INSIGHTS

See patterns others can't

White papers, opinions and policy pieces

Proprietary data-driven research and surveys

Macro and markets commentary, investing strategy

Views from around our industry with the latest insights on trading, collateral, funding and liquidity

INSIGHTS

Aerial View: the making of a money squeeze?

Echoes of 2019’s repo market dislocation and concerns about small and mid-size bank weakness have returned, just when a soft landing is within the Fed’s grasp. What needs to be done to avert a liquidity crunch?

Learn more

ABOUT US

Our Clients

We are proud of our client relationships, and we are stronger because of them. Read our client stories and learn about the many ways we work to make a difference in our communities and beyond.

Learn more

Internship Program

An 8-10 week opportunity for undergraduate students to experience a variety of functional areas within financial services.

Learn more

Analyst Program

A 24-month program that offers you growth, development and exposure to impactful projects across many areas of financial services.

Learn more

APRIL 2024

BNY Mellon Quarterly Earnings - First Quarter 2024

BNY Mellon is off to an encouraging start for the year, with a solid financial performance, and all our businesses building on their momentum from last year.  In the first quarter, we delivered double-digit EPS growth as well as pre-tax margin and ROTCE expansion on the back of positive operating leverage. 

Learn more
Annual Report 2023

FEBRUARY 2024

BNY Mellon Annual Report 2023 - Building on Opportunity

The unique role we play in the financial system comes with tremendous responsibility, and our success is critical not only to our clients’ success, but also the global economy at large. Read our 2023 Annual Report which highlights how we're building on opportunity.

Learn more

Information Security and Protection

This information is intended to help our clients protect themselves from fraud, including cyberfraud and other fraudulent activity. BNY Mellon maintains active oversight of our systems in order to protect the security and privacy of client information; however, our clients are responsible for protecting themselves against fraudulent activities and for maintaining cybersecurity best practices.

 

Criminals have capitalized on the broad power and wide availability of the internet and email to defraud unsuspecting people, and they can be convincing. They make their fraudulent emails look like they come from legitimate sources. They publish fake websites that use designs, information and programming stolen from their rightful owners. They use methods to impersonate you over the phone to arrange funds transfers, imitate communications from a financial institution to verify transactions or initiate other changes to your account. Learn more:

 

Phishing: Email and Website Scams

 

Phishing

Phishing (a variation on the word “fishing”) is a technique whereby a fraudster impersonates a legitimate/reputable entity or person in an attempt to steal sensitive information. Cyber criminals often target individuals and trick them into clicking a link, opening an email attachment, accepting a fake request from a friend to a social networking site, visiting a legitimate website that has been compromised or using an infected USB drive. These actions can potentially enable a fraudster to install malware. The malware opens the door for criminals to steal account login credentials and submit fraudulent wire transfers and/or ACH payments on your behalf.

The BNY Mellon Service Desk will never ask for your password or any information about your token (PIN). Be wary of anyone who asks for your credentials and do not trust any email communication that requests your personal information.

 

Contact BNY Mellon immediately if you receive an email to this effect from someone claiming to be from BNY Mellon.

Email

Email is by far the most popular way for criminals to try to get your attention and personal information. Don't necessarily believe what you're being told. There are numerous variations of these online scams, so the best defense is education and a healthy dose of skepticism. And if you’re dealing with value-bearing instructions (e.g., instructions to move cash or securities), make sure you’re following your company’s authentication procedures to validate the instruction as legitimate.

 

Many fraudulent emails and websites may be characterized by the following:

  • Misspellings and other typographical errors;
  • Poor grammar;
  • Urgent messages in the email subject line;
  • Random characters in the email subject line or body; and /or
  • "Fuzzy" logos, or logos that are distorted.

 

However, some fraudulent emails are very convincing and appear legitimate, created by sophisticated criminals who are highly motivated to steal your information. Some recent methods spoof legitimate businesses to trick individuals into opening an attachment or clicking on the link. For example:

  • Courier (e.g., "There has been a problem with your shipment.")
  • Financial institutions (e.g., "There is a problem with your banking account.")
  • Better Business Bureaus (e.g., "A complaint has been filed against you.")
  • Court systems (e.g., "You have been served a subpoena.")

 

In addition to spoofing legitimate businesses, fraudsters may employ Business Email Compromise to impersonate a senior executive or a trusted client to obtain access to sensitive data.

Business Email Compromise

This method of impersonating a senior manager or client is sometimes used to request a wire transfer or other critical actions (such as releasing highly confidential data or changing wiring destination instructions), using management’s or a client’s position as a way to bypass standard approvals and controls.

 

Oftentimes, the email demands an urgent action and is “time-sensitive”, using the sender’s influence to pressure the recipient into clicking the link or taking action.

 

Even though the email may originate from a known or even trusted source, make sure you know the email is legitimate before taking action.

