ORX News digest of the month 2017

  • 19 January 2018


Each ORX News digest is expertly categorised according to ORX reporting standards. This includes a detailed breakdown of the Event Type, Business Line and an analysis of the circumstances surrounding the loss.


ORX News is an industry-leading provider of publicly reported operational risk loss events. We’re a team of dedicated researchers who collectively speak nine major languages. We monitor the global press daily to identify operational risk loss events as they are reported. Find out more about ORX News.

Read the featured digests of 2017 below


Following 2016's attack on Bangladesh Bank through the SWIFT network, attacks of this kind are continuing. In December, Globex Bank, a subsidiary of Vnesheconombank, lost USD 100,000 in a similar attack that attempted to steal nearly USD 1 million.


On 21 November 2017, the US Financial Industry Regulatory Authority (FINRA) announced that it had fined JPMorgan Securities USD 1.3 million (EUR 1 million) for failing to fingerprint or timely fingerprint approximately 8,600 of its non-registered associates in violation of various federal securities regulations.


Benchmark rate settlements expanded to Australia in October, as National Australia Bank (NAB) agreed to pay AUD 50 million ($38.5 million) to settle claims by Australian regulator ASIC that it and three other banks manipulated the country’s main benchmark rate, the bank bill swap rate (BBSW), for their own profit between 2010 and 2012.


Swedbank was one of six banks and 21 non-financial companies, plus individuals and a political party, to suffer Sweden's biggest ever cyberattack. A hacker used malware to gain access to computers belonging to the target organisations, then changed the recipient details on payment orders to reroute the funds to himself. The hack is estimated to have cost a total of $30 million.


A satellite failure caused thousands of ATMs to be unavailable across Indonesia. The majority of Indonesian banks rely on satellites to provide internet services as it's difficult to lay broadband cables in the country, which is an archipelago consisting of 17,000 islands. In response to the outage, Bank Central Asia provisioned IDR 70 billion to cover any costs customers incur from using other banks' ATMs.


A data breach at a third-party printer company led to the leak of administrator credentials for two printer models used by Commonwealth Bank of Australia. Although no systems were compromised as a result of this breach, hackers could theoretically use this kind of information to send every document scanned by a printer to an external address.


BNP Paribas was fined €10 million by the French regulator ACPR for having inadequate anti-money laundering controls in 2015, the same year it reached a $8.97 billion settlement with US authorities over alleged sanctions violations.


Guosen Securities has been fined CNY 105 million (USD 15.2 million, EUR 13.6 million) by the China Securities Regulatory Authority (CSRC) for its role in the 2015 Chinese stock market rout which saw USD 5 trillion of market value wiped out in a few weeks. Two other brokers, Citic Securities and Haitong Securities, were also fined.


Penn Mutual Life Insurance Company has agreed to pay USD 110 million to a class of policyholders to settle claims it improperly withheld surplus funds instead of distributing them as dividends.


ICBC has been fined EUR 3.8 million by Luxembourg's Commission de Surveillance du Secteur Financier for failures in its internal controls and compliance with anti-money laundering regulation.


Citibank has agreed to pay an administrative penalty of ZAR 69.5 million (USD 5.3 million, EUR 5 million) to the South African Competition Commission to settle charges that it colluded with 14 other banks to manipulate the USD/ZAR currency pair between 2007 and 2013.


On 10 January 2017, Italian police arrested two siblings for allegedly hacking about 20,000 email accounts, including those of two former executives of the Bank of Italy.