The Payment Systems Regulator (PSR) has imposed a £3,779,300 fine on Bank of Ireland UK (BOIUK), the UK subsidiary of Bank of Ireland, for a significant delay in rolling out Confirmation of Payee (CoP), a key anti-fraud measure in the UK’s payment ecosystem.
Confirmation of Payee is a vital safeguard designed to protect consumers from Authorised Push Payment (APP) fraud and accidental misdirected payments.
When a customer initiates a transfer, the system cross-checks the recipient’s name against the account details provided.
If there’s a mismatch, the payer receives a warning, helping prevent funds from reaching scammers or wrong accounts.
The PSR mandated that major payment service providers, classified as Group 1, implement systems to both send and receive CoP requests by 31 October 2023.
Despite this clear directive, BOIUK failed to deploy the necessary system for sending CoP requests until 14 months later, in early 2025.
The bank has since confirmed that the full CoP functionality is now operational for all its customers.
This prolonged non-compliance left a substantial volume of transactions unprotected.
According to the PSR, during the delay period, the safeguard was not applied to payments involving over 1.14 million new payees, with the total value of those transactions reaching approximately £6.9 billion.
The absence of this check increased the risk of fraud and errors for a large number of customers.
The PSR’s investigation determined that BOIUK’s failure breached Specific Direction 17, underscoring the regulator‘s commitment to enforcing timely adoption of fraud prevention tools across the payments industry.
In determining the penalty, the PSR noted that the bank agreed to an early settlement, which qualified it for a 30% discount.
Without this, the fine would have been around £5.4 million.
A statement from Bank of Ireland UK acknowledged the lapse, expressing full responsibility and a sincere apology for the implementation delay.
The case highlights ongoing challenges in the sector to meet regulatory timelines for enhanced security features, even as APP fraud remains a persistent threat to UK consumers.
The PSR emphasized that CoP is a “vital” tool in the broader effort to combat rising payment scams, and timely compliance is essential to maintain trust in the payments system. This enforcement action serves as a reminder to other financial institutions of the serious consequences of missing such deadlines.