SEC Settles with ICBC Unit for Ransomware Attack Without Imposing Fine
The U.S. Securities and Exchange Commission has reached a settlement with an Industrial and Commercial Bank of China unit regarding record-keeping charges related to a ransomware attack in November 2023. Despite the seriousness of the accusations, no civil fine will be imposed as part of the agreement.
The case involved allegations that ICBC Financial Services, based in New York, did not maintain up-to-date books and records or provide written notifications for securities transactions to customers for almost four months following the cyber attack. The SEC’s decision to forego a financial penalty was influenced by the ICBC unit’s significant cooperation and extensive efforts to address the issues.
The cybersecurity incident highlighted the importance of being adequately prepared for potential cyber threats, as identified by the SEC. In settling the matter, the ICBC unit did not admit or deny any wrongdoing, but agreed to cooperate with the SEC’s requirements.
This resolution emphasizes the significance of maintaining accurate records and staying vigilant against cybersecurity threats in the financial industry. By addressing these issues and working collaboratively with regulatory authorities, companies can demonstrate their commitment to safeguarding the interests of their clients and upholding regulatory standards.
