Unlock Editor’s Digest for free
Roula Khalaf, editor-in-chief of the FT, selects her favorite stories in this weekly newsletter.
Wall Street traders and brokers are scrambling to minimize the fallout from a ransomware attack on China’s largest bank that disrupted trading in the $25 trillion U.S. Treasury market.
The attack on a New York unit of the Industrial and Commercial Bank of China, first revealed by the Financial Times on Thursday, exposed the vulnerabilities of the Treasury market, the world’s largest and most liquid, which under -tends asset prices around the world.
With its systems compromised, ICBC Financial Services was forced to send a USB drive containing trading data to BNY Mellon to help settle trades, according to people familiar with the matter.
The attack prevented ICBC from settling Treasury transactions on behalf of other market participants, according to traders and banks. Hedge funds and asset managers rerouted trades due to the disruption and the attack had some effect on liquidity in the Treasury market, according to trading sources.
Some traders suggested the ICBC hack may even have contributed to a sharp sell-off in long-term Treasuries later Thursday, following an auction of $24 billion in 30-year bonds.
Due to the ICBC hack, BNY on Thursday requested several extensions to the business hours of Fedwire, a real-time payments platform operated by the US Federal Reserve, according to sources familiar with the matter, in order to buy more time to settle Treasury transactions.
BNY declined to comment. ICBC did not respond to a request for comment. ICBC had previously confirmed that it had “experienced a ransomware attack resulting in disruption to certain (financial services) systems”.
BNY, the world’s largest custodian bank, has disconnected ICBC from its platform and does not plan to reconnect it until a third party certifies that it is safe to do so, according to people briefed on the matter. .
“No IT team will trust ICBC US without it being rigorously analyzed or reviewed,” said a cyber expert familiar with the industry response.
Another person involved said: “Until BNY reconnects, it’s going to be slow and painful. »
The Securities and Exchange Commission said Friday that it “continues to monitor with a focus on maintaining fair and orderly markets.” The Securities Industry and Financial Markets Association, which represents banks and asset managers, called its members to discuss their response to the incident.
In a press briefing on Friday, China’s Foreign Ministry said ICBC had done a good job in handling the attack on its US financial services arm.
“ICBC has been closely monitoring the case and has done its best in emergency response and supervisory communication,” said ministry spokesperson Wang Wenbin.
ICBC is the only Chinese broker with a US securities clearing license. She established the company after purchasing the prime services unit of Fortis Securities in 2010.
“ICBC is a large Chinese bank and the flows it runs are significant,” said Charlie McElligott, multi-asset strategist at Nomura. “Anything that would have blocked the possibility of participating in the auctions, arguably, would have contributed to the subsequent rise in yields.”
After news of the ransomware attack broke, employees at ICBC headquarters in Beijing held urgent meetings with their U.S. unit, according to a staff member who participated in those meetings.
Ransomware attacks have increased since the coronavirus pandemic, in part because remote working has made businesses more vulnerable and cybercriminal groups have become more organized.
“With the increasing severity, sophistication and frequency of cyberattacks, often involving human error, businesses need to urgently rethink their approach to ransomware defense,” said Oz Alashe, founder of CybSafe, a UK-based company. cybersecurity and data analysis.
Reporting by Joshua Franklin and Kate Duguid in New York, Costas Mourselas and George Steer in London, Colby Smith in Washington and Cheng Leng in Hong Kong