Central Bank of Ireland ups the ante, by Mike O'Keeffe, General manager of Corlytics Solutions Limited

Published 28th May, 2017

It’s clear that the Irish regulator is tightening controls of illegal behaviour of financial service providers in Ireland, following its €3.5m fine for Bank of Ireland (BOI) on Tuesday.

The investigation into the bank’s controls found that it delayed in the reporting of six suspicious transactions to An Garda Síochána and Revenue.

The Central Bank, the regulator who issued the fine, found “significant failures” in BOI’s anti-money laundering (AML) and counter terrorist financing controls, policies and procedures.

Some of these included risk assessment, suspicious transaction reports, and correspondent banking.  The breaches occurred in July 2010 and persisted on average for over three years.

According to Derville Rowland, the director of enforcement at the Central Bank, “The high volume and range of breaches uncovered point to significant weaknesses in the strength of Bank of Ireland’s implementation of anti-money laundering and counterterrorist financing legislation.”


Fundamentally, this points to a lack of adequate controls within the bank. Something which was confirmed by a Bank of Ireland spokesman, who was quick to point out that this settlement was not as a result of actual money laundering or terrorist financing.

What is interesting is that of the last four enforcement actions taken in Ireland, two of them were due to outsourcing of financial services to other institutions. In the instance of the Bank of Ireland, services were outsourced to a correspondent bank outside of Europe. Correspondent banking is the process of using another bank (a correspondent bank) to transfer money to a jurisdiction in which the bank that originates the transaction does not operate. When dealing with correspondents, responsibility still lies with the bank itself to perform due diligence on the customers (both originator and beneficiary) of the transaction. This is where Bank of Ireland’s controls were seen to be weak.

The last three fines of this type across Ulster Bank, AIB and now Bank of Ireland totalled €8.75m. From examining the Corlytics database, we can see that the total amount of all fines from the Central Bank of Ireland from 2009 to May 2017 was €10,734,000. Clearly, this is indicative of a regulator sharpening its claws.


The regulator has clearly stepped up its pace in the last six months. A second look at the data illustrates that the number of enforcements has in fact been increasing year on year since 2015.


By taking a more analytical look at the Corlytics data, we can clearly see the control breaches that have lead to the BOI fines, which were in relation to AML management and enhanced due diligence, are top of the list when it comes to the enforcements that have been levied against organisations. In fact, €3.8 million of the €10.7 million in fines are made up of control failures for AML management.

Clearly, this signals how important the regulator views compliance with the regulations and guidelines which are in place in Ireland.




The Central Bank of Ireland is beginning to operate in the same way as other major international regulators and is well placed to tackle issues within the financial services industry in Ireland.

It is gearing up to tackle issues within financial services on a much more serious basis than it previously did. It was announced today that it is to divide financial regulation into two distinct functions – prudential regulation and financial conduct. Prudential regulation will include the directorates for credit institutions; insurance; and asset-management supervision, while financial conduct will encompass consumer protection; securities and markets supervision; and enforcement. The sudden increase in financial regulation has been the driver behind this move said the Central Bank Governer, Philip Lane

Major financial institutions who are now considering setting up in Ireland as a result of Brexit will have to contend with a vigilant regulator who will penalise if necessary. The depth of information within the latest enforcement notice to Bank of Ireland is impressive. Demonstrating that this regulator must be taken seriously.

Mike O’Keeffe, General Manager of Corlytics Solutions

Financial regulation post Brexit – the end of soft touch Dublin? by Rory Flynn, head of legal at Corlytics

Published 22nd May, 2017

The full effect of Brexit is being felt in the financial services sector. JP Morgan has been the latest financial giant to announce a move to Dublin, buying an office with enough room for 1,000 staff. Meaning it will potentially double its current Dublin headcount of 500.


With Dublin just a hop, skip and a jump away from London, we expect many more firms to finalise intentions to either launch or expand operations in Ireland’s capital city. As Brexit uncertainty continues.


Whilst Dublin is geographically so close to London, firms moving operations there will need to be aware of the significant differences in financial regulation between both markets.


The Central Bank of Ireland (CBOI) is the regulator for firms to pay attention to. It is responsible for the supervision of most financial institutions in Ireland including banks, building societies and a broad range of non-bank firms. Compared to Great Britain’s Financial Conduct Authority (FCA) which regulates over 56,000 entities, the CBOI is currently responsible for regulating around 10,000 entities. It will now naturally be preparing to step this up ahead of a potential influx of new financial firms coming into the country.



We’ve looked at our data from 2009 to present day and have found that for every USD$1.05 the Central Bank of Ireland fines, the Financial Conduct Authority fines USD$99. That is some difference. When the FCA does issue an enforcement notice, it is generally more severe than the CBOI. The CBOI currently is fining a lot less frequently than the FCA and for a lot less money. The average fine for the CBOI is approximately USD$800,000 whereas the average FCA fine is almost over 10 times this figure, at USD$8.9 million.

