BaFin's latest stress test places digital resilience as a focal point in regulatory scrutiny
European Banking Authority and European Central Bank Conduct 2025 Stress Test to Assess Banks' Digital Resilience
The European Banking Authority (EBA) and European Central Bank (ECB) have recently conducted a stress test on European banks, focusing on technological and digital vulnerabilities as key factors in operational resilience.
The stress test, which takes place every two years, includes an exploratory scenario on counterparty default risk. This scenario highlights risks related to interconnections with non-European financial actors, particularly from the US, and reveals a technologically induced dimension to these risks.
Regulatory requirements for IT continue to rise in the banking sector, leading to IT-related bottlenecks at many institutions. Banks have had to adjust their starting data according to the new regulations and provide consistent, digitally traceable reports.
The level of portfolio hedging varies significantly, indicating differences in digital risk management and automated collateral valuation among banks. The stress test reveals that sectoral vulnerabilities, such as in digitally intensive business models or FinTech collaborations, are only partially captured by the internal models of banks.
Many banks struggle with aggregating granular credit-related data, particularly in technically heterogeneous or outdated system landscapes.
Emphasis on IT and Cyber Resilience
The ECB specifically notes the need for banks to invest in their IT systems and cyber defenses to bolster operational resilience against potential digital disruptions. This reflects an acknowledgment that cyber threats remain a significant source of vulnerability in the banking sector, particularly amid geopolitical tensions and economic stress.
Operational Resilience and Risk Management Improvements
The stress test’s role includes helping banks improve risk management practices, which encompasses technological risk factors such as cybersecurity, IT system failures, and data integrity. Enhanced operational resilience is critical for maintaining continuity during economic or geopolitical crises.
Scenario-Induced Risks Amplified by Digital Dependencies
The adverse scenario assumes heightened geopolitical tensions and trade fragmentation, which may lead to supply chain disruptions, including IT hardware and software supply, affecting banks’ technological infrastructure indirectly.
Modelling Limitations on Sectoral and Digital Risks
Although banks have made improvements in modelling sectorial impacts, the stress test highlights that the current models capture sector-specific vulnerabilities and digital/operational risks only to a limited extent, indicating a need for further development to better assess digital risks under stress scenarios.
Addressing IT Challenges
In response to these findings, the ECB has initiated short-term on-site inspections to review IT capabilities and announced a more in-depth evaluation of the stress test capacities of selected institutions. The ECB is increasingly considering the technological capabilities of banks in its assessment of their governance and risk management.
The ECB calls on banks to adapt their IT strategies to long-term stress scenarios, including new risks from cloud usage, AI-based credit decision-making, and digital wealth management. The stress test for Eurozone banks includes the new capital regulation CRR3, with increased regulatory requirements for the technical feasibility and compliance of digital systems.
The 2025 Stress Test is organized in close cooperation between EBA, ECB, the European Systemic Risk Board, and national supervisory authorities, with BaFin and Bundesbank contributing to both the methodological development and the conduct of the stress test.
In conclusion, the 2025 EU-wide stress test does not isolate technological and digital vulnerabilities as separate stress factors with detailed quantitative results but clearly signals their importance through the emphasis on operational resilience, cyber defenses, and IT investments required to maintain banking system stability under stress. This reflects a broader recognition by European supervisors that digital risks are a critical part of the banking system’s vulnerability profile alongside credit and market risks.
- In response to the 2025 Stress Test findings, the European Central Bank (ECB) has called on banks to adapt their IT strategies to long-term stress scenarios, which include new risks from cloud usage, AI-based credit decision-making, and digital wealth management.
- The European Banking Authority (EBA) and European Central Bank (ECB) have emphasized the need for banks to invest in their IT systems and cyber defenses, as cyber threats remain a significant source of vulnerability in the banking sector, particularly amid geopolitical tensions and economic stress.
