Central Bank Warns Irish Financial Sector on Sanctions Compliance and Rising Cybercrime

The Central Bank of Ireland has issued a warning to banks and ATM operators across the country to ensure that their systems are not being exploited to bypass EU sanctions. This alert comes after the regulator identified specific instances in which card transactions involved US-issued cards from Belgazprombank, a Belarusian bank that has been under EU sanctions since earlier this year.

Belgazprombank was sanctioned for using the Central Bank of Russia’s financial messaging system to circumvent EU restrictions. Since Russia’s full-scale invasion of Ukraine in 2022, a series of sanctions have been imposed on Russian and other associated banks.“There is a risk that there may be other designated entities who are subject to EU restrictive measures which have issued products that need to be blocked by Irish banks, PSPs, ATM operators and merchant services,” the Central Bank of Ireland noted in its first financial crime bulletin. “Failure to do so poses a heightened risk of breaching EU sanctions.”

The regulator highlighted that ATM transactions are often processed through international card schemes that rely on Bank Identification Numbers (BINs) to determine the card-issuing bank. “Due to the global nature of these schemes, cards issued by banks or entities subject to EU financial sanctions may still be used at EU ATMs unless those BINs are specifically blocked,” it said.

The Central Bank emphasized the importance of Irish banks, ATM operators, payment service providers, and merchant services understanding that card schemes implement their own compliance controls, which may not always align with the full extent of EU sanctions. The bulletin pointed out that, for instance, US card schemes may only reflect regulations from the US Office of Foreign Assets Control and not necessarily EU sanctions.

In addition to sanctions concerns, the Central Bank warned of the ongoing growth of fraud and scams driven by digitalization and increased online activity. Michael Kavanagh, chief executive of the Compliance Institute, remarked on the rapid evolution of cybercrime, saying it is advancing “at such a pace that organisations and legislators cannot keep up.”

“Cyber attacks can have catastrophic consequences, not just for those whom they are perpetrated against but for the wider public,” Kavanagh said. “The growing sophistication of fraudsters means scams have become harder to spot, and therefore easier to fall for. Fraudsters are also able to use technology to identify and target people, as well as to extract the information they need to steal from someone.”

The Health Service Executive (HSE) recently announced compensation of €750 per person for individuals affected by the 2021 ransomware attack on its computer systems. Approximately 90,000 people were impacted when cybercriminals breached the system and stole personal data. The attack itself cost the HSE more than €100 million, with settlements to affected individuals—including potential legal fees—expected to potentially double the total cost.

The Central Bank concluded that fraud and scams remain “a major issue for consumers, businesses and society,” and emphasized that it is a priority to implement measures that prevent such incidents from occurring within the financial system.

By fLEXI tEAM