Bank of Ireland fined €1.66m for regulatory breaches
The Bank of Ireland, the country’s largest lender, was fined €1.66 million this week for regulatory breaches, Reuters reports.
The bank was fined by the Central Bank for causing a loss to one of its private banking clients. It was also found to have misled the regulator.
The bank failed to report a security breach in 2014
Authored by its former subsidiary, Bank of Ireland Private Banking (BOIPB), these breaches totaled to five.
Client loss
The Central Bank began its investigation after a cyber-fraud incident at Bank of Ireland in September 2014.
The incident occurred when the bank’s private banking arm made two payments totalling €106,430 on behalf of what it thought was a client. It later emerged that a fraudster had impersonated the client.
One of these payments was from the client’s personal current account. The other was from BOIPB’s own funds. Following the incident, the bank immediately reimbursed the client’s loss.
In 2015, the Central Bank uncovered a reference to the incident in an operational incident blog during a procedural risk assessment.
The bank did eventually report the fraud to the police, but it was a whole year later and on the request of the Central Bank.
Other breaches
The Central Bank’s assessment went on to find serious flaws in BOIPB’s third-party payments.
These included inadequate systems and controls which would have minimised the risk of loss from fraud.
It also uncovered that the systems and control environments used by the bank were not reviewed or governed properly.
To add to it, staff lacked training. And the bank had bred a culture where clients’ needs came above compliance.
Lack of transparency was misleading
The bank’s failure to maintain transparency with the Central Bank throughout the investigation has also led to a charge of misleading the regulator.
“The excessive time taken by BOIPB to remediate identified deficiencies and the failure to be fully transparent and open in the context of the Central Bank’s investigation were aggravating features in this case,” says the Central Bank’s director of enforcement and anti-money laundering, Seána Cunningham.
The bank says it regrets the way it handled the ongoing investigation.
“All relevant information should have been disclosed to the Central Bank of Ireland from the outset, and the matter should have been reported to all relevant authorities,” it says in a statement.
Moving forward
The bank notes that it has put in place changes to avoid such incidents happening in the future.
“Policies, processes and controls have been strengthened to ensure customers are protected,” says the bank.
BOIPB was fully integrated into the Bank of Ireland Group in 2017 as part of these changes.
“In addition, the bank has significantly enhanced training for all colleagues on fraud prevention and customer protection.
“The bank’s senior management understands the fundamental importance of professional, open and transparent engagement with all regulatory authorities,” the bank adds.
Read next: Dublin start-up My Money Jar lands investment from Enterprise Ireland
