EU member states should stress-test banks' cyber risks -European Banking Authority chairman

BEIJING (Reuters) - Domestic authorities in European Union member states should stress-test their financial institutions for cyber risks, a top E.U. supervisor said, warning banks might be required to hold extra capital as a buffer against what is an emerging threat.

Andrea Enria, Chairperson of European Banking Authority (EBA), attends a policy dialogue at the Asian Financial Forum in Hong Kong January 19, 2015. REUTERS/Bobby Yip/File Photo

Speaking to Reuters in Beijing on Friday, Andrea Enria, chairman of the European Banking Authority (EBA), said cyber security had become an important issue for E.U. member states. He called on domestic regulators to stress-test local banks to understand the possible risks.

“I would not run a massive cyber-risk attack scenario for 28 member states at the same time,” said Enria. “But if you ask me would I recommend competent authorities to think more on this and consider running this type of stress test? I would say yes.”

The global financial system is still reeling two months after a still-unidentified group was able to use malware to hack the SWIFT bank messaging network and steal $81 million (£56 million) from the Bangladesh central bank.

The February heist prompted Mary Jo White, chair of the U.S. Securities and Exchange Commission, to warn last week that cyber security is the biggest risk facing the financial system.

The EBA operates as a pan-E.U. regulator, writing and coordinating banking rules across the 28-country bloc.

Cyber risks will also be included under the E.U.’s so-called ‘Pillar 2’ rules, which will outline how much capital banks must hold to buffer themselves against a range of risks, including IT issues.

“We are developing guidelines on IT risk, which are under the Pillar 2 framework - so how to assess cyber risk and how to assess the mitigating measures that banks are putting into place and, if shortcomings are identified, which types of measures supervisors can take under Pillar 2, including additional capital requirements,” said Enria.

The guidelines will be published by the EBA for public consultation later this year, Enria said.

Italian national Enria was in Beijing to meet Chinese central bank officials and banking regulators. His discussions touched on non-performing loans, bank profitability, and the U.K. referendum to exit the European Union, he said.

European and Chinese authorities are exploring whether more formalised cooperation arrangements may be useful going forward, as more Chinese banks open operations in Europe, and European banks expand operations in China.

“We are also discussing possible agreements on the regular exchange of information and cooperation at the supervisory level between the European and Chinese authorities,” said Enria.

Reporting by Matthew Miller; Writing by Michelle Price; Editing by Kenneth Maxwell