Check SHA256SUMS and exit non-zero on unexpected file (file not present in digest)

I'm trying to check the integrity of a set of downloaded files using sha256sum. I cryptographically signed a digest file (named SHA256SUMS) with PGP. I create the file by recursively calculating the checksums of all the files in & under the current directory with

find . -type f -not -name SHA256SUMS -exec sha256sum '{}' \; >> SHA256SUMS

I can now verify the integrity of the files by (after checking the signature of the digest file, which is omitted from this question for simplicity) executing:

sha256sum -c SHA256SUMS

The above command will exit non-zero if any of the files in the digest file have a different contents from what's stored in the digest file. However, it will *not* exit non-zero if there's some new file that's not listed in the digest. I couldn't find any options in sha256sum to fail if there's an unexpected file. How can I verify the integrity of a directory recursively using sha256sum, including failing on unverified files?