ECB to stress test cyber resilience of banks

Considering the predetermined scenario, banks assess their response and recovery measures, such as activating emergency procedures and contingency plans, as well as restoring normal operations. Afterward, supervisors evaluate the extent to which banks can manage under such a scenario. Furthermore, the stress test includes 28 banks that will undergo an advanced verification for which they are required to submit additional details on how they handled the cyberattack. The sample covers multiple business models and geographic areas, aiming to offer an appropriate reflection of the euro area banking system, while also ensuring efficient coordination with other administrative activities.

The qualitative examination will not impact the capital through the Pillar 2 guidance, a bank-specific capital recommendation in addition to the mandatory requirements. As per the information detailed in the press release, the information gained from this assessment intends to be leveraged for a wider supervisory examination in 2024. The findings from each bank will be discussed as part of the 2024 Supervisory Review and Evaluation Process, which focuses on assessing a bank’s individual risk profile. The stress test’s results are expected to be communicated starting June 2024.

The ECB conducts supervisory examination on an annual basis as per Article 100 of the Capital Requirements Directive, with the entity participating every two years in an EU-wide stress test directed by the European Banking Authority. During the years in which there is no EU-wide stress test, the ECB does a targeted stress test exercise that centres on a specific topic of interest, including the climate risk stress test in 2022, the sensitivity analysis of liquidity risk in 2019, and the sensitivity analysis of interest rate risk in the banking book in 2017. The COVID-19 pandemic constrained the ECB in conducting the 2020 EBA stress test, requiring the examination to be postponed until 2021.

In addition to its input in decreasing and combating cyberattacks, the ECB also published a card fraud report in June 2023 that revealed a significant reduction in card fraud across Europe. The report included 20 card payment scheme operators and provided insight into card fraud trends. The ECB found that most of the card fraud in 2020 and 2021 involved cross-border transactions, with them constituting 11% of the total value of card payments and 63% of the total value of card fraud in 2021.

Source: Link