A&O Shearman | FinReg | PRA thematic findings from the 2024 Cyber Stress Test
Financial Regulatory Developments Focus
This links to the home page
Financial Regulatory Developments Focus
Filters
Recent Posts
EBA consults on draft RTS and guidelines for third country branches under CRD IV
BCBS report on interconnections between banks and NBFIs
ESMA peer review report issuing CASP oversight recommendations under MiCAR

  • PRA thematic findings from the 2024 Cyber Stress Test
    9 July 2025
    The Bank of England and the Prudential Regulation Authority (PRA) have released a letter to PRA-regulated firms and relevant financial market infrastructure (FMIs) outlining the thematic findings from the 2024 Cyber Stress Test (CST24). PRA-regulated firms and relevant FMIs are encouraged to consider these findings in the implementation of their operational resilience policies.

    The CST24 involved providers and users of wholesale services modelling the operational, financial and confidence impacts of suspected, confirmed and longer cyber-attack scenarios affecting transaction settlement.

    Key findings and recommendations from the test include:
    • The need for systemic firms to consider the FPC's tolerance for disruption to payments and settlement, and how the decisions they make in response to operational disruption may affect financial stability.
    • That the ability to process high-impact transactions using workarounds can help to maintain financial stability by enabling key markets to continue to function. Firms should consider prioritising payments that minimise the impact on market integrity and/or financial stability. Doing so is unlikely to breach TCF requirements. Firms should work with their FMIs or central counterparties to ensure ongoing awareness of available mitigation options and ensure that new options are adopted, tested and factored into system upgrades as new technology becomes available.
    • Firms' decisions about disconnecting from critical systems and infrastructures would determine their ability to mitigate financial stability impacts since disconnection would mean no further transactions could be processed. It is important for firms to ensure that their disconnection options are understood across business functions, are aligned to their risk appetites, and that playbooks reflect the potential financial stability impacts of a loss of key connection.
    • Reconnection options must also be understood and aligned to their risk appetites and playbooks reflect the potential financial stability impacts of a loss of key connections. The work at the Cross Market Operational Resilience Group (CMORG) to define best practice reconnection processes, including informing firm-level reconnection decisions will be an important resource on this topic.
    Return to main website.
    Topic: Operational Resilience