(Reuters) – The U.S. Securities and Exchange Commission has settled record keeping charges against an Industrial and Commercial Bank of China unit concerning a November 2023 ransomware attack, but decided not to impose a civil fine.
Monday’s accord resolves accusations that for nearly four months after the attack, New York-based ICBC Financial Services failed to keep its books and records current, or send written notifications for securities-related transactions to customers.
The SEC decided against a fine in light of the ICBC unit’s “meaningful cooperation and extensive remedial measures.” It also said the causes of the attack included inadequate preparation for a potentially severe cybersecurity incident.
The ICBC unit did not admit or deny wrongdoing in agreeing to settle.
(Reporting by Jonathan Stempel in New York; Editing by Chris Reese)