 

Website Spoofing

"Spoofing" is another trick used by fraudsters to create a fake website that appears to be a legitimate site. To help protect yourself, be aware of how you're accessing the site:

  • Don't follow a link in an unsolicited email if you have any doubts about the sender.
  • Type all website addresses carefully, or use Favorites or Bookmarks to store frequently-accessed sites — especially financial-related sites. Misspelling the address of a website, even by one letter, may send you to an incorrect, possibly fraudulent, website.

Cyber Criminals: Tricks of the Trade

Criminals create new email scams every day, but here are a few of the most common:

  • Creating a sense of panic. Emails threatening loss of account access, loss of credit, foreclosure, etc., are looking to incite panic so that you may lose sound judgement and fall victim. Remain calm – when in doubt, call your financial institution.
  • Referencing a recent transaction. Vaguely worded emails mentioning a "recent transaction“, which requires online verification or asks you to provide additional account information, may be trying to scam you into revealing sensitive information.
  • Confirming your account information. It is possible that the criminals think they already have your account numbers, password, etc., and all they need is your confirmation. Don't give them help – do not respond to requests for confirmation of information that are unexpected.
  • You're a winner! "Just send money to cover the costs/fees/taxes and you can claim your prize." If you respond to this solicitation, the criminal will have your money, as well as your credit or debit card information (if you pay online), or your checking account number and bank routing information (if you pay by check).
  • Your donation is needed. Many criminals act like a legitimate charity to request donations, appealing to your emotions and taking advantage of tragedies and/or natural disasters. Exercise caution when making charitable donations. Make sure you donate directly via the non-profit organization's website.

Personal Identity Theft: What You Can Do

Report any suspicious activity involving BNY Mellon to your customer service representative.

 

Consider these best practices to help combat cyber fraud (note – this list is not exhaustive):

  • Use strong passwords, and have a different password for online banking sites than you might use for email and other online activities.
  • Never access bank, brokerage or other financial services information from public kiosks such as those found at internet cafes, public libraries and airports.
  • Use a secure session (https not http) in your browser for all online banking.
  • Do not select the option for automated logins of usernames and passwords for online banking.
  • Install anti-virus, desktop firewall and intrusion detection software on your computer.

 

What You Can Do

Consider the following best practices to help secure computer systems (note – this list is not exhaustive):

  • Consider using positive pay features to limit check fraud.
  • Consider using debit blocks on disbursement-only accounts.
  • Reconcile banking transactions on a daily basis.
  • If applicable, initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
  • If applicable, employ strong authentication controls ensure that instructions received for the movement of funds, securities and / or other items of value are genuine and presented by a duly authorized individual. Instructions sent via an electronic form, with built-in means to maintain the integrity of the instructions and to authenticate the sender, are preferable (e.g., SWIFT).
  • Employ strong password requirements, including prohibiting shared usernames and passwords.
  • Install commercial anti-virus, desktop firewall and intrusion detection software on all computer systems and apply updates regularly.
  • Ensure computers are patched regularly, particularly operating systems and key applications.
  • Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses — create limited user accounts for daily use.
  • Configure routers and firewalls to deny unauthorized access to your computer or network.
  • Change the default passwords on all network devices regularly.
  • Block pop-ups.
  • Make sure your employees know how to report suspicious activity to within your company.
  • Ensure your contingency plans address the need to recover systems suspected of compromise by malware, not just data corruption and catastrophic system / hardware failure.
  • Immediately notify BNY Mellon of any suspicious transactions, particularly ACH or wire transfers related to your BNY Mellon account(s).

 

Email Security at BNY Mellon

BNY Mellon works to protect the privacy and data integrity of sensitive information while it is in our possession and control.

 

In the course of providing services, we may exchange information with clients or their authorized representatives, which is sensitive and confidential. In order to protect this information, BNY Mellon requires sensitive information to be encrypted when transmitted over an open unsecured network.

 

BNY Mellon provides two encryption methods for electronic messages containing sensitive information sent to external recipients:

  • Transport Layer Security (TLS)
  • BNY Mellon Secure Messaging Portal

 

Transport Layer Security (TLS) is the primary and preferred method of encryption for BNY Mellon. TLS encrypts email messages between servers and is designed to protect confidentiality and data integrity, and is a widely recognized standard issued by the Internet Engineering Task Force (IETF) for securing transmitted data. This method of encryption allows email to be automatically secured with no additional steps required by the sender and recipient. TLS requires our external partner organizations to have both a TLS-capable infrastructure and a valid digital certificate for encryption. Once established, this method is the most convenient for all users and provides seamless encryption for email and attachments. 

 

BNY Mellon Secure Messaging Portal is the alternative secure encryption tool that is utilized when an external partner does not have TLS capability. The portal encapsulates a message and its attachments into an encrypted message. Once protected, the encrypted message is sent to recipients as an attachment to a plain text email. The recipient uses a self-created, pre-registered password to access the notification and any attachments.