Irish asset management Appian has been fined by the Central Bank of Ireland a total of €443,000 ($513,769) for a string of cyber breaches in the company which resulted in a significant loss to client funds. The company admitted that breaches occurred in three regulatory regimes — client asset, anti-money laundering and fitness and probity. According to the Central Bank of Ireland, the company’s failures left it exposed to a cyber fraud by a third party, which resulted in the loss of €650,000 from a client’s funds.
“This is the first time the Central Bank has imposed a sanction on a firm where there has been a loss of client funds from cyberfraud as a direct result of the firm’s significant regulatory breaches and failures,” said Seána Cunningham, the Central Bank’s director of enforcement and anti-money laundering to Irish Times.
Even though the company has fully reimbursed the client fund, the bank in a statement stated that it had reprimanded the company for “significant breaches across three regulatory regimes: client asset, anti-money laundering, and fitness and probity,” adding that “had it not been for the financial position of the firm, the Central Bank would have imposed a financial penalty of €825,000.”
Patrick Lawless, the chief executive officer of Appian, informed that the breach occurred outside of Appian, and the company took the responsibility on itself for failing to notice the “red flags” which enabled hackers to succeed in the fraud. The company formally apologized to the Central Bank and accepted the sanction imposed. “Following this incident, Appian has remediated its failings, complied with the Risk Mitigation Programme issued by the Central Bank, introduced new client asset and AML/CFT policies and procedures and introduced new controls in respect of the management of client assets,” he said.