
Last year, the Dutch Centra Bank (DNB) carried out a resilience program focusing on the most important geopolitical risks. This was announced by the DNB during their annual supervisory press conference. DNB also asks financial institutions how they deal with geopolitical risks. What risks are involved? In its programme, the DNB looked at:
Cyber attacks are a familiar scenario, as are supply chain disruptions. Now, the DNB is also seriously looking at the consequences of warfare, although as an extreme scenario. In addition, the DNB expects financial institutions to also take such scenarios into account:
As a supervisor, we expect institutions to also take responsibility in this area.
Warfare is not explicitly listed as a scenario in DORA. The RTS for ICT Risk Management is based on severe but plausible scenarios. Geopolitical resilience is already one of the focus areas in DNB supervision, for example in financial stress testing. War as a scenario for operational and ICT risks is a possible next step. The consequences on outsourced ICT is already one of the examples mentioned.
DNB further discusses the dependence on non-European IT. This is seen as a given in the short term. Financial institutions are expected to take measures to manage the risks of this dependency. This means that institutions must prepare for disruptive scenarios and, in the long run, take steps aimed at increasing European digital autonomy.
In the accompanying publication, the DNB also provides a number of interesting overviews (in Dutch): the number of license holders in the Netherlands and the number of enforcement measures in 2025.

