September interest rate cut by ECB ‘very possible’

Bank finds ‘shortcomings’ in banks’ ability to cope with cyber attacks

The ECB headquarters. The bank called on lenders to improve their capacity to respond and recover from a major cyber attack, in its first test of the financial sector’s vulnerability to the rising threat from hackers. Photograph: Kirill Kudryavtsev/AFP
The ECB headquarters. The bank called on lenders to improve their capacity to respond and recover from a major cyber attack, in its first test of the financial sector’s vulnerability to the rising threat from hackers. Photograph: Kirill Kudryavtsev/AFP

A September interest rate cut by the European Central Bank (ECB) is “very possible”, though its future policy will remain data-dependent, a former deputy governor of the Central Bank said.

Stefan Gerlach, deputy governor at the bank between 2011 and 2015, said he expected euro zone inflation pressures to abate further which, along with a “natural weakness” in economic activity, will allow the ECB to continue reducing rates.

“The likelihood of a rate cut in September is material,” Gerlach, currently chief economist at EFG Bank in Zurich said.

Money markets have priced in 64 per cent odds for a 25-basis-point rate cut by the ECB when it meets next on September 12th, which would be its second this year. Traders see a less than 10 per cent chance of a third easing by the ECB in 2024.

READ MORE

Meanwhile, the ECB has called on lenders to improve their capacity to respond and recover from a major cyber attack, in its first test of the financial sector’s vulnerability to the rising threat from hackers.

The ECB said its debut cyber stress test found “room for improvement” in the readiness of banks to cope with a scenario in which hackers penetrated their defences and caused serious disruption to core databases and systems.

“The results of the stress test are insightful and showed that while banks do have high-level response and recovery frameworks in place, there is still room for improvement,” said Anneli Tuominen, a member of the ECB’s supervisory board, which oversees the top Eurozone lenders, on Friday.

Western banks have suffered a surge in cyber attacks in the past two years, which the regulator has partly blamed on Russian hackers acting in response to sanctions placed on the country and its banks following Moscow’s full-scale invasion of Ukraine. The use of artificial intelligence by cyber criminals has also increased the number and sophistication of attacks.

Tuominen said “the importance of cyber resilience cannot be overstated”, adding that the recent global IT outage caused by an update at CrowdStrike, the cyber security company, showed how “an incident in one institution can have cascading effects across multiple sectors”.

The ECB said its stress test was designed to examine banks’ responses to a major cyber attack and not their ability to prevent hackers from successfully penetrating their systems.

It sent a questionnaire and requested documentary evidence from all 109 banks involved in the exercise to check how they would respond to a serious cyber attack that had breached their defences.

More extensive testing was carried out at 28 of the banks chosen to represent a cross-section of the sector, which had to do an IT recovery test and an onsite visit by ECB supervisors.

The central bank said the results of the test would feed into its annual supervisory review and evaluation process, which assesses risks at each bank and sets their capital requirements. It did not expect any direct impact on the amount of capital it wants banks to have.

The test examined banks’ internal crisis management procedures and business continuity plans, as well as how they would communicate with external parties including customers, law enforcement agencies and service providers.

Banks had to show their ability to implement workarounds to continue operating while they worked on recovering IT systems and to restore backed-up data and work with critical third-party service providers.

“Supervisors have provided individual feedback to each bank and will follow up with them accordingly,” the ECB said. “In some cases, banks have already improved or plan to remedy the shortcomings pinpointed during the exercise.”

Detecting and addressing deficiencies in banks’ operational resilience, including cyber risk, was set as one of the ECB’s supervisory priorities for the next two years after it detected a sharp increase in the number and sophistication of hacking attacks.

In October, Lloyd’s of London warned that a significant cyber attack on a global payments system could cost the world economy $3.5tn.

Earlier this year, Spain’s largest bank Santander was hit by a cyber attack on a database hosted by a third-party provider that held information on customers in Spain, Chile and Uruguay. A few weeks later, data on millions of clients and staff – including account details and credit card numbers – were offered for sale on a hacking forum.

Last year, the number of ransomware attacks in the finance industry rose by 64 per cent, and was nearly double the 2021 levels, according to cyber security company Sophos.

In November, the New York arm of China’s largest bank ICBC was hit by a ransomware attack, disrupting the $25tn US Treasury bond market. – Copyright The Financial Times Limited 2024/Reuters