IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Bank of Ireland hit with €24.5 million fine over IT failures

The bank failed to implement frameworks to ensure services continued in the event of IT disruption

A view of the outside of a branch of the Bank of Ireland

Ireland’s Central Bank has fined the Bank of Ireland €24.5 million (£20.8 million) for IT failures that took over a decade to be appropriately recognised, addressed, and fixed.

The bank was found to have a failed to implement a robust framework to ensure continuity of service for customers in the event of significant IT disruption.

These deficiencies were repeatedly identified from 2008 onwards but, due to the bank's internal control failings, only began to be appropriately recognised and addressed in 2015, before being completed in 2019.

The Bank of Ireland has admitted five contraventions that occurred between 2008 and 2019, including failing to demonstrate an ability to ensure continuity of service in the event of significant IT disruption and failing to have effective internal controls to identify deficiencies in the IT service continuity framework.

It also admitted to failing to properly engage and oversee the management of third party IT service providers with respect to IT service continuity.

Related Resource

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Woman sitting on a couch with laptopFree download

Firms and their boards are responsible for having an effective IT service continuity framework and associated internal controls, said the Central Bank. These are regarded as core parts of a company's operational resilience and will continue to be an area of focus as part of the Central Bank’s and the European Central Bank’s supervisory strategy.

“Today’s banks and financial services firms are wholly dependent on effective, reliable, and resilient IT systems,” said Seána Cunningham, the Central Bank’s director of Enforcement and Anti-Money Laundering. “It is vital that firms have a framework in place so that they can ensure continuity of critical IT services and minimise the impact of any significant disruption.”

Cunningham said that significant IT disruptions could have a very serious impact on millions of customers who rely on ready access to their funds and services to keep their everyday lives and businesses moving.

She added that the extent and duration of the Bank of Ireland’s breaches were particularly serious given the ‘always-on’ nature of the services it provides and how pivotal IT is to the entirety of its business operations.

“Bank of Ireland fully acknowledges, and sincerely apologises for, each of these breaches which should not have arisen,” a spokesperson said to IT Pro. They added that to address the various issues, the bank has invested heavily in IT service continuity, including infrastructure and network upgrades, and enhanced testing, planning, and internal procedures.

The Central Bank determined the appropriate fine to be €35 million, which has been reduced by 30% to €24.5 million in accordance with a settlement discount scheme provided for in the Central Bank’s Administrative Sanctions Procedure.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Why India wants to become a chipmaking powerhouse

Why India wants to become a chipmaking powerhouse

28 Jun 2022