Bank of Ireland fined €1.6m by Central Bank over fraud not reported to Gardaí for year           

Bank of Ireland has been fined €1.66m for a cyber fraud case at the bank's private clients unit  
Bank of Ireland fined €1.6m by Central Bank over fraud not reported to Gardaí for year           
A sign sits on the exterior of a Bank of Ireland 

The Central Bank has slapped a €1.66m fine on Bank of Ireland for a cyber-fraud case at the bank's private clients unit that involved the bank's failure to notify Gardaí and the regulator. 

In its reprimand, the regulator said the 2014 incident involved the Bank of Ireland Private Banking (BoIPB) paying over €106,430 from the client's account and the bank's own funds on the instructions of a fraudster.

The bank reimbursed the funds but the Central Bank only became aware of the case a year later during a risk audit when it came across a log held by BoIPB.

The Central Bank said the bank failed to report the fraud case to Gradái "and only did so at the request of the Central Bank over one year after the incident". It said: "Reporting illegal activity is essential in the fight against financial crime."

Moreover, the Central Bank found the Bank of Ireland unit had effectively misled the Central Bank during its investigation and found it had inadequate systems, inadequate governance, poor staff training, "and a culture in which fulfilling clients’ instructions was given primacy over security and regulatory requirements". 

"BoIPB failed for a period of 19 months to disclose to the Central Bank an internal report, commissioned following the incident, which identified ongoing systemic control failings in the processing of third party payments. During that same period, BoIPB strenuously denied the existence of any such failings to the Central Bank in response to the investigation," it said. 

"The Central Bank’s investigation arose from a cyber-fraud incident that occurred in September 2014. Acting on instructions from a fraudster impersonating a client, BoIPB made two payments to a third party account totalling €106,430: One from a client’s personal current account, the other from BoIPB’s own funds," the regulator said. 

Its fine of €2.37m was reduced to €1.66m   

Bank of Ireland said it regretted the incident. 

"All relevant information should have been disclosed to the Central Bank of Ireland from the outset, and the matter should have been reported to all relevant authorities," it said. "The bank has learned lessons from this incident and has taken a range of actions arising from the issue. Policies, processes, and controls have been strengthened to ensure customers are protected," it said.

More in this section

Lunchtime News Wrap

A lunchtime summary of content highlights on the Irish Examiner website. Delivered at 1pm each day.

Sign up
Revoiced
Newsletter

Our Covid-free newsletter brings together some of the best bits from irishexaminer.com, as chosen by our editor, direct to your inbox every Monday.

Sign up