On 13 December 2021, the Prudential Regulation Authority (PRA) issued a statement announcing that it will invite a number of firms to participate in a voluntary cyber stress test. The stress test will focus on a severe data integrity incident as the disruption scenario and will test firms’ ability to meet the impact tolerance for payments in a severe but plausible scenario.
In March 2021, the Financial Policy Committee (FPC) set an impact tolerance for payments and agreed that the next cyber stress test would focus on a retail payment system. The FPC also confirmed that the 2022 test should target the most systemic firms contributing in the end-to-end payments chain, as in the event of disruption, their ability to resume services in a timely manner was particularly important for UK financial stability.
The Prudential Regulation Committee in addition has agreed to invite a limited number of firms with a smaller presence in the retail payment system to take part in the cyber stress test.
The PRA will contact the firms selected for invitation, and they will receive more information about the test in due course.