A cyberattack on a Michigan township's bond sale last fall has sparked conversation about ways to better secure the transfer of funds, including possibly instituting a "safe word," the head of public finance at one firm said during a conference Tuesday.
Vivian Altman, managing director and head of public finance at Janney Montgomery Scott, referenced the attack on the Charter Township of White Lake, Michigan, bond sale during a panel on fixed income securities held as part of the Financial Industry Regulatory Authority's annual conference, held in Washington, D.C.
Since the attack, many in the industry have had conversations about how to better secure transfer of funds "because up [till] this point, everything has just been emailed back and forth within the working group, so there [needs] to be some new operational constructs or mechanical considerations because, certainly, email is quite vulnerable," Altman said.
The township
"Bond proceeds during their closing were diverted and so they were unable to close," Altman said during the panel, titled "Keeping Current With Fixed Income Securities."
Another issue to contemplate given developments in technology is the impact on voice communications, Altman said. The ability exists "to replicate people's voices – or even images – and so voice verification can also be effective," she said.
One thought that she's heard was to "coalesce many of the underwriters [and] municipal advisors and come up with some kind of [an] agreement about how to go forth, that hasn't happened as of yet."
Possibly early in the development of a transaction, "a safe word could be instituted," she said, adding that when the transaction gets closer to final execution that safe word could be communicated orally, particularly when it comes to the authorization of transfer of funds.
"Internally, what we have done after that White Lake incident is that our desk has completely moved away from any kind of email communication around closings," Altman said, adding that when Janney receives the wire instructions – usually by email from the municipal advisor – "our desk will call [the] municipal advisor using a known number, a number that was previously utilized that we have…in our system."
The desk will verbally go over the wire instructions with that person "and through a secure email internally, provide that to our wire room," she said.
"And then when we are ready to actually execute the wire, we again, orally go over that with our wire room and with [the] municipal advisor to confirm everything … ," Altman said. "So there is no email externally anymore to do that."
While that has worked ok so far, she believes that some other "mechanics" are still needed.
