Bank of Ireland fined 24.5m euro for breaching IT regulations

Deficiencies had been repeatedly identified from 2008 onwards but had only been recognised and addressed in 2015.

Dominic McGrath
Thursday 02 December 2021 09:31 EST
Bank of Ireland has been fined after breaching IT regulations (Liam McBurney/PA)
Bank of Ireland has been fined after breaching IT regulations (Liam McBurney/PA) (PA Archive)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Bank of Ireland has been fined 24.5 million euro for breaching regulations over its IT systems.

On Thursday, the Central Bank said the fine was for failures to have the proper frameworks in place to ensure continuous service for the bank and its customers in the event of significant IT disruption.

The Central Bank said deficiencies had been repeatedly identified from 2008 onwards but had only been recognised and addressed in 2015.

Efforts to address the failings were completed in 2019.

The five breaches of regulations took place between 2008 and 2019.

Bank of Ireland fully acknowledges, and sincerely apologises for, each of these breaches which should not have arisen

Bank of Ireland statement

Seana Cunningham, director of enforcement and anti-money laundering at the Central Bank, said: “Today’s banks and financial services firms are wholly dependent on effective, reliable and resilient IT systems.

“It is vital that firms have a framework in place so that they can ensure continuity of critical IT services and minimise the impact of any significant disruption.

“Without an effective IT service continuity framework, significant IT disruptions, particularly if they were to happen in a bank, could have a very serious impact on millions of customers who rely on ready access to their funds and services to keep their everyday lives and businesses moving.

“The extent and duration of these breaches were particularly serious given the ‘always on’ nature of the services BOI provides and how pivotal IT is to the entirety of its business operations.

“The impact of these breaches meant that had a severe disruption event occurred, BOI may not have been able to ensure continuity of critical services, such as payment services.”

Again it reminds us that we have a very strong independent regulator, that is capable of levying significant fines and sanctions when they believe it is merited

Paschal Donohoe

Minister for Finance Paschal Donohoe said the sanction by the Central Bank is “very significant and substantial”.

“It demonstrates two very important points about the retail banking system here in Ireland and how it is regulated,” Mr Donohoe added.

“Firstly, it is a reminder of how fundamental information technology now is to the delivery of banking services in our country.

“Secondly, it shows how seriously the Central Bank treat issues in relation to IT systems and services.

“Again it reminds us that we have a very strong independent regulator, that is capable of levying significant fines and sanctions when they believe it is merited.”

In a statement, a spokesperson for Bank of Ireland said: “Bank of Ireland has admitted five breaches – related to its IT service continuity framework and related internal controls between 2008 and 2019 – to the Central Bank of Ireland.

“Bank of Ireland fully acknowledges, and sincerely apologises for, each of these breaches which should not have arisen.

“To comprehensively address these breaches the bank has invested heavily in IT service continuity, completing an extensive group-wide programme of work between 2015 and 2019.

“This has included technology investment such as infrastructure and network upgrades, and enhanced testing, planning and internal procedures.

“Following the actions taken, Bank of Ireland has robust IT service continuity processes in place and continues to invest heavily in this area as technological requirements evolve.

“The bank co-operated fully, proactively and voluntarily with the CBI during this investigation.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in