The US Securities and Exchange Commission has settled record keeping charges against an Industrial and Commercial Bank of China unit concerning a November 2023 ransomware attack, but decided not to impose a civil fine.
The accord resolves accusations that for nearly four months after the attack, New York-based ICBC Financial Services failed to keep its books and records current or send written notifications for securities-related transactions to customers.
The SEC decided against a fine in light of the ICBC unit’s “meaningful cooperation and extensive remedial measures.”
It also said the causes of the attack included inadequate preparation for a potentially severe cyber security incident.
The ICBC unit did not admit or deny wrongdoing in agreeing to settle.