Domestic authorities in European Union member states should stress-test their financial institutions for cyber risks, a top EU supervisor said, saying banks might be required to hold extra capital as a buffer against what is an emerging threat.
Speaking to Reuters in Beijing on Friday, Andrea Enria, chairman of the European Banking Authority (EBA), said cyber security had become an important issue for EU member states. He called on domestic regulators to stress-test local banks to understand the possible risks.
“I would not run a massive cyber-risk attack scenario for 28 member states at the same time,” said Enria. “But if you ask me would I recommend competent authorities to think more on this and consider running this type of stress test? I would say yes.”
The global financial system is still reeling two months after a still-unidentified group was able to use malware to hack the SWIFT bank messaging network and steal $81 million from the Bangladesh central bank.
SWIFT said its own infrastructure had not been hacked and that the thieves had attacked Bank Bangladesh’s interface with the SWIFT system. SWIFT says security around SWIFT interfaces, including those supplied by SWIFT, was the responsibility of users.
The February heist prompted Mary Jo White, chair of the U.S. Securities and Exchange Commission, to warn last week that cyber security is the biggest risk facing the financial system.
The EBA operates as a pan-EU regulator, writing and coordinating banking rules across the 28-country bloc.
Cyber risks will also be included under the EU’s so-called ‘Pillar 2’ rules, which will outline how much capital banks must hold to buffer themselves against a range of risks, including IT issues.
For more on cyber-security, watch:
“We are developing guidelines on IT risk, which are under the Pillar 2 framework—so how to assess cyber risk and how to assess the mitigating measures that banks are putting into place and, if shortcomings are identified, which types of measures supervisors can take under Pillar 2, including additional capital requirements,” said Enria.
The guidelines will be published by the EBA for public consultation later this year, Enria said.
Italian national Enria was in Beijing to meet Chinese central bank officials and banking regulators. His discussions touched on non-performing loans, bank profitability, and the UK referendum to exit the European Union, he said.
European and Chinese authorities are exploring whether more formalized cooperation arrangements may be useful going forward, as more Chinese banks open operations in Europe, and European banks expand operations in China.
“We are also discussing possible agreements on the regular exchange of information and cooperation at the supervisory level between the European and Chinese authorities,” said Enria.