A cyberattack in a little-known corner of the derivatives market has Wall Street’s biggest trading desks treading carefully in other markets unscathed by the incident, a sign of jitters pulsing through an industry on watch for such attacks.
(Bloomberg) — A cyberattack in a little-known corner of the derivatives market has Wall Street’s biggest trading desks treading carefully in other markets unscathed by the incident, a sign of jitters pulsing through an industry on watch for such attacks.
Banks including Citigroup Inc., Bank of America Corp. and Morgan Stanley are carefully reviewing trades sent through systems operated by ION Trading UK, which announced this week that a software business that underpins cleared derivatives markets globally was under attack. Those moves, described by people familiar with the matter, signal how cautious banks are being even in unaffected markets such as equities, where ION’s Fidessa platform is used by nearly every major bank.
While a senior official in the US Treasury Department has said the cyberattack doesn’t pose a “systemic risk to the financial sector,” regulators including the Commodity Futures Trading Commission have begun to reach out to Wall Street’s biggest trading desks as they probe the incident. The CFTC announced it would have to delay its weekly trading report for the derivatives market after the attack hindered some clearing members’ ability to provide accurate data to the agency. It’s also plotting new rules for more vendor oversight by derivatives dealers.
“One thing that regulators will do when incidents like this occur is to determine whether or not the standards and regulations currently applying are sufficiently robust, and if not what else they need to do about it,” said David Naylor, who heads the privacy and cybersecurity practice for Europe, the Middle East and Africa at law firm Squire Patton Boggs. “So one potential result is that regulatory environments get stricter and sanctions get stronger.”
Representatives for Citigroup, Bank of America and Morgan Stanley all declined to comment on moves they’ve made following the cyberattack on ION. A representative for ION declined to comment beyond a statement when the attack occurred saying the incident was “contained to a specific environment.”
ION started to seize up on Tuesday and eventually confirmed its systems for the derivatives market had been hacked by the Russian ransomware gang LockBit. Since then, the company has faced scrutiny from the Federal Bureau of Investigation as well as UK regulators including the Financial Conduct Authority and the Prudential Regulation Authority.
The incident has snarled markets in one of the year’s biggest weeks for futures trading, with investors spending recent days trying to position themselves for the Federal Reserve’s decision on interest rates Wednesday and the Labor Department’s US jobs report Friday.
Many of the biggest US banks don’t use ION’s systems for clearing derivatives, which the company acquired with the 2008 purchase of Rolfe & Nolan, a software supplier with more than 250 bank, brokerage and exchange clients in 20 countries at the time. That’s meant Wall Street’s biggest trading desks so far appear to be unaffected by the cyberattack.
Still, compliance executives ordered traders to tread carefully when using ION’s other systems in recent days as they sought to get a handle on which systems were ultimately impacted. ION executives held a call with banks on Friday to reassure them Fidessa was not impacted in the hack, according to a person with knowledge of the matter, who asked not to be identified discussing information that isn’t public.
It would be hard for Wall Street’s biggest firms to distance themselves completely from ION’s systems. Fidessa alone counts among its customers more than 600 brokerages and thousands of hedge funds and other asset managers, which use the platform for order execution in equities, equity swaps and exchange-traded funds markets.
Because of its footprint, the firm’s systems handle a large portion of trades in equities markets. ION purchased Fidessa in 2018 in a deal that valued the technology provider at £1.41 billion ($1.7 billion).
Like ION, Bloomberg LP, the parent company of Bloomberg News, also provides financial institutions with execution management solutions, connectivity to electronic markets and trading tools.
–With assistance from Isis Almeida.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.