Coloures-pic - Fotolia

Bank of Ireland fined €24.5m for business continuity failures

Bank of Ireland hit with multi-million euro fine by central bank following an investigation

The Bank of Ireland has been hit by a multi-million euro fine by Ireland’s central bank after an investigation found it has not had a system in place that could ensure customer services in the event of an IT failure.

The investigation by the Central Bank of Ireland was instigated by the European Central Bank.

The Bank of Ireland, which has 169 branches and more than two million customers, was fined €35m, which was reduced to €24.5m as part of a settlement discount scheme. It is the second-highest fine the central bank has ever handed out.

According to the Central Bank of Ireland, the bank was fined and reprimanded “for failures to have a robust framework in place to ensure continuity of service for the Firm and its customers in the event of a significant IT disruption”.

It added: “These deficiencies were repeatedly identified from 2008 onwards, but due to internal control failings, only started to be appropriately recognised and addressed in 2015. The steps taken by the Firm to address the deficiencies were completed by 2019.”

“From 2008 until 2019, BOI was in breach of key regulatory provisions regarding IT service continuity, arising from deficiencies that were repeatedly identified between 2008 and 2015 in third-party reports. However, steps to address these deficiencies only commenced in 2015,” said Seána Cunningham, director of enforcement and anti-money laundering at the Central Bank of Ireland.

“The impact of these breaches meant that had a severe disruption event occurred, BOI may not have been able to ensure continuity of critical services, such as payment services. Had BOI’s critical services been disrupted, this could have led to adverse effects on customers and the financial system.”

Read more about banking failures

According to the central bank, the Bank of Ireland admitted to the failures, including: to demonstrate an ability to ensure continuity of service in the event of significant IT disruption; to have effective internal controls to identify deficiencies in the IT; and to properly engage and oversee the management of third-party IT service providers.

With consumers increasingly reliant on digital banking services, regulators demand guarantees from banks that the right processes and policies are in place to ensure consumers can access banking services in the event of IT failure.

Read more on IT for financial services

Data Center
Data Management