The Payment Systems Regulator (PSR) has fined Bank of Ireland UK £3,779,300 after the lender failed to implement Confirmation of Payee (CoP) by its regulatory deadline, leaving more than a million customers without a key anti-fraud safeguard for over a year.
According to Alessa, the fine, issued on 19 February 2026, came after the bank activated CoP send functionality in January 2025 — fourteen months past the Group 1 compliance deadline of 31 October 2023. During that period, 1.14 million new payees were onboarded without name-checking protection on payments totalling approximately £6.9bn.
Alessa recently discussed how the Bank of Ireland UK was fined £3.78m for missing an anti-fraud deadline.
CoP is a name-verification service that checks whether the account name entered by a payer matches the details held at the receiving bank before a transfer is processed. It is designed to combat two distinct problems: authorised push payment (APP) fraud, where victims are deceived into sending money to fraudsters, and misdirected payments resulting from simple clerical errors. APP fraud losses reached £450.7m across the UK in 2024, and in the first half of 2025 alone accounted for £257.5m in losses — equivalent to 41% of all fraud losses during that period.
The PSR directed nearly 400 payment service providers to implement CoP in October 2022. The largest and most systemically significant institutions, classified as Group 1, were required to comply by October 2023, while Group 2 firms were given until October 2024. Bank of Ireland UK was the last Group 1 provider to achieve compliance.
The PSR opened a formal investigation into the bank’s non-compliance in July 2024. The original penalty stood at £5.4m but was reduced by 30% to £3,779,300 after the bank agreed to an early settlement. In a public statement, the bank acknowledged the delay and apologised, confirming that CoP has been live for all customers since January 2025 and that it continues to invest in fraud prevention through enhanced monitoring, AI-based controls, and strengthened system processes.
The enforcement action arrives against a broader regulatory backdrop. The UK’s mandatory APP fraud reimbursement scheme, which came into force on 7 October 2024, requires banks to reimburse eligible victims up to £85,000, with costs shared equally between sending and receiving institutions. That obligation makes CoP compliance far more than a box-ticking exercise — without effective name-checking, payment service providers face both the risk of facilitating fraud and the direct financial cost of reimbursing victims.
Separately, the PSR is in the process of being wound down, with its regulatory functions transferring to the Financial Conduct Authority (FCA) as part of the government’s wider regulatory simplification agenda. That consolidation does not reduce enforcement risk for payment service providers; if anything, it concentrates it under a regulator with a broader remit and a well-established enforcement track record.
For compliance teams, the Bank of Ireland UK case carries several instructive lessons. The bank received notice of the CoP requirement in October 2022 and still failed to meet its deadline by more than a year, demonstrating that awareness alone, without structured implementation tracking and clear internal ownership, does not produce compliance. The financial cost of that failure is also worth noting in full: the £3.78m fine already reflects a 30% early-settlement discount from the original £5.4m figure, and excludes any reputational damage. Finally, the gap in CoP coverage represents a direct liability in itself — over 1.14 million payees were processed without name-checking verification, each carrying elevated fraud risk that the bank’s controls failed to address.
Effective transaction monitoring and fraud compliance programmes depend on the same foundational elements that CoP requires: timely implementation, documented controls, and clear lines of accountability. When those elements are absent, the regulatory and financial consequences tend to follow.
Read the full Alessa post here.
Copyright © 2026 FinTech Global
