Barclays flags Treasuries central clearing cybersecurity risks after ICBC hack
Views:
1970-01-01 08:00
By Davide Barbuscia NEW YORK A key reform proposed by the U.S. Securities and Exchange Commission to boost

By Davide Barbuscia

NEW YORK A key reform proposed by the U.S. Securities and Exchange Commission to boost the use of central clearing for U.S. Treasuries could leave the market more exposed to cybersecurity risks, Barclays said, referring to the cyber hack of Industrial and Commercial Bank of China's U.S. broker-dealer last week.

The SEC central clearing rule, first proposed in September last year, would apply to the cash Treasury and repurchase agreements (repo) markets, where banks and other players such as hedge funds borrow short-term loans backed by Treasuries.

Under the rule, more trades would be sent to a clearing house, requiring counterparties to put up cash to guarantee execution in the event of defaults.

Because the Fixed Income Clearing Corporation (FICC), a subsidiary of the Depository Trust & Clearing Corporation (DTCC), is currently the only central clearing platform for repo and Treasuries, activity on the FICC platform will more than double with the proposed reform, Joseph Abate, a strategist at Barclays, said in a note on Tuesday.

"This creates a potential single-point of failure risk as recent events illustrate," he said, referring to the ICBC hack.

"That has potential systemic consequences," he said.

ICBC' U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Nov. 9 and left the bank temporarily owing BNY Mellon $9 billion for unsettled trades, Reuters reported.

Abate also flagged cybersecurity risks for direct members of the FICC, as well as clients they sponsor to access the clearing platform, saying mandatory central clearing could make FICC "a fortress with many doors."

DTCC said on Wednesday its systems were not impacted by the ICBC incident and that it works with internal specialists and external partners to stay ahead of evolving cybersecurity threats.

"We are committed to safeguarding our clients and stakeholders through this dynamic synergy of internal and external expertise,” it said in a statement to Reuters.

The SEC is expected to finalize the rule early next year, said Barclays, but it is unclear how much time the industry would have to implement it and whether central clearing will occur simultaneously for Treasuries and repo transactions.

(Reporting by Davide Barbuscia; Editing by Marguerita Choy)

Tags reforms cyber epid_en top usa bonds epus finance