Public statement relating to Enforcement Action against the Governor and Company of the Bank of Ireland 2 December 2021

• Date: 02 December 2021

1

ENFORCEMENT ACTION

Central Bank of Ireland

and

The Governor and Company of the Bank of Ireland

The Governor and Company of the Bank of Ireland fined €24,500,000 and reprimanded by

the Central Bank of Ireland for breaches pertaining to its IT service continuity framework

and related internal controls failings

On 30 November 2021, the Central Bank of Ireland (the Central Bank) reprimanded and fined

The Governor and Company of the Bank of Ireland (the Firm or BOI) €24,500,000 pursuant to

its Administrative Sanctions Procedure (ASP) for failures to have a robust framework in place

to ensure continuity of service for the Firm and its customers in the event of a significant IT

disruption. These IT service continuity deficiencies were repeatedly identified from 2008

onwards but due to internal control failings only started to be appropriately recognised and

addressed in 2015. The steps taken by the Firm to address the deficiencies were completed by

2019.

The Central Bank has determined the appropriate fine to be €35,000,000, which has been

reduced by 30% to €24,500,000 in accordance with the settlement discount scheme provided

for in the Central Bank’s ASP.

The Firm has admitted five contraventions

1

occurring between 2008 and 2019 including:

 The failure to demonstrate an ability to ensure continuity of service in the event of

significant IT disruption;

1

Breaches of the Eu ropean Communities (Licensing & Supervision of Credit Institutions) Regulations 1992 (S.I. No.

395 of 1992) (as amended)) and the European Union (Capital Requirements) Regulations 2014 (S.I. No. 158 of 2014).