What China's ICBC is doing to recover from ransomware attack
What's the story
Last week, the Industrial and Commercial Bank of China's (ICBC) US broker-dealer, ICBC Financial Services, experienced a severe ransomware attack, resulting in a $9 billion debt to BNY Mellon.
The cyber assault was so widespread that it disrupted corporate email, prompting employees to use Gmail.
This event underscores the financial sector's vulnerability and raises questions about the $26 trillion Treasury market's robustness.
Details
Cash injection from Chinese parent and manual trade processing
To address the issue, ICBC Financial Services obtained a cash infusion from its Chinese parent company to repay BNY Mellon.
The brokerage manually processed transactions with the help of the custody bank.
ICBC informed industry stakeholders during a conference call that it was collaborating with cybersecurity firm MoxFive to establish secure systems, enabling the company to resume regular operations on Wall Street.
What Next?
Temporary suspension of business and rerouting trades
During this time, ICBC Financial Services requested clients to temporarily halt business and settle trades elsewhere.
Other market players examined their records to determine their exposure and attempted to redirect trades.
The full impact of the hack on the Treasury market remains unclear, and there is ongoing debate about whether it influenced a significant Treasury bond auction on Thursday.
Insights
Potential regulatory review and push for central clearing
The ransomware attack is expected to introduce a new dimension to regulatory review, placing greater emphasis on cyber threats.
It may also encourage the Securities and Exchange Commission to advocate for increased central clearing of Treasury trades, where a third party serves as both seller and buyer.
Darrell Duffie, a Stanford finance professor who advises regulators, stated that wider central clearing could help avoid a domino effect of default events following such incidents.
Facts
Recovery efforts and return to normal business
ICBC Financial Services is advancing its recovery efforts with the assistance of information security specialists.
The brokerage has settled Treasury trades executed on Wednesday and repo financing trades completed on Thursday.
Once the new system is operational, other Wall Street firms may evaluate its safety, potentially delaying the return to normal business operations. ICBC also plans to establish a secondary email system shortly.