2 min

Bank of Ireland has been fined by the Central Bank for regulatory breaches related to its IT systems and relevant internal control. The fine is to the tune of €24.5 million and came after the regulator found that Bank of Ireland failed to have a robust framework in place to ensure continuity of services for customers, in case an IT disruption occurred.

The bank did not have effective internal controls in place to identify issues and bring them to the attention of the board or senior management.

The Central Bank also discovered that when it comes to IT services, Bank of Ireland did not properly engage and oversee the management of third-party IT service providers.


These flaws in Bank of Ireland were repeatedly identified beginning 2008 to the present. Due to inadequate controls implementation within the bank, it only started recognizing and engaging with these issues in 2015.

It was not until two years ago that the problems were fully rectified. The Central Bank has acknowledged that no major outages happened at the Bank of Ireland during the period under investigation.

However, there is no better way to get banks to behave than to remind them of the concept of punishment, so they can be prepared for such eventualities.

You have to have a plan for a rainy day

Seána Cunningham, the Central Bank’s Director of Enforcement and Anti-Money Laundering, said that today’s banks and financial services are wholly dependent on reliable and resilient IT systems.

Therefore, Cunningham said that it is vital for them to have a framework in place that ensures the continuity of the institutions and to deal with any significant disruption.

With no effective IT service continuity framework, a significant disruption could impact millions of people and businesses that rely on access to funds and services.