Unlock Editor’s Digest for free
Roula Khalaf, editor of the FT, picks her favorite stories in this weekly newsletter.
Wall Street traders and brokers are scrambling to minimize the fallout from a ransomware attack on China’s largest bank that disrupted trading in the $25 trillion U.S. Treasury bond market.
The attack on a New York branch of the Industrial and Commercial Bank of China, first revealed by the Financial Times on Thursday, has exposed vulnerabilities in the Treasury market, the world’s largest and most liquid market that supports asset prices around the globe .
Because its systems were compromised, ICBC Financial Services was forced to send a USB stick containing trading data to BNY Mellon to help process trades, according to people familiar with the situation.
According to traders and banks, the attack prevented ICBC from executing treasury trades on behalf of other market participants. Trading sources said hedge funds and asset managers redirected their trades due to the disruption, and the attack had some impact on the liquidity of the Treasury market.
Some traders suspected that the ICBC hack may have even contributed to a sharp selloff in long-dated Treasuries later on Thursday following a $24 billion auction of 30-year bonds.
Because of the ICBC hack, BNY on Thursday requested multiple extensions to the operating hours of Fedwire, a real-time payments platform run by the U.S. Federal Reserve, people familiar with the matter say, to allow more time to process Treasury transactions.
BNY declined to comment. ICBC did not respond to a request for comment. ICBC previously confirmed that it was “subject to a ransomware attack that resulted in certain disruptions.” [financial services] Systems”.
BNY, the world’s largest custodian, has disconnected ICBC from its platform and does not plan to reconnect until a third party confirms it is safe to do so, according to people briefed on the matter.
“No IT team will trust anything from ICBC US without being thoroughly scanned or audited,” said a cyber expert with knowledge of the industry response.
Another person involved said: “Until BNY reconnects, it will be slow and painful.”
The Securities and Exchange Commission said Friday that it “continues to conduct oversight with a focus on maintaining fair and orderly markets.” The Securities Industry and Financial Markets Association, which represents banks and asset managers, held phone calls with members to discuss their response to the incident.
At a briefing on Friday, China’s Foreign Ministry said ICBC had done a good job in dealing with the attack on its U.S. financial services division.
“ICBC has been closely monitoring the matter and doing its best in emergency response and supervisory communication,” said ministry spokesman Wang Wenbin.
ICBC is the only Chinese broker with a securities clearing license in the US. The company was formed after purchasing Fortis Securities’ prime dealer services unit in 2010.
Recommended
“ICBC is a large Chinese bank and the flows it manages are significant,” said Charlie McElligott, cross-asset strategist at Nomura. “Anything that would have blocked the ability to participate in the auction would rightly have contributed to the subsequent increase in yields.”
After news of the ransomware attack broke, employees at ICBC headquarters in Beijing held urgent meetings with their U.S. unit, according to an employee who attended those meetings.
Ransomware attacks have increased since the coronavirus pandemic, in part because remote work has made businesses more vulnerable and because cybercriminals are more organized.
“With the increasing severity, complexity and frequency of cyberattacks, often involving human error, organizations urgently need to rethink their approach to ransomware defense,” said Oz Alashe, founder of CybSafe, a UK cybersecurity and data analytics company.
Reporting by Joshua Franklin and Kate Duguid in New York, Costas Mourselas and George Steer in London, Colby Smith in Washington and Cheng Leng in Hong Kong