Ireland’s central banking authority has fined the Bank of Ireland €24.5m for breaching regulations related to its IT systems.

The authority said that the lender failed to deploy a robust framework to ensure continuity of services in the event of a serious IT disruption.

Deficiencies in Bank of Ireland’s IT systems had been repeatedly identified since 2008.

Due to a lack of internal control, the lender started working on it in 2015 and addressed the issues completely in 2019.

Bank of Ireland has admitted to five breaches that took place between 2008 to 2019.

The Central Bank’s director of enforcement and anti-money laundering Seána Cunningham said: “The extent and duration of these breaches were particularly serious given the ‘always on’ nature of the services BOI provides and how pivotal IT is to the entirety of its business operations.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

“The impact of these breaches meant that had a severe disruption event occurred, BOI may not have been able to ensure continuity of critical services, such as payment services. Had BOI’s critical services been disrupted, this could have led to adverse effects on customers and the financial system.”

In its defense, Bank of Ireland said that to address these breaches it has invested heavily in IT service continuity.

It included technology investment in infrastructure, network upgrades, enhanced testing, planning and internal procedures.

Last week, Singapore’s banking group DBS faced serious disruption in banking services and it may face “supervisory action” from the regulator.