The Bank of England has imposed an £11.9 million fine on UK payments operator Vocalink for failing to meet a deadline to address deficiencies in its risk management framework.
Vocalink, a subsidiary of Mastercard, was instructed by the Bank to remediate identified weaknesses in its systems and controls. However, the central bank noted that an ineffective risk management framework, coupled with deficiencies in Vocalink’s control measures, governance, and escalation processes, led to non-compliance by the February 2022 deadline.
Vocalink oversees the UK’s real-time payments, settlement, and direct debit systems, as well as a network of over 47,000 ATMs. It processes more than 90% of salaries, 70% of household bills, and 98% of state benefit payments in the UK.
This fine marks the first time the Bank has penalized a systemically important financial market infrastructure firm. Sarah Breeden, the deputy governor for financial stability, stated, “Vocalink fell short of its obligation to maintain adequate risk management and governance arrangements in response to the Bank’s Direction. This failure to fully comply has resulted in a significant fine.”
In response, Vocalink indicated that it has made substantial investments to remediate the issues highlighted by the Bank. Thanks to its cooperation and efforts to resolve the situation, the company received a 45% reduction in the fine, which would have otherwise totaled £20 million.
A spokesperson for Vocalink commented, “We are pleased to have resolved this matter, which relates to issues identified in 2020. Since then, we have implemented several improvements, as acknowledged in the Bank’s final notice. The historical issues pertained to internal systems and controls and did not affect the services we provided to consumers and businesses in the UK.”