ECB’s cyber stress test will not affect capital requirements

Long-planned stress test will involve 109 of the region’s biggest lenders

The headquarters of the European Central Bank (ECB) in Frankfurt am Main, western Germany.
The headquarters of the European Central Bank (ECB) in Frankfurt am Main, western Germany.

The European Central Bank’s cyber resilience stress test in the coming months will not affect bank-specific capital requirements but instead form part of a broader supervisory assessment, the ECB said in a statement on Wednesday.

The long-planned stress test, which will involve 109 of the region’s biggest lenders, will assume a successful cyberattack that disrupts daily business.

"The exercise will assess how banks respond to and recover from a cyberattack, rather than their ability to prevent it," the ECB said in a statement.

"Banks will then test their response and recovery measures, including activating emergency procedures and contingency plans and restoring normal operations."

READ MORE

The test's main findings will be unveiled in the summer. Bank-specific results will be discussed in the 2024 Supervisory Review and Evaluation Process.

As part of the exercise, 28 banks will undergo an "enhanced" assessment, under which they will have to submit additional information on how they would cope with an attack.

The ECB said the test would be a “predominantly” qualitative exercise and would not have an impact on capital through Pillar 2 guidance, a bank-specific capital recommendation provided on top of binding requirements. - Reuters

(c) Copyright Thomson Reuters 2024