ECB's cyber stress test will not affect capital requirements

The European Central Bank (ECB) confirmed that its forthcoming cyber resilience stress test, involving 109 major lenders, will not directly impact individual bank capital requirements. Instead, it will be a comprehensive supervisory evaluation, as outlined in a statement released recently.

Handling cyber disruptions

Scheduled for the coming months, this long-anticipated stress test will simulate the aftermath of a successful cyberattack causing significant disruption to daily banking operations. Rather than solely assessing the banks' ability to prevent cyberattacks, the focus will be on evaluating their responses and recovery procedures in the event of such an incident, as stated by the ECB.

The test will involve banks activating emergency protocols, contingency plans, and restoring normal operations to gauge their effectiveness in handling cyber disruptions. The ECB anticipates revealing the primary findings during the summer, with detailed bank-specific outcomes slated for discussion in the 2024 Supervisory Review and Evaluation Process.

Enhanced assessment

Additionally, within this evaluation, 28 banks will undergo an enhanced assessment, requiring them to provide supplementary details on their strategies for managing and mitigating the impacts of potential cyberattacks.

Emphasising its predominantly qualitative nature, the ECB clarified that this exercise will not directly influence capital through Pillar 2 guidance. Pillar 2 guidance represents specific capital recommendations tailored to individual banks, extending beyond obligatory requirements. This stress test primarily aims to comprehensively evaluate banks' resilience and response strategies in the face of cyber threats without directly altering their capital directives.

(with Reuters inputs)