Open Editor’s Digest for free
Rula Khalaf, editor of the Financial Times, picks her favorite stories in this weekly newsletter.
Wall Street traders and brokers are scrambling to minimize the fallout from a ransomware attack on China’s largest bank, which disrupted trading in the $25 trillion U.S. Treasury market.
The attack on the New York unit of the Industrial and Commercial Bank of China, first reported by the Financial Times on Thursday, exposed vulnerabilities in the Treasury market, the world’s largest and most liquid, which supports asset prices around the world.
With its systems compromised, financial services firm ICBC was forced to send a USB stick containing trading data to BNY Mellon to help it settle trades, according to people familiar with the situation.
The attack prevented the Industrial and Commercial Bank of China from settling treasury transactions on behalf of other market participants, according to traders and banks. Hedge funds and asset managers redirected trades due to the disruption and the attack had some impact on Treasury market liquidity, according to trading sources.
Some traders noted that the hack at the Industrial and Commercial Bank of China may have contributed to a sharp sell-off in longer-term Treasuries later on Thursday following a $24 billion auction of 30-year bonds.
Because of the Industrial and Commercial Bank of China hack, the Bank of New York on Thursday requested multiple extensions of business hours for Fedwire, a real-time payments platform run by the U.S. Federal Reserve, according to people familiar with the matter, to buy more time to settle Treasury trades.
The Bank of New York declined to comment. The Industrial and Commercial Bank of China (ICBC) did not respond to a request for comment. The Industrial and Commercial Bank of China (ICBC) had previously confirmed that it had “suffered a ransomware attack that led to the disruption of some services [financial services] Systems.”
BNY, the world’s largest custodian bank, has disconnected ICBC from its platform and does not plan to reconnect it until a third party certifies it is safe to do so, according to people familiar with the matter.
“No IT team would trust anything from the Industrial and Commercial Bank of China (ICBC) in the United States without it being thoroughly vetted or vetted,” said one cyber expert close to the industry response.
“Until BNY reconnects, it will be slow and painful,” another person involved said.
The Securities and Exchange Commission said Friday that it “continues to monitor with a focus on maintaining fair and orderly markets.” The Securities Industry and Financial Markets Association, which represents banks and asset managers, held phone calls with members to discuss their response to the incident.
At a press conference on Friday, China’s Foreign Ministry said the Industrial and Commercial Bank of China had done a good job in handling the attack on its US financial services arm.
Ministry spokesman Wang Wenbin said: “The Industrial and Commercial Bank of China has been closely monitoring the matter and has made every effort in emergency response and supervisory communications.”
ICBC is the only Chinese broker with a securities clearing license in the United States. She set up the company after purchasing the principal dealer services unit of Fortis Securities in 2010.
“The Industrial and Commercial Bank of China is a large Chinese bank and the flows it handles are significant,” said Charlie McElligott, a multi-asset strategist at Nomura Bank. “Anything that prevented the ability to participate in the auction, it is fair to say, would have contributed to the higher yield that followed.”
After news of the ransomware attack emerged, employees at ICBC Bank’s Beijing headquarters held urgent meetings with their US unit, according to one employee who participated in these meetings.
Ransomware attacks have proliferated since the coronavirus pandemic, partly because remote work has made companies more vulnerable and because cybercriminal groups have become more organized.
“With cyberattacks becoming more serious, complex and frequent, which often involve human error, companies urgently need to rethink their approach to ransomware defense,” said Oz Alashi, founder of CybSafe, a British cybersecurity and data analysis company.
(Additional reporting by Joshua Franklin and Kate Duguid in New York, Kostas Morselas and George Steer in London, Colby Smith in Washington and Cheng Ling in Hong Kong)
“Infuriatingly humble alcohol fanatic. Unapologetic beer practitioner. Analyst.”