This policy contribution (pdf) was written for and presented at the informal meeting of EU finance ministers and central bank governors (Informal ECOFIN) in Helsinki, 13 September 2019.
Increasing cyber and hybrid risks will test the European Union’s system of fragmentation on issues of security but centralisation on financial and other economic issues. This asymmetry was not an obstacle in a world in which security threats were more contained or of a different nature. But the world is changing.
We document the rise in cyber attacks in the European Union. Meanwhile, hybrid threats, involving conventional and non-conventional means, are real, though difficult to quantify. We explore preparations to increase the resilience of the financial system in terms of regulation, testing and governance. We find that at the individual institutional level, significant measures have been taken, even though there are diverging views on whether individual companies are sufficiently prepared. More worryingly, preparations appear less advanced at the system-wide level.
We recommend that EU finance ministers increase resilience of the financial system through regular preparedness exercises and greater consideration of system-wide regulatory issues. We also consider it necessary to advance a broader political discussion on the integration of the EU security architecture applicable to the financial system. This includes reopening the framework on foreign-investment screening in order to ensure screening of foreign investment in critical financial infrastructure at the EU level.