Bank of Ireland hit with €24.5 million fine over IT failures

The bank failed to implement frameworks to ensure services continued in the event of IT disruption

A view of the outside of a branch of the Bank of Ireland

Ireland’s Central Bank has fined the Bank of Ireland €24.5 million (£20.8 million) for IT failures that took over a decade to be appropriately recognised, addressed, and fixed.

The bank was found to have a failed to implement a robust framework to ensure continuity of service for customers in the event of significant IT disruption.

These deficiencies were repeatedly identified from 2008 onwards but, due to the bank's internal control failings, only began to be appropriately recognised and addressed in 2015, before being completed in 2019.

The Bank of Ireland has admitted five contraventions that occurred between 2008 and 2019, including failing to demonstrate an ability to ensure continuity of service in the event of significant IT disruption and failing to have effective internal controls to identify deficiencies in the IT service continuity framework.

It also admitted to failing to properly engage and oversee the management of third party IT service providers with respect to IT service continuity.

Related Resource

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Woman sitting on a couch with laptopFree download

Firms and their boards are responsible for having an effective IT service continuity framework and associated internal controls, said the Central Bank. These are regarded as core parts of a company's operational resilience and will continue to be an area of focus as part of the Central Bank’s and the European Central Bank’s supervisory strategy.

“Today’s banks and financial services firms are wholly dependent on effective, reliable, and resilient IT systems,” said Seána Cunningham, the Central Bank’s director of Enforcement and Anti-Money Laundering. “It is vital that firms have a framework in place so that they can ensure continuity of critical IT services and minimise the impact of any significant disruption.”

Cunningham said that significant IT disruptions could have a very serious impact on millions of customers who rely on ready access to their funds and services to keep their everyday lives and businesses moving.

She added that the extent and duration of the Bank of Ireland’s breaches were particularly serious given the ‘always-on’ nature of the services it provides and how pivotal IT is to the entirety of its business operations.

“Bank of Ireland fully acknowledges, and sincerely apologises for, each of these breaches which should not have arisen,” a spokesperson said to IT Pro. They added that to address the various issues, the bank has invested heavily in IT service continuity, including infrastructure and network upgrades, and enhanced testing, planning, and internal procedures.

The Central Bank determined the appropriate fine to be €35 million, which has been reduced by 30% to €24.5 million in accordance with a settlement discount scheme provided for in the Central Bank’s Administrative Sanctions Procedure.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022