Public statement relating to Enforcement Action against the Governor and Company of the Bank of Ireland 2 December 2021

Date02 December 2021
1
ENFORCEMENT ACTION
Central Bank of Ireland
and
The Governor and Company of the Bank of Ireland
The Governor and Company of the Bank of Ireland fined €24,500,000 and reprimanded by
the Central Bank of Ireland for breaches pertaining to its IT service continuity framework
and related internal controls failings
On 30 November 2021, the Central Bank of Ireland (the Central Bank) reprimanded and fined
The Governor and Company of the Bank of Ireland (the Firm or BOI) 24,500,000 pursuant to
its Administrative Sanctions Procedure (ASP) for failures to have a robust framework in place
to ensure continuity of service for the Firm and its customers in the event of a significant IT
disruption. These IT service continuity deficiencies were repeatedly identified from 2008
onwards but due to internal control failings only started to be appropriately recognised and
addressed in 2015. The steps taken by the Firm to address the deficiencies were completed by
2019.
The Central Bank has determined the appropriate fine to be 35,000,000, which has been
reduced by 30% to €24,500,000 in accordance with the settlement discount scheme provided
for in the Central Bank’s ASP.
The Firm has admitted five contraventions
1
occurring between 2008 and 2019 including:
The failure to demonstrate an ability to ensure continuity of service in the event of
significant IT disruption;
1
Breaches of the Eu ropean Communities (Licensing & Supervision of Credit Institutions) Regulations 1992 (S.I. No.
395 of 1992) (as amended)) and the European Union (Capital Requirements) Regulations 2014 (S.I. No. 158 of 2014).

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT