Dutch Central Bank Warns Cyber Threats, Private Credit & Geopolitical Conflict Are Testing Financial Stability

Key Takeaways

• DNB Warns Risks Are Becoming More Interconnected: De Nederlandsche Bank said geopolitical tensions, cyber threats, private credit growth, and market vulnerabilities are increasingly compounding one another rather than emerging as isolated risks.
• AI Is Changing the Nature of Cyber Threats: The central bank warned that generative AI is accelerating the scale, speed, and complexity of cyber attacks, shrinking the time financial institutions have to respond and recover.
• Dutch Banks Remain Resilient Under Stress Scenarios: DNB’s stress test found Dutch banks could withstand a severe escalation of the war in the Middle East while maintaining capital ratios above regulatory requirements.
• Private Credit Exposure Continues to Rise: The largest Dutch insurers increased private credit exposure by roughly one-third over the past four years, surpassing €16 billion in 2025.
• Stablecoins Are Drawing Increased Regulatory Attention: While direct Dutch exposure remains limited, DNB warned that growing links between stablecoins and traditional finance could increase volatility and alter bank funding structures over time.

Deep Dive

The latest Financial Stability Report, published Tuesday by De Nederlandsche Bank, is nominally about financial stability in the Netherlands. It is also, whether intentionally or not, a document about systems becoming harder to fully see. The concern running through it is not merely that risks exist. Central bankers have always had risks. It is that too many risks are now colliding at once, feeding each other, accelerating each other, and moving faster than the institutions built to contain them.

Cyber risk sits near the center of that anxiety. Not in the abstract way these reports sometimes discuss technology, where “digital transformation” floats through the prose like corporate incense, but as a direct operational and financial threat. The bank warns that geopolitical tensions and rapid advances in AI are increasing both the likelihood and sophistication of cyber incidents. Generative AI models, it notes, allow threats to emerge almost instantly, compressing the time financial institutions have to identify vulnerabilities and recover from attacks.

That compression matters a lot.

Banks have spent years talking about resilience. Backup systems. Recovery frameworks. Incident response exercises. What the report quietly acknowledges is that the timeline itself is changing. Threats once measured in days or hours increasingly unfold in minutes. Sometimes faster. The pressure this places on fallback systems and operational recovery is obvious enough. Less obvious is what it does psychologically inside institutions already overloaded with alerts, dependencies, vendors, outsourced infrastructure, and regulatory obligations layered atop each other like sediment.

Olaf Sleijpen, governor of De Nederlandsche Bank, attempted to strike the reassuring tone expected of central bankers while still leaving room for unease. “The risks for financial stability in the Netherlands remain elevated amid persistent geopolitical and economic turbulence,” he said. “We are still under ‘code amber’.”

According to the stress test included in the report, Dutch banks can withstand a severe escalation of the conflict in the Middle East involving lower revenues, higher credit losses, and increases in risk-weighted assets. Average core capital ratios would fall by around two percentage points but remain above required thresholds at 15.7%.

And that is probably true. European banks today are better capitalized than they were before the global financial crisis. Regulators know it. Banks know it. The stress tests themselves are no longer the story they once were. What feels more revealing is what sits around the edges of the report. The things regulators discuss carefully because they are difficult to quantify cleanly. Private credit is one of them.

The central bank describes the growth of private credit as broadly positive because it diversifies lending beyond traditional banks. Fair enough. But it also admits that assessing the underlying risks is difficult because loan quality is often unclear and the sector is deeply interconnected with the rest of the financial system. Translation: there is a lot of money moving around in structures regulators are still trying to fully map.

Earlier this year, the bank requested information from major Dutch pension funds and insurers regarding private investments. Initial findings showed private credit exposure among the country’s largest insurers has increased by roughly one-third over the last four years, surpassing €16 billion in 2025 and representing about 8% of assets under management.

You can feel the concern without the report ever fully stating it outright. Financial systems have a habit of rediscovering opacity every decade or so and convincing themselves it is manageable right up until it isn’t.

Stablecoins appear in the report almost like another item added to an already crowded desk. Their market size has doubled in two years to roughly USD ($300 billion). Dutch household exposure remains limited. Direct risks appear marginal for now. Yet the central bank still warns that growing interconnectedness between stablecoins and traditional finance could eventually affect market volatility and bank funding structures, particularly if regulatory approaches continue diverging across jurisdictions.

This is the recurring theme underneath nearly every section of the report. Interconnectedness. Dependencies. Speed. Financial stability no longer looks like a question of whether one institution fails. It looks more like a question of how many systems become stressed simultaneously before anyone fully understands the chain reaction underway.

There is a line in the report noting that geopolitical tensions and geo-economic fragmentation are not isolated phenomena. It is a dry sentence. Regulatory writing tends to flatten everything into the same texture. But it may be the truest observation in the entire document.

Nothing is isolated anymore—not energy markets, cyber attacks, private lending, AI development, and certainly not financial panic. The old assumption was that crises spread outward from a center. Increasingly they seem to arrive everywhere at once.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.