The Bank of England has imposed a fine of £11.9 million on Vocalink Limited due to a compliance failure under section 196 of the Banking Act 2009. This marks the first instance where the Bank has fined a financial market infrastructure firm.
Vocalink, regulated by the Bank since April 2018 as a specified service provider, was required to address several systems and controls issues through a directive issued under section 191 of the Act. Although Vocalink initiated a remediation program, it failed to meet the requirements by the deadline of February 28, 2022, due to an ineffective risk management framework and weaknesses in controls and governance.
Sarah Breeden, Deputy Governor for Financial Stability, said: "Vocalink fell short of its obligation to have adequate risk management and governance arrangements when responding to the Bank’s Direction. Its failure to comply with that Direction in full has resulted in a significant fine."
The investigation revealed that Vocalink's non-compliance stemmed from an insufficiently integrated risk management framework for the remediation program. This hindered proper understanding and monitoring of risks among various defense lines and external assurance providers. Additionally, there were failures in escalating key risks and information to senior committees.
Despite these shortcomings, Vocalink cooperated throughout the investigation and admitted early on to a compliance failure, leading to a 15% reduction in the penalty. Further agreement to resolve the matter resulted in an additional 30% reduction. Without these reductions, the fine would have been £20 million.
Vocalink Limited designs and operates payment systems infrastructure and is recognized as critical to financial markets' functioning by HM Treasury.
Information from this article can be found here.