Open Editor’s Digest for free
Rula Khalaf, editor of the Financial Times, picks her favorite stories in this weekly newsletter.
Wall Street traders and brokers are scrambling to minimize the fallout from a ransomware attack on China’s largest bank, which disrupted trading in the $25 trillion U.S. Treasury market.
The attack on the New York unit of the Industrial and Commercial Bank of China, first reported by the Financial Times on Thursday, exposed vulnerabilities in the Treasury market, the world’s largest and most liquid, which supports asset prices around the world.
With its systems compromised, financial services firm ICBC was forced to send a USB stick containing trading data to BNY Mellon to help it settle trades, according to people familiar with the situation.
The attack prevented the Industrial and Commercial Bank of China from settling treasury transactions on behalf of other market participants, according to traders and banks. Hedge funds and asset managers redirected trades due to the disruption and the attack had some impact on Treasury market liquidity, according to trading sources.
Some traders noted that the hack at the Industrial and Commercial Bank of China may have contributed to a sharp sell-off in longer-term Treasuries later on Thursday following a $24 billion auction of 30-year bonds.
On behalf of the Industrial and Commercial Bank of China, the Bank of New York on Thursday requested multiple extensions of business hours for Fedwire, a real-time payments platform run by the U.S. Federal Reserve, people familiar with the matter said, to buy more time to settle Treasury trades.
Because of the hack, the U.S. unit of the Industrial and Commercial Bank of China requested a $9 billion capital infusion from its parent to cover unsettled trades with the New York bank, according to two people familiar with the matter.
The Bank of New York declined to comment. The Industrial and Commercial Bank of China (ICBC) did not respond to a request for comment. The Industrial and Commercial Bank of China (ICBC) had previously confirmed that it had “suffered a ransomware attack that led to the disruption of some services [financial services] Systems.”
BNY, the world’s largest custodian bank, has electronically disconnected ICBC from its platform and does not plan to reconnect it until a third party certifies it is safe to do so, people familiar with the matter said. Instead, BNY uses manual workarounds to process trades.
“No IT team would trust anything from the Industrial and Commercial Bank of China (ICBC) in the United States without it being thoroughly vetted or vetted,” said one cyber expert close to the industry response.
“Until BNY reconnects, it will be slow and painful,” another person involved said.
US Treasury Secretary Janet Yellen said on Friday that she had been in contact with Chinese Vice Premier He Lifeng about the hack but had not seen an impact on the Treasury market.
“We have worked very closely with the Chinese, with the company and with regulators in the United States,” she said, adding that the Treasury Department had provided “as much assistance as possible” to the Industrial and Commercial Bank of China on the issue.
The Securities and Exchange Commission said Friday that it “continues to monitor with a focus on maintaining fair and orderly markets.” The Securities Industry and Financial Markets Association, which represents banks and asset managers, held phone calls with members to discuss their response to the incident.
At a press conference on Friday, China’s Foreign Ministry said the Industrial and Commercial Bank of China had done a good job in handling the attack on its US financial services arm.
Ministry spokesman Wang Wenbin said: “The Industrial and Commercial Bank of China has been closely monitoring the matter and has made every effort in emergency response and supervisory communications.”
The Industrial and Commercial Bank of China (ICBC) is the only Chinese broker with a securities clearing license in the United States. She set up the company after purchasing the principal dealer services unit of Fortis Securities in 2010.
“The Industrial and Commercial Bank of China is a large Chinese bank and the flows it handles are significant,” said Charlie McElligott, a multi-asset strategist at Nomura Bank. “Anything that prevented the ability to participate in the auction, it is fair to say, would have contributed to the higher yield that followed.”
After news of the ransomware attack emerged, employees at ICBC Bank’s Beijing headquarters held urgent meetings with their US unit, according to one employee who participated in these meetings.
Ransomware attacks have proliferated since the coronavirus pandemic, partly because remote work has made companies more vulnerable and because cybercriminal groups have become more organized.
“With cyberattacks becoming more serious, complex and frequent, which often involve human error, companies urgently need to rethink their approach to ransomware defense,” said Oz Alashi, founder of CybSafe, a British cybersecurity and data analysis company.
(Additional reporting by Joshua Franklin and Kate Duguid in New York, Kostas Morselas and George Steer in London, Colby Smith in Washington, Cheng Ling in Hong Kong and Ryan McMorrow in San Francisco)
“Web maven. Infuriatingly humble beer geek. Bacon fanatic. Typical creator. Music expert.”