Industrial and Commercial Bank of China (ICBC) has injected capital into its U.S. unit to pay BNY Mellon $9 billion for unsettled trades and has hired a cybersecurity firm to resume normal business after a ransomware attack, according to sources familiar with the matter. ICBC’s U.S. unit has informed market participants that it hopes to complete the cyber review over the weekend, but sources expect it to spill into next week. In the meantime, the bank is using manual processes for trading. The details, including the cash injection for unsettled trades, have not been previously reported.
The ransomware attack on ICBC was claimed by the cybercrime gang Lockbit, which is known for its ransom demands. The attack has caused disruptions in the U.S. Treasuries market, where ICBC acts as a broker for hedge funds and other market participants. However, the extent of the disruption was limited, highlighting the resilience of the market. When the hack occurred, ICBC was unable to access its systems, resulting in a temporary debt of $9 billion to BNY Mellon for unsettled trades. The Chinese parent company injected capital into the U.S. unit to settle the trades and repay BNY Mellon.
ICBC’s representatives have hired a cybersecurity firm to assess the safety of their systems. They hope to complete the assessment soon, but acknowledge that it may take longer due to the complexity of the task. The representatives have also informed market participants about the capital injection, but have not disclosed the amount or reason for it. ICBC’s computer systems have been isolated from the rest of Wall Street, but alternative systems have been put in place to enable trading, albeit through manual processes.
Global regulators are monitoring the impact of the cyberattack. U.S. Treasury Secretary Janet Yellen has stated that the hack did not interfere with the market for U.S. government debt. Rumors about the hack started circulating on Wednesday, but it was not clear to most people on Wall Street what was happening until Thursday morning. As news of the hack spread, other firms disconnected their computer systems from ICBC’s. ICBC is not among the top-tier firms dealing in Treasuries, which limited the impact on the market. However, there were some disruptions, such as increased volatility in overnight rates and a rise in the number of firms failing to return borrowed bonds.
To allow more time for trade settlement, the Federal Reserve’s system for moving cash through the financial system extended the closing time for certain customers on Friday. The cyberattack has raised concerns about cybersecurity in the financial industry, with market participants reevaluating their security systems. ICBC’s shares in Hong Kong ended Friday down 0.8%, while its shares in Shanghai closed flat.
In conclusion, ICBC has taken steps to address the aftermath of the ransomware attack, including injecting capital into its U.S. unit to settle trades and hiring a cybersecurity firm to assess the safety of its systems. The cyberattack has caused disruptions in the U.S. Treasuries market, but the extent of the impact has been limited. Global regulators are monitoring the situation, and market participants are reevaluating their security systems in response to the attack.
