Bank of Ireland fined for breaching IT regulations

The Bank of Ireland has been fined €24.5m (£20.8m) for breaching regulations over its IT systems.

Ireland's Central Bank said the fine was for failures to have a robust framework in place to ensure continuity of service in the event of a significant IT disruption.

The Central Bank said deficiencies had been repeatedly identified from 2008.

As adequate internal controls were not in place, the bank only began to deal with them from 2015.

The problems were only fully rectified two years ago.

The five breaches of regulations took place between 2008 and 2019.

Seána Cunningham, the Central Bank's director of enforcement and anti-money laundering, said it was "vital that firms have a framework in place so they can ensure continuity of critical IT services and minimise the impact of any significant disruption".

"Without an effective IT service continuity framework, significant IT disruptions, particularly if they were to happen in a bank, could have a very serious impact on millions of customers who rely on ready access to their funds and services to keep their everyday lives and businesses moving."

The Central Bank said the extent and duration of the bank's breaches were particularly serious given the "always on" nature of the services that Bank of Ireland provides.

Bank of Ireland said it admitted five breaches to the Central Bank of Ireland, related to its IT service continuity framework and related internal controls between 2008 and 2019.

"Bank of Ireland fully acknowledges, and sincerely apologises for, each of these breaches which should not have arisen," it said.

It said that to "comprehensively" address these breaches, it had invested heavily in IT service continuity, completing an extensive group-wide programme of work between 2015 and 2019.

"This has included technology investment such as infrastructure and network upgrades, and enhanced testing, planning and internal procedures," it said.

"Following the actions taken, Bank of Ireland has robust IT service continuity processes in place and continues to invest heavily in this area as technological requirements evolve."

The bank added that it had co-operated fully, proactively and voluntarily with the Central Bank during the investigation.

Irish broadcaster RTÉ said the Central Bank had not commented on whether other similar investigations were under way into other Irish banks, or whether the role of individuals in the Bank of Ireland case is being investigated.