The Bank of England has hit UK payments operator Vocalink with an £11.9 million fine after it missed a deadline to fix problems in its risk management framework.
Vocalink was required by the Bank to remediate a number of identified systems and controls weaknesses. However, the central bank says an ineffective risk management framework, combined with weaknesses in Vocalink's controls, governance arrangements and escalation processes meant that it failed to comply in full by the February 2022 deadline.
The Mastercard subsidiary operates the UK’s real-time payments, settlement and direct debit systems, as well as networks of over 47,000 ATMs. It processes more than 90% of salaries, 70% of household bills, and 98% of state benefit payments in the UK.
It is the first time the Bank has fined a systemically important financial market infrastructure firm.
Sarah Breeden, deputy governor for financial stability, says: “Vocalink fell short of its obligation to have adequate risk management and governance arrangements when responding to the Bank’s Direction. Its failure to comply with that Direction in full has resulted in a significant fine.”
Vocalink says that it has invested significantly in remediating the issues identified by the Bank.
Due to the company’s co-operation and agreement to resolve the matter, it received a combined 45 per cent reduction. Without reduction, the fine would have stood at £20m.
A Vocalink spokesperson says: “We are pleased to resolve this matter which related to issues identified in 2020. Since then, we've delivered a number of improvements, as recognised in the Bank's final notice. The historic issues related to internal systems and controls and had no impact on the service we delivered to the UK's consumers and businesses.”