Bank of Ireland UK fined £3.7m for delayed implementation of fraud protection system

Bank of Ireland UK has been fined £3.7 million by the Payment Systems Regulator for failing to implement Confirmation of Payee on time, leaving customers vulnerable to fraud and misdirected payments for more than a year.

The safeguard, designed to verify that recipients' account details match the name provided before money is transferred, was not applied to transactions involving more than 1.14 million new payees, with payments totaling approximately £6.9 billion during the delay period.

Background and Context

Confirmation of Payee is a security measure that allows people to confirm the account they're sending money to matches their expectations, helping to combat Authorised Push Payment (APP) fraud, which costs UK consumers hundreds of millions annually. The system became mandatory for Group 1 payment service providers, including Bank of Ireland UK, by 31 October 2023, according to requirements confirmed by the Payment Systems Regulator (PSR) in October 2022.

Key Figures and Entities

Bank of Ireland UK was the final Group 1 payment service provider to achieve compliance with the Confirmation of Payee requirement, implementing the system 14 months after the deadline. David Geale, managing director at the Payment Systems Regulator, stated: "Confirmation of Payee is a vital tool to combat fraud and misdirected payments, giving people confidence that their money is going exactly where they intend. Bank of Ireland UK had plenty of time to put the system in place, missing the deadline by more than a year put its customers at increased risk of fraud."

Legal and Financial Mechanisms

The Payment Systems Regulator imposed a £3,779,300 fine on Bank of Ireland UK. The penalty would have been higher at £5.4 million, but the bank qualified for a 30% early settlement discount by agreeing to settle at an early stage of the enforcement decision-making process under the PSR's settlement procedures. The regulator's enforcement powers include intervention when firms fail to comply with critical consumer protection requirements, as outlined in the PSR's enforcement framework.

International Implications and Policy Response

This case highlights challenges in implementing coordinated fraud prevention measures across the UK banking sector. The Payment Systems Regulator has signaled it will continue to use enforcement powers to ensure compliance with Confirmation of Payee requirements, emphasizing the importance of consistent implementation across all payment service providers to maintain consumer protection standards. The Confirmation of Payee system represents a significant component of the UK's broader strategy against APP fraud, which continues to evolve as criminals develop increasingly sophisticated methods.

Sources

This report draws on information from the Payment Systems Regulator's enforcement notice and official statements regarding the Bank of Ireland UK case. Additional context comes from the Payment Systems Regulator's published guidance on Confirmation of Payee implementation requirements.