In a new credit outlook report, ratings agency Moody’s has assessed the impact of the recent cyberattack on foreign exchange company TP Financing 3 - commonly known as Travelex. The company’s website and app have remained offline after a cyberattack on 31 December. The company shut down its website and app to contain the malware and had to implement manual processes for its retail stores and wholesale business. Travelex relies on its website and its app to allow its customers to make money transfers and buy currency online.

Moody’s says it expects the disruption to reduce revenue, increase costs and potentially erode margins, a credit negative. The ultimate credit effect on Travelex will depend on how long its business is disrupted, the extent of required remediation and related costs, as well as consumers’ continued confidence in the security of its sensitive operations involving cash transfers.

Although both its website and app are unavailable, Travelex continues to provide services manually through its large network of stores and ATMs globally. The company has processes and procedures in place for manual operations, including formal control processes. However, manual processing leads to reduced revenue because customers may make fewer transactions. It also increases Travelex’ costs because all transactions must be executed manually and are likely to take longer to process. Both of these factors will curb Travelex’ margins.

The credit outlook report notes that Travelex is one of a wide range of companies dealing with cybersecurity risks because of rapid digitisation of its business. According to media reports, the attack on Travelex is a ransomware attack with the virus Sodinokibi, one of the more sophisticated ransomware viruses. Sodinokibi locks files and demands a ransom payment for a decryption key. Travelex has informed all appropriate regulators and law enforcement agencies and engaged third-party cyber security specialists.

Positively, Travelex carries a cyber security insurance that should help offset its costs and the effects of business disruption. However, collecting on cyber insurance can be a prolonged process depending on the complexity of the claim, as well as policy wording and coverage triggers.

The report notes that Travelex’ profitability and leverage may be significantly affected by this attack owing to the company’s customer concentration with large wholesale customers, as well as some retail concessions, such as the Heathrow airport. Although the contract with Heathrow was recently renewed, Travelex’ wholesale operations are usually not bound by long-term contracts and, as such, the revenue derived from the wholesale business in particular could prove volatile in the future. However, this risk is mitigated by Travelex’ long-standing relationships (often more than a decade long) with its key wholesale customers and the stickiness of its outsourcing contracts, where the company operates integrated systems. Travelex is regularly communicating with all of its partners as it works to counter the effects of the cyberattack.

Travelex may also be challenged to meet the additional costs (not covered by cyber insurance) associated with remediating this cyberattack because of its sustained cash burn as a result of low profitability and continued spending on IT developments and maintenance. The report concludes on a positive, noting that Travelex has a long history of support by the ultimate shareholders of Finablr, a recently listed entity that wholly owns Travelex.