Bank of Ireland hit with €24.5 million fine over IT failures

The bank failed to implement frameworks to ensure services continued in the event of IT disruption

A view of the outside of a branch of the Bank of Ireland

Ireland’s Central Bank has fined the Bank of Ireland €24.5 million (£20.8 million) for IT failures that took over a decade to be appropriately recognised, addressed, and fixed.

The bank was found to have a failed to implement a robust framework to ensure continuity of service for customers in the event of significant IT disruption.

These deficiencies were repeatedly identified from 2008 onwards but, due to the bank's internal control failings, only began to be appropriately recognised and addressed in 2015, before being completed in 2019.

The Bank of Ireland has admitted five contraventions that occurred between 2008 and 2019, including failing to demonstrate an ability to ensure continuity of service in the event of significant IT disruption and failing to have effective internal controls to identify deficiencies in the IT service continuity framework.

It also admitted to failing to properly engage and oversee the management of third party IT service providers with respect to IT service continuity.

Related Resource

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Woman sitting on a couch with laptopFree download

Firms and their boards are responsible for having an effective IT service continuity framework and associated internal controls, said the Central Bank. These are regarded as core parts of a company's operational resilience and will continue to be an area of focus as part of the Central Bank’s and the European Central Bank’s supervisory strategy.

“Today’s banks and financial services firms are wholly dependent on effective, reliable, and resilient IT systems,” said Seána Cunningham, the Central Bank’s director of Enforcement and Anti-Money Laundering. “It is vital that firms have a framework in place so that they can ensure continuity of critical IT services and minimise the impact of any significant disruption.”

Cunningham said that significant IT disruptions could have a very serious impact on millions of customers who rely on ready access to their funds and services to keep their everyday lives and businesses moving.

She added that the extent and duration of the Bank of Ireland’s breaches were particularly serious given the ‘always-on’ nature of the services it provides and how pivotal IT is to the entirety of its business operations.

“Bank of Ireland fully acknowledges, and sincerely apologises for, each of these breaches which should not have arisen,” a spokesperson said to IT Pro. They added that to address the various issues, the bank has invested heavily in IT service continuity, including infrastructure and network upgrades, and enhanced testing, planning, and internal procedures.

The Central Bank determined the appropriate fine to be €35 million, which has been reduced by 30% to €24.5 million in accordance with a settlement discount scheme provided for in the Central Bank’s Administrative Sanctions Procedure.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022