The European Central Bank’s cyber resilience stress test in the coming months will not affect bank-specific capital requirements but instead form part of a broader supervisory assessment, the ECB said in a statement today.
The long-planned stress test, which will involve 109 of the bloc’s biggest lenders, will assume a successful cyberattack that disrupts daily business.
“The exercise will assess how banks respond to and recover from a cyberattack, rather than their ability to prevent it,” the ECB said in a statement.
“Banks will then test their response and recovery measures, including activating emergency procedures and contingency plans and restoring normal operations.”
The test’s main findings will be unveiled in the summer.
Bank-specific results will be discussed in the 2024 Supervisory Review and Evaluation Process.
As part of the exercise, 28 banks will undergo an “enhanced” assessment, under which they will have to submit additional information on how they would cope with an attack.
The ECB said the test would be a “predominantly” qualitative exercise and would not have an impact on capital through Pillar 2 guidance, a bank-specific capital recommendation provided on top of binding requirements.