ICBC manually settled Treasury trades days after the cyberattack. In the wake of a ransomware assault on China’s largest bank, the Industrial and Commercial Bank of China’s access to an electronic settlement platform for U.S. Treasury securities remained banned on Friday, according to sources. An unknown party carried out the attack.
ICBC has verified that the incident occurred on Thursday, making it the most recent in a series of hacking attacks that resulted in ransom demands this year. ICBC Financial Services, the bank’s subsidiary in the United States, announced that it was investigating the attack that caused disruptions to the bank’s systems and was making headway toward recovering from the incident.
Two people aware of the situation stated on Friday that it will take days before things return to normal. According to the sources, BNY Mellon manually settled trades in Treasury securities with the ICBC. At the same time, it waited for a third party to verify that it was safe to reconnect the ICBC to its settlement platform.
According to what they indicated, determining whether reconnecting is safe will most likely continue into the following week. According to one of the individuals, this showed that transactions were taking place not through technological means but by physically passing over information to one another.
According to its website, BNY is the exclusive settlement agent for United States Treasury bonds.
Jack McIntyre, a fixed-income portfolio manager at Brandywine, stated that he found these intrusions quite frightening. “The good news would be that I guarantee you primary dealers are having a discussion to make sure that this cannot happen to them,” the speaker said. “It’s not going to happen to them.” I do not doubt that everyone is thoroughly examining their security systems.
As part of implementing U.S. monetary policy, the Federal Reserve conducts open market operations, with primary dealers serving as counterparties. Primary dealers include the significant institutions on Wall Street. When the United States Treasury issues new securities, the primary dealers purchase them on the Federal Reserve’s behalf. The Fed is the entity that acts as the seller.
Several main dealers did not reply promptly to requests for feedback that were made to them. ICBC did not respond when asked for a statement. ICBC is attempting to reduce the risk and losses after the incident, which various experts have attributed to the hacker organization Lockbit, according to a report released by China’s foreign ministry on Friday.
In response to a request for comment made on Friday, a representative from Lockbit responded with “Yes, we confirm” without providing any other details.
According to the United States Cybersecurity and Infrastructure Security Agency, the Lockbit ransomware, discovered for the first time in January 2020 on cybercrime forums written in Russian, is the most widely used ransomware in the world and has affected 1,700 companies in the United States alone.
According to the spokeswoman for China’s Ministry of Foreign Affairs, business is continuing as usual at the ICBC’s global headquarters, branches, and subsidiaries, Wang Wenbin, who spoke at a routine press conference.
“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication.”
RESPONSE FROM REGULATORS
Friday found global regulators assessing the implications of the situation. The United Kingdom’s Financial Conduct Authority stated it was “communicating with the relevant U.S. and U.K. authorities and firms to identify any impacts on U.K. financial services.”
The Financial Industry Regulatory Authority in the United States has stated that it is closely working with other regulatory agencies and monitoring any impact it may have on businesses and customers. A spokeswoman for the United States Securities and Exchange Commission stated that the agency will continue to monitor the markets to ” maintain fair and orderly markets.”
The New York Federal Reserve Bank did not wish to comment on the matter. ICBC said that it has successfully cleared deals involving the Treasury that were carried out on Wednesday and trades involving repurchase agreements (repo) funding that were carried out on Thursday. ICBC’s Hong Kong-listed shares finished the day on Friday down by 0.8%, compared to a decline of 1.13% in an index of mainland Chinese banks tracked in Hong Kong. The (.HSMBI) shares listed in Shanghai ended the day without changing (601398. S.S.).
Some market players said that, as a result of the event, deals that went through ICBC were not resolved and that this reduced the overall liquidity of the market. On Thursday, a 30-year bond auction had a disappointing result, but whether this factor played a role was unclear.
On Thursday, when bond markets were selling off in response to statements made by the Chair of the Federal Reserve, Jerome Powell, investors, and traders found it difficult to determine the extent to which they had damaged the market.
Even if the damage appeared to be relatively minor, the assault highlighted how susceptible the systems at giant corporations still are, they noted.
“A source of liquidity in the market dried out for an extended period of time,” said Jan Nevruzi, U.S. rates strategist at NatWest Markets, noting that the attack impacted inter-dealer broker volumes and damaged the auction. “A source of liquidity in the market dried out for an extended period of time,” said Jan Nevruzi.
“Because a certain amount of time has passed since that period, individuals today have sought alternatives and contingencies to deal with the situation. I would expect that there will be some market liquidity degradation even now.
