Austrian regulator FMA has conducted for the first time a stress test to assess whether Pensionskassen can withstand a blackout caused by an energy supply crunch.
The regulator has conducted the stress test – officially called Blackout Maturity Level Assessment – with the Pensionskassen in the third quarter of this year.
It has analysed the level of maturity of the measures taken by Pensionskassen to withstand a blackout during three phases: the preparation for a possible blackout, managing and reacting to a blackout, and restarting and restoring operations after a blackout.
For the preparatory phase to a blackout, the regulator focused on assessing the level of maturity of the measures taken by the Pensionskassen to ensure the continuation of operations within information and communication infrastructure (ICT business continuity policy), emergency plans, composition and organisation of the emergency team, risk analyses and “business impact “analyses, integration of external know-how and regular tests of emergency plans.
Three quarters of Austrian pension funds explicitly mentioned blackouts in their ICT (information and communication technology) business continuity policy, and emergency plans have been prepared by most pension funds, according to the FMA report.
The report also showed that 40% of Austrian Pensionskassen carry out tests on contingency plans in case of blackouts on a regular basis.
To analyse the response of Pensionskassen to a blackout, the FMA went through the criteria set out by pension funds for triggering emergency plans, analysed if emergency plans were accessible, the protection of the ICT infrastructure and information security, the protection of buildings, instructions and training of employees and emergency power supply.
Almost two-thirds of pension funds stated that they had clearly defined the criteria for triggering an emergency plan in case of blackouts, and three quarters of Pensionskassen said they could shut down critical ICT systems, or maintain them in emergency mode in the event of a blackout without physical damages or breaches of ICT or information security systems, the report added.
The regulator focused on emergency operations put in place by Pensionskassen to resume normal operations in order to assess a restart phase in the event of a blackout.
Overall, Austrian pension funds did well across all three phases: 50% met the criteria for the highest level of maturity in terms of measures to take to withstand a blackout, 38% the middle level and only 13% were classified as low level in terms of maturity.
The best results came from the general preparations for a possible blackout and planned measures in the event of a blackout. The FMA identified greatest potential for improvement for the restart phase and the restoration of normal operations.
The regulator explained that it has conducted the test given the energy crisis caused by Russia’s attack on Ukraine, an increase in cyber attacks and volatility in the gas and oil markets.
It considers the Blackout Maturity Level Assessment a new supervisory tool that will apply also to insurers in 2023.
No comments yet