None of this demonstrates that the CBOI is a weaker or lesser regulator. Simply that the work it must do is a fraction of the FCA’s. International firms already in – and planning to move – to Dublin should expect an active regulator that is prepared to increase its enforcement activity if necessary and make itself known. It’s likely that fines from the CBOI will start to significantly increase. In the very near future, the current perception of a soft approach in Ireland may be misplaced.


Firms relocating from London should expect swift fines in the event of any wrongdoing upon relocation. These will be at the extreme end of the spectrum – more akin to fines issued under the FCA – to dissuade any further infractions.

If your firm is considering a move to Dublin and require regulatory support, do get in touch with Corlytics.

Rory Flynn, Head of legal at Corlytics

Previous articles

Regulatory regime in Australia hots up


Published May  11th 2017,  John Byrne, CEO of Corlytics

In Tuesday’s budget speech, Australian Treasurer Scott Morrison signalled a significant change to the country’s regulatory regime. The changes are set to impact not only regulated firms, but also the senior managers that run them.

“Greater competition and accountability – now,” said Mr Morrison.

A new Banking Executive Accountability Regime is being introduced, requiring all senior executives to be registered with the Australian Prudential regulation Authority or APRA. If found in breach, they can be deregistered and disqualified from holding executive positions. If banks breach misconduct rules, they will also face bigger fines starting at $50 million for small banks and $200 million for large banks.


What is interesting is the magnitude of the shift. Currently, the Australian regulators have limited powers to impose fines – typically being no greater than $3 million. A move to increase potential fines to 100x current levels completely changes the regulatory risk profile of every firm, now directly hitting the balance sheet with possible future fines.


For example taking one category of breaches, our global data shows that for fixed income instruments, currencies and commodity (FICC) regulatory breaches from 2010 to 2014, the total fine amount issued by the Australian Insurance and Investment Commission was USD 403K. Whereas the Financial Conduct Authority in the UK issued penalties that totalled almost USD 3 billion.  The pattern is the same across a number of breach categories.


This action doubtless will create an appetite to ensure that Australian firms look to reduce regulatory risks. It will also focus the minds of senior managers – especially as Australia has a track record in taking action against individuals for wrongdoing. In the period 2014-2016, there were 105 fines for individuals in regulated firms.

To combat this personal risk, senior managers operating in the Australian financial services industry will take a new and closer look at their regulatory risk.


Corlytics uniquely analyses enforcement data and other important regulatory information to allow organisations to understand the consequences of enforcement actions across regulators and jurisdictions. Senior managers within Australian Banks can use this intelligence to accurately assess the risk that they may now be exposed to as a result of the changes outlined by the Treasurer.

Should you have any questions about the risk to which your organisation is now exposed, please don’t hesitate to get in contact. 

John Byrne, CEO of Corlytics


Compliance, guardians of professional scepticism.

Published April 27th 2017,  John Byrne, CEO of Corlytics

Accountancy firm Grant Thornton, has been fined £2.3m and severely reprimanded by the Financial Reporting Council (FRC) over failings in its audit of a company called AssetCo, a fire engine manufacturer.

The regulator said Grant Thornton, and its partner with 23 years experience Robert Napper, had admitted a “lack of professional competence and due care”.

This had allowed AssetCo to falsely inflate its value and its share price.

Mr Napper was fined £130,000 and banned from auditing for three years, while the accountancy firm paid £200,000 in additional costs.

But the auditors had been at fault by failing to employ the required level of ‘professional scepticism’.


Given the weight of this fine, we can expect significant implications that go beyond auditors and actuaries that are providing important financial reports for investors. How will this impact on Financial Conduct Authority certified persons under the Senior Managers Regime, where there are personal consequences for the actions of the business?

The FRC said that the failings of the audit firm, and the now-retired audit partner, in the audit of AssetCo’s accounts were not deliberate or reckless and did not amount to dishonesty. But if they had been more sceptical of the financial information being given to them they would have uncovered the dishonesty.

Given this duty of care, what does this mean for senior persons at FCA regulated firms? What is the new threshold for ‘professional scepticism’?

To answer this, we looked into our global regulatory risk and enforcements database at all the cases involving lifetime bans imposed by the FCA since 2009. 60% OF ALL THE CASES BROUGHT INVOLVED BANS FOR THE HEADS OF COMPLIANCE FUNCTIONS. 


If you would like to discuss your risk profile and areas of exposure, call us.

SMR statements of principle to be aware of:

  • Statement of Principle 5

An approved person performing an accountable higher management function must take reasonable steps to ensure that the business of the firm for which they are responsible in their accountable function is organised so that it can be controlled effectively.

  • Statement of Principle 6

An approved person performing an accountable higher management function must exercise due skill, care and diligence in managing the business of the firm for which they are responsible in their accountable function.

