Bank of Ireland fined €1.6m for cyber security breaches

The Central Bank of Ireland has reprimanded and fined the Bank of Ireland for five breaches of the MiFID regulations committed by its former subsidiary Bank of Ireland Private Banking.

The central bank determined the appropriate fine to be €2.37 million, which has been reduced by 30 per cent to €1.6 million for early payment.

The investigation arose from a cyber fraud incident that occurred in September 2014. Acting on instructions from a fraudster impersonating a client, Bank of Ireland Private Banking made two payments to a third party account totalling €106,430 - one from a client’s personal current account, the other from its own funds.

It immediately reimbursed the client, but had not reported the cyber fraud to the police, and only did so at the request of the central bank over a year after the Incident.

The Central Bank of Ireland found serious deficiencies in respect of third party payments, including: inadequate systems and controls to minimise the risk of loss from fraud; inadequate governance, oversight and ongoing review of the systems and control environment; and a lack of staff training or compliance monitoring.

Bank of Ireland Private Banking's failure to be open and transparent had the effect of misleading the course of the investigation - failing for a period of 19 months to disclose internal reports commissioned following the incident, which identified ongoing systemic control failings in the processing of third party payments.

Remediation in relation to third party payment processes took place in February 2016, 17 months after the Incident, and then only following the central bank’s intervention. In August 2016, the Central Bank of Ireland determined that a Risk Mitigation Programme relating to third party payment processes was completed.

The central bank’s director of enforcement and anti-money laundering Seána Cunningham said: “We have a clear expectation that firms are alert to the real and increasing risks from cyber fraud to the security of their clients’ deposits and confidentiality of their clients’ financial information, and put in place appropriate safeguards to protect their clients accordingly.

"This case should serve to highlight to all firms the importance of ongoing vigilance in the area of cyber security."

    Share Story:

Recent Stories


The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.