Danish FSA to Guide Banks on Macroeconomic and Cyber Risk Stress Tests

Danish FSA published the stress test guidance for small and medium-size banks that prepare macroeconomic stress tests. The guidance is accompanied with a table of scenario values, a guide on approach to calculating write-downs for the individual institution in the stress scenario, and an "Excel Depreciation Percentages Tool." The guidance describes some approaches and methods that institutions should consider in the preparation of stress tests and is based on the key elements of the Danish FSA's internal capital projection model, which institutions can take as a starting point; however, institutions can use other approaches if they assess that it will give rise to one more "truthful stress test." Nevertheless, it is crucial that such deviations are well-motivated and can be substantiated by the department. It is the responsibility of the department to ensure that the stress test is calculated sufficiently carefully. Parts of the guide may also be relevant for banks that perform simpler stress tests or sensitivity analyzes, for example, for the calculation of department-specific impairment rates under stressful conditions. The guide contributes generally to a greater openness about the content of the Danish FSA's internal macroeconomic stress test. The guidelines do not change the Danish FSA's requirements for when institutions must perform macroeconomic stress tests, in relation to the applicable rules and practices.

The newly launched operational resilience enhancement program will use cyber stress testing to analyze the consequences of a large-scale information technology crash. The program on enhanced operational resilience through cyber stress testing aims to map out what will happen in the event of extensive information technology crashes in the sector, both at the individual company and at the sector levels. Building on this exercise, Danish FSA will support that appropriate initiatives are implemented at the individual companies to prevent and reduce the consequences of a crash. Any follow-up initiatives at sector level are coordinated with Danmarks Nationalbank and the other work in the Financial Sector Forum for Operational Robustness (FSOR). The program builds further on the results of the work in FSOR, which is chaired by Danmarks Nationalbank. The participating financial companies and data centers are informed to step-by-step map the operational consequences to assess the economic, legal, and reputational consequences of the crash at different times until normal information technology operations could be restored. The companies are further informed to document the assessment results. The Danish FSA expects to soon offer a task to provide a consultancy to develop and implement the initial cyber stress tests.

Related Links (in Danish)

• Guidance on Bank Stress Tests
• Stress Test Guide (PDF)
• Scenario Values Table (XLSX)
• Guide to Write-Downs (PDF)
• Excel Tool For Write-Down Percentages (XLSX)
• Press Release on Cyber Stress Tests

Keywords: Europe, Denmark, Banking, Operational Resilience, Stress Testing, Cyber Risk, Macroeconomic Stress Testing, Small and Medium Size Banks, Danish FSA