The Industrial and Commercial Bank of China’s access to an electronic settlement platform for U.S. Treasury securities remained suspended on Friday, sources said, in the aftermath of a ransomware attack on China’s largest bank.
The attack, confirmed by ICBC on Thursday, is the latest in a string of ransom-demanding that hackers have claimed this year. ICBC Financial Services, the bank’s U.S. unit, said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.
It will take days to return to normal, two sources familiar with the matter said on Friday. BNY Mellon was settling trades of Treasury securities manually with the ICBC and was waiting for a third party to attest that it is safe to reconnect ICBC to its settlement platform, the sources said.
The process is likely to go into next week, they said.
BNY is sole settlement agent for U.S. Treasury bonds, according to its website.
“These cyberattacks are scary,” said Jack McIntyre, a fixed income portfolio manager at Brandywine. “The good news would be that I guarantee you primary dealers are having (a) discussion to make sure this cannot happen to them. I’m sure everybody’s doing a deep dive on their security systems.”
Primary dealers, which include the largest Wall Street banks, act as counterparties to the Federal Reserve in open market operations as part of implementing U.S. monetary policy. When the U.S. Treasury issues new securities, primary dealers handle the purchases on behalf of the Fed, which acts as the seller.
Several primary dealers did not immediately respond to requests for comment. ICBC did not respond to requests for comment.