Bank of Ireland fined 24.5m euro for breaching IT regulations

2 December 2021, 14:34

Bank of Ireland sign
Bank of Ireland branches due to close. Picture: PA

Deficiencies had been repeatedly identified from 2008 onwards but had only been recognised and addressed in 2015.

The Bank of Ireland has been fined 24.5 million euro for breaching regulations over its IT systems.

On Thursday, the Central Bank said the fine was for failures to have the proper frameworks in place to ensure continuous service for the bank and its customers in the event of significant IT disruption.

The Central Bank said deficiencies had been repeatedly identified from 2008 onwards but had only been recognised and addressed in 2015.

Efforts to address the failings were completed in 2019.

The five breaches of regulations took place between 2008 and 2019.

Seana Cunningham, director of enforcement and anti-money laundering at the Central Bank, said: “Today’s banks and financial services firms are wholly dependent on effective, reliable and resilient IT systems.

“It is vital that firms have a framework in place so that they can ensure continuity of critical IT services and minimise the impact of any significant disruption.

“Without an effective IT service continuity framework, significant IT disruptions, particularly if they were to happen in a bank, could have a very serious impact on millions of customers who rely on ready access to their funds and services to keep their everyday lives and businesses moving.

“The extent and duration of these breaches were particularly serious given the ‘always on’ nature of the services BOI provides and how pivotal IT is to the entirety of its business operations.

“The impact of these breaches meant that had a severe disruption event occurred, BOI may not have been able to ensure continuity of critical services, such as payment services.”

Minister for Finance Paschal Donohoe said the sanction by the Central Bank is “very significant and substantial”.

“It demonstrates two very important points about the retail banking system here in Ireland and how it is regulated,” Mr Donohoe added.

“Firstly, it is a reminder of how fundamental information technology now is to the delivery of banking services in our country.

“Secondly, it shows how seriously the Central Bank treat issues in relation to IT systems and services.

“Again it reminds us that we have a very strong independent regulator, that is capable of levying significant fines and sanctions when they believe it is merited.”

In a statement, a spokesperson for Bank of Ireland said: “Bank of Ireland has admitted five breaches – related to its IT service continuity framework and related internal controls between 2008 and 2019 – to the Central Bank of Ireland.

“Bank of Ireland fully acknowledges, and sincerely apologises for, each of these breaches which should not have arisen.

“To comprehensively address these breaches the bank has invested heavily in IT service continuity, completing an extensive group-wide programme of work between 2015 and 2019.

“This has included technology investment such as infrastructure and network upgrades, and enhanced testing, planning and internal procedures.

“Following the actions taken, Bank of Ireland has robust IT service continuity processes in place and continues to invest heavily in this area as technological requirements evolve.

“The bank co-operated fully, proactively and voluntarily with the CBI during this investigation.”

By Press Association