On
The Incident
The regulatory investigation arose from a 2014 cyber fraud incident perpetrated on BOIPB resulting in a finding that BOIPB had not applied adequate cyber security arrangements.
Administrative Sanctions Procedure
Under the Central Bank Act 1942, the
It can impose various sanctions (by way of settlement or on foot of findings at an inquiry), ranging from reprimands to financial penalties of up to €10 million or 10% of turnover on a regulated financial service provider (whichever is the greater), and fines of up to €1 million on individuals involved in that firm's management.
MiFID Contraventions
- to implement sound administrative procedures and internal control mechanisms for third party payments;
- to introduce adequate organisational arrangements around third party payments to minimise the risk of loss of client assets as a result of fraud;
- to establish, implement and maintain systems and procedures adequate to safeguard the security, integrity and confidentiality of client bank account details;
- to establish, implement and maintain adequate internal control mechanisms to comply with its obligations in relation to reporting of offences under section 19 of the Criminal Justice Act 2011; and
- to monitor and regularly assess the adequacy and effectiveness of the procedures and the actions taken to address deficiencies in respect of third party payments.
Conduct and Transparency
In determining the sanction, the
The headline sanction of €2,370,000 represented approximately 12% of BOIPB's reported operating income for the last year that it existed as an independent entity (y/e
This is the second time the
Cyber Security in Focus
This case closely follows the publication of an industry letter by the
This letter states that "concerns still exist for the
Coupled with the decision in this case, it highlights the
In addition, it is important for regulated entities to be mindful of their obligations under data protection law, which can give rise to separate liability to individual data subjects, and to potential regulatory sanction by the
Footnotes
1, https://www.centralbank.ie/news/article/press-release-enforcement-action-notice-bank-of-ireland-fined-and-reprimanded-28-july-2020
2. https://www.centralbank.ie/regulation/how-we-regulate/enforcement/administrative-sanctions-procedure
3. The European Union (Markets in Financial Instruments) Regulations 2007, since replaced by the
4. https://www.centralbank.ie/news-media/press-releases/press-release-central-bank-launches-guidance-on-enforcement-sanctions-14-november-2019
Originally published
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Mr
75 St. Stephen's Green
Tel: 1619 2000
Fax: 1619 2001
E-mail: Ailbhe.Enright@maples.com
URL: www.maples.com
© Mondaq Ltd, 2020 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source