in delivery.

The circular also makes clear that the board should approve the identified critical operations, and that these operations drive subsequent steps, such as setting disruption tolerance and mapping dependencies.

For this payment and transaction processing mapping, the most relevant BSP expectations are practical and specific.

The BSP says mapping should cover the chain of activities involved in delivering critical operations; the exercise should be harmonised with operational risk, third-party risk, business continuity, and ICT risk management; and third-party arrangements affecting critical operations should include continuity provisions or exit strategies.

The circular also says dependencies on public infrastructure, such as telecommunications and energy, should be assessed, and that technology controls should preserve confidentiality, integrity, and availability through disruptions.

Periodic business continuity exercises must cover identified critical operations, their interconnections, and key dependencies, using severe but plausible scenarios.

Examples of how these requirements apply to this CBS in the Philippine context:

A disruption to telecom connectivity affecting Manila-based payment operations would be a mapped dependency, as it could interrupt payment initiation, authentication, routing, and customer notifications.
A correspondent bank or clearing network outage would need both dependency mapping and a documented alternative arrangement or exit strategy.
A cyber incident affecting payment authentication or transaction monitoring should be assessed not only as an IT issue, but as a threat to the continued delivery of a critical operation.
A scenario test involving sanctions-screening failure, delayed settlement, and customer-impact thresholds would align with BSP’s expectation that tolerance for disruption be tested under severe but plausible scenarios.

The dependency map for CBS-1 Payment & Transaction Processing shows that Wells Fargo Philippines’ resilience is not determined by a single payment platform alone, but by the coordinated performance of front-end channels, identity and security controls, compliance screening, routing and settlement networks, treasury and reconciliation functions, infrastructure support, and external service partners.

In operational resilience terms, the value of this map is that it reveals where single points of failure, concentration risk, manual bottlenecks, and third-party vulnerabilities could interrupt payment delivery or delay recovery.

From the perspective of BSP Circular No. 1203, this chapter supports the core requirement to map interconnections and interdependencies across critical operations so that weaknesses can be identified, tested, and strengthened.

For Wells Fargo Philippines, the next logical step after this dependency map is to use it to support process-and-resource mapping, impact tolerance setting, severe-but-plausible scenario design, and end-to-end payment service scenario testing.

Wells Fargo Title Banner

eBook 3: Starting Your OR Implementation
CBS-1 Payment & Transaction Processing
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SuPS	CBS-1 ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.