Contingency Banking Services Mexico | COA, POA, ASA

Why contingency is non-negotiable

The central bank requires every SPEI and SPID participant to operate all three contingency modes (COA, POA, ASA), with documented activation procedures and annual testing. Contingency isn’t a “nice to have”: without it, a regulated institution can’t obtain or keep its participation licence. And when a primary system fails mid-operation, money movement must continue — customer impact compounds in minutes.

The three modes — in detail

COA

Participant-Level Contingency

Participant-level fallback via batch file processing in tilde-delimited (~) format. Every transaction requires operator approval. Automatic activation when primary connection failure is detected.

We deliver: COA file generator, operator approval flow, activation playbook, integration with the official central-bank submission, and COA operations reports for audit.

POA

Alternate Operations Procedure

System-level alternate operation, used for corrections, reversals, and post-operation settlement adjustments when the primary system is unavailable.

We deliver: POA operations console, dual-control reversal and adjustment flow, complete auditable record, and closing reports.

ASA

Advanced Alternate System

Full backup system that replicates primary-system functionality. Automatic failover with minimal data loss.

We deliver: hot-standby with continuous replication, automated failover, RPO ≈ 0 and RTO < 5 min depending on target infrastructure, and catch-up reconciliation upon primary restoration.

Failover sequence

Automatic incident detection (heartbeat, protocol timeout, connection error).
Activation of the configured contingency — COA, POA, or ASA — without manual intervention where applicable.
Operator validation to confirm the mode and scope of activation.
Traffic resumes via the alternate channel.
Primary system restored, catch-up reconciliation for operations processed in contingency.
Post-incident report generated with timeline, decisions, and affected transactions.

Audit and regulatory reporting

Every activation, every operation processed in contingency, and every operator decision is recorded immutably. We automatically generate the artifacts required by the regulator:

Contingency start and end timestamps
Diff of transactions processed in alternate vs. primary mode
Operator approvals with identity and timestamp
Post-incident report in the regulator's format
Evidence ready for regulatory audits

Mandatory annual drills

The regulator requires periodic contingency drills. Without a test environment, drills happen against production — risky and unworkable. Every project includes our multi-bank simulator server and a scripted drill harness, so your institution validates each mode without affecting real traffic.

Compliance checklist

COA, POA and ASA procedure documentation
Immutable logs and regulatory archival
Annual drill records with evidence
Operations manuals for the on-shift team
Post-incident reports ready for the regulator
Recovery plan with documented RPO/RTO

Contingency