The UK Payment Systems Regulator (PSR) has imposed a fine of 3,779,300 GBP on Bank of Ireland UK for failing to implement mandatory name-checking protocols within the required legal timeframe. This enforcement action follows a 14 month delay in the deployment of systems designed to verify the identities of payees before funds are transferred. As a consequence of this delay, more than 1.1 million new payees were not subjected to the necessary safety checks, involving transactions that exceeded a total value of 6.9 billion GBP. The regulator found that the bank breached Specific Direction 17, which mandated that all large payment service providers must have these protections active by the end of October 2023. This penalty highlights the critical role of transaction integrity in the broader anti-money laundering framework and the high cost of regulatory non-compliance.
Table of Contents
Confirmation of Payee
The implementation of account name verification is a fundamental pillar of modern financial crime prevention, yet the delay at Bank of Ireland UK illustrates how technical gaps can leave the financial system vulnerable. For more than a year, the institution operated without the required send functionality for its customers, meaning that individuals initiating payments could not confirm if the recipient’s name matched the bank details provided. From an anti-money laundering perspective, this lack of verification creates significant opportunities for illicit actors to exploit the payment chain. When a bank fails to match names to account numbers, it essentially bypasses a critical layer of the know your customer process at the point of transaction. This specific failure allowed billions of pounds to flow through the system without the basic safeguard intended to prevent funds from being diverted to fraudulent or unverified accounts. The Payment Systems Regulator determined that the bank was the last major institution in its cohort to meet these requirements, despite having been given ample notice since the rules were first confirmed in 2022.
Systemic Risks and Authorized Push Payment Fraud
The absence of name-checking tools directly facilitates the rise of authorized push payment scams, which are a primary concern for anti-money laundering supervisors and law enforcement agencies. In these scenarios, criminals use social engineering to trick victims into sending money to accounts controlled by money mules or organized crime groups. Without the real time alerts provided by a verified payee system, customers have no way of knowing that the account holder’s name does not match the person or business they believe they are paying. This transparency is vital for detecting the early stages of money laundering, as fraudulent accounts often use synthetic identities or stolen credentials that would fail a proper name match. By missing the deadline, the bank effectively increased the risk profile of its entire customer base, allowing 6.9 billion GBP to be processed without a mechanism that has proven to reduce credit payment recovery claims by more than 50 percent in other institutions. The regulator noted that protecting the integrity of these payments is not just a consumer protection issue but a systemic requirement to maintain confidence in the UK payment infrastructure.
Regulatory Enforcement and the Settlement Process
The final fine of 3,779,300 GBP was the result of a settlement process where the bank acknowledged its failures at an early stage. Initially, the Payment Systems Regulator had calculated a much higher penalty of 5.4 million GBP, but a 30 percent discount was applied because the institution cooperated with the investigation and agreed to the findings. This enforcement action serves as a stern warning to the financial sector that anti-fraud and anti-money laundering deadlines are not optional. The investigation, which officially opened in July 2024, looked closely at the internal delays and the lack of urgency in meeting the requirements of Specific Direction 17. The regulator emphasized that the bank had sufficient time to prepare, as the industry had been moving toward these standards for several years. The case demonstrates that regulators are now moving away from soft guidance toward aggressive financial penalties to ensure that the payment ecosystem is not weakened by a single non-compliant participant.
Enhancing Financial Integrity through Technical Compliance
Modern anti-money laundering strategies require a proactive approach to technical integration, where regulatory technology is treated with the same priority as traditional audit functions. The failure to deploy these tools on time suggests a breakdown in the risk management framework of the bank, where the potential for fraud was not adequately mitigated. For the wider industry, this case reinforces the idea that compliance must keep pace with the speed of digital transactions. As payment systems become faster and more complex, the window for detecting illicit activity narrows, making automated verification tools like these essential. The conclusion drawn by the regulator is that providing a secure environment for payments is a non-negotiable duty of any payment service provider. Moving forward, the industry can expect even tighter scrutiny on the timing of technical rollouts, with no tolerance for institutions that remain behind the curve while criminal organizations continue to evolve their tactics for laundering money through the retail banking system.
Key Points
- The Payment Systems Regulator issued a 3,779,300 GBP fine to Bank of Ireland UK for a 14 month delay in implementing name verification systems.
- More than 1.14 million new payees were processed without these safety checks, involving transactions worth approximately 6.9 billion GBP.
- The bank was found to be in breach of Specific Direction 17, making it the last major Group 1 provider to achieve compliance.
- A 30 percent settlement discount reduced the original penalty from 5.4 million GBP after the bank agreed to the findings early in the process.
- The failure to implement these tools significantly increased the risk of authorized push payment fraud and weakened systemic AML controls.
Related Links
- Specific Direction 17 on expanding Confirmation of Payee requirements
- FATF Recommendations on International Standards for Combating Money Laundering
- FCA Approach to Payment Services and Electronic Money Regulations
Other FinCrime Central Articles About Certification of Payee
Source: PSR
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.
