The UK regulator said the bank implemented a system to send Confirmation of Payee (CoP) requests 14 months after the required deadline.
As a result, the protection under the regulation named Specific Direction 17 was not applied to transactions involving more than 1.14 million new payees, with payments totalling approximately £6.9bn.
The bank was required to have systems in place to send and receive CoP requests by October 31, 2023.
CoP allows customers to check that the name on an account matches the intended recipient before making a payment. The measure is designed to reduce fraud and misdirected payments.
The PSR confirmed the requirement in October 2022, giving payment service providers a year to comply. Bank of Ireland UK was the last Group 1 payment service provider to meet the requirement, according to the regulator.
“Confirmation of Payee is a vital tool to combat fraud and misdirected payments, giving people confidence that their money is going exactly where they intend,” David Geale, managing director at the PSR, said.
“Bank of Ireland UK had plenty of time to put the system in place. Missing the deadline by more than a year put its customers at increased risk of fraud.
“Where we see firms failing to comply with the Confirmation of Payee requirements and leaving customers without this critical protection, we will use our powers to intervene to make sure this important direction is followed,” he said.
The regulator opened its investigation in July 2024. The bank agreed to settle at an early stage of the enforcement process and therefore qualified for a 30pc discount under the PSR’s settlement procedures. Without the discount, the fine would have been £5.4m.
In a statement, Bank of Ireland UK said it “fully acknowledges and sincerely apologises for the delay in implementing send requests for Confirmation of Payee, which has been in place for all customers since January 2025”.
“The bank takes its regulatory obligations extremely seriously and regrets that this issue arose,” it said.
“Protecting customers from financial harm is of critical importance to us and we are investing more than ever to do this. From enhanced monitoring, the use of AI and strengthening our controls, we are continually improving our systems and processes to stay ahead of emerging threats and ensure customers can bank with confidence.”
source