News

Bank of Ireland fined £3.7m after missing Confirmation of Payee safeguard deadline

by CBIA Team

Updated February 22, 2026

Feature image — CBIA thanks Joaquin Carfagna for the photo

The Payment Systems Regulator (PSR) has fined Bank of Ireland UK £3.7 million for failing to implement a crucial fraud protection service on time, leaving more than one million customers vulnerable to potential scams and misdirected payments for over a year.

The bank missed the regulatory deadline by 14 months, during which time over 1.14 million new payees and £6.9 billion in payments were left without the protection of the Confirmation of Payee (CoP) system, according to regulatory findings.

Background and Context

Confirmation of Payee is a security measure that allows people to verify that the account they're sending money to matches the intended recipient before completing a transfer. The system provides real-time checks, helping prevent both authorised push payment fraud and simple errors where funds are sent to the wrong account.

The PSR confirmed the requirement for payment service providers to implement CoP in October 2022, giving firms approximately one year to establish the necessary infrastructure. The deadline for implementation was set for 31 October 2023. Bank of Ireland UK was the last Group 1 payment service provider to achieve compliance, significantly lagging behind competitors who had already implemented the safeguard.

Key Figures and Entities

The Payment Systems Regulator, which oversees payment systems in the UK, imposed the financial penalty after determining that Bank of Ireland UK's non-compliance represented a serious breach of its regulatory obligations. The regulator operates independently of government and the financial services industry, with a mandate to protect consumers and promote competition in payment systems.

According to David Geale, Managing Director at the PSR: "Confirmation of Payee is a vital tool to combat fraud and misdirected payments, giving people confidence that their money is going exactly where they intend. Bank of Ireland UK had plenty of time to put the system in place, missing the deadline by more than a year put its customers at increased risk of fraud. Where we see firms failing to comply with the Confirmation of Payee requirements and leaving customers without this critical protection, we will use our powers to intervene to make sure this important direction is followed."

Legal and Financial Mechanisms

The £3.7 million penalty reflects the PSR's enforcement powers under the Payment Services Regulations 2017, which authorize the regulator to impose fines on firms that fail to meet regulatory requirements. The financial penalty serves both as punishment for non-compliance and as a deterrent to other payment service providers.

The delayed implementation meant that customers of Bank of Ireland UK were unable to benefit from the same level of protection available to customers of other major UK banks during a period when authorised push payment fraud continued to rise across the UK. According to UK Finance, such fraud resulted in losses of £239.4 million in the first half of 2023 alone.

International Implications and Policy Response

The case highlights broader challenges in implementing consistent fraud prevention measures across the banking sector, particularly for institutions operating across multiple jurisdictions with varying technological infrastructures. Bank of Ireland UK, while part of an Irish banking group, operates under UK regulatory requirements.

The enforcement action signals the PSR's commitment to ensuring uniform protection standards across the UK payment landscape, regardless of a bank's country of origin. It also underscores the growing regulatory emphasis on proactive fraud prevention rather than reactive measures, reflecting a shift in how financial regulators approach consumer protection in digital banking.