  • Statement of Principle 7

An approved person performing an accountable higher management function must take reasonable steps to ensure that the business of the firm for which they are responsible in their accountable function complies with the relevant requirements and standards of the regulatory system.

John Byrne, CEO of Corlytics

Regulatory reform in the US – Should we prepare for post-regulation?

Published on Friday 21st April, 2017 by Rory Flynn, head of legal at Corlytics

As of next weekend, Donald Trump will have been in office for 100 days. During this time, no-one reading this blog will have escaped the constant debate in the media about regulatory reform in America. We have listened to bold plans for financial regulation to be entirely repealed, the Consumer Financial Protection Bureau (‘CFPB’) to be dismantled and its director, Richard Cordray, removed.

Is this all smoke and mirrors? Or do US firms need to prepare for a post-regulation world?

An Executive Order was signed recently commencing a process which may well lead to the repeal of vast sections of the Dodd Frank Act, 2010. Potentially its complete removal. The rationale for this drastic action being that the Act is over onerous on regulated firms. Consequently, crippling the US free-market economy.

The Volcker Rule – part of the Dodd Frank Act which forbids banking entities from engaging in short-term proprietary trading of securities, derivatives, commodity futures and options on these instruments on their own account or owning, sponsoring or maintaining relationships with hedge funds or private equity funds – is in the cross-hairs of this process of reform.

In just the past few days, Deutsche Bank won the unenviable ‘prize’ of being the first bank to be hit with a major fine for failing to ensure that its traders comply with the Volcker Rule’s ban on overly risky market bets. The Federal Reserve announced that Deutsche Bank will pay a combined $156.6 million in civil money penalties – $19.7 million of which is the specific fine for failure to comply with the Volcker Rule.

If repealed, we may see more of this kind of behaviour. And consumers will be once again be offered credit in unsustainable terms. Thanks to the incentives which such products offer to regulated institutions. Do we really want such a reversion?


This is where the CFPB comes in. To date, this bureau has been responsible for returning $11.8 billion to wronged consumers. Consumer complaints to the CFPB have also risen 7% in the last 12 months – indicating that now certainly isn’t the time to roll back regulation.

If we see the CFPB abolished, or indeed other aspects of Dodd Frank repealed, there is the very real possibility of misconduct going unpunished in the future. In addition to Deutsche Bank’s recent fine, should the CFPB not have been in place 12 months ago:

  • Wells Fargo may not have received a $100 million fine for the widespread illegal practice of secretly opening unauthorised deposit and credit card accounts
  • Citibank may not have been hit with a multimillion dollar fine for illegal debt sales and debt collection practices
  • and All American Cashing Inc. may not have been penalised for allegedly tricking and trapping consumers with false information

More worrying still is the fact that the Department of Justice recently filed an amicus curiae brief in a Washington Federal Appeals court case, providing further information for the court from non-litigants. This agreed with a decision of a three-judge panel of the US Court of Appeals for the District of Columbia last October, that the CFPB, as it is currently composed, is unconstitutional. The main thrust of the brief is that the CFPB unconstitutionally places power in the hands of a single director who cannot be removed by the President except for cause. They do not go so far as to call for the abolition of the agency, but urged the Court to at least make the director accountable to the President.

Notably this brief does not go so far as to call for the abolishment of the CFPB but does urge the Court to make the director accountable to the President. It strikes me that the petitioning of the Court in such a manner is more incongruent to the ideal of the separation of powers than the precise accountability of the CFPB director.


It may well be argued that the proposed changes would weaken the CFPB, by opening a vital agency up to the political whims of the Executive and the budgetary priorities of Congress. A weak CFPB could incentivise a lack of transparency on Wall Street – and within the financial services industry more generally – putting the US at risk of recession and economic instability, once more.

Whilst the issues continue to be battled out in the courts and within Congress, regulated global firms must continue as normal. Regulation cannot and will not be switched off overnight. We may well be in no different a situation at the end of the next 100 days. So, don’t get complacent. Don’t speculate.

Rory Flynn, Head of legal at Corlytics

Libor, let’s not blame the bank of England,

Published on April 18th2017, John Byrne CEO Corlytics

Last week the Bank of England came under intense pressure following a leaked phone call from Barclays claiming it had been put under pressure from up high, to lower Libor rates. Having an immensely powerful regulatory risk database at my fingers we looked back at the scandal that has been rumbling since 2012.


Our global data shows that from 2012 to date there have been 60 fines from seven regulators, involving 13 different institutions totalling more than USD 9.246 billion. With no fines so far this year.

Breakdown of banks’ wrong doings

The Corlytics data shows that more than half (53 percent) of all fines given equalling USD 4.9billion were cases, 18 in total, where senior managers were cited as being aware of inadequate controls and/or were complicit in the manipulation.

The most commonly cited breach (64 percent and 28 fines given), equalling a staggering USD 5.9 billion, was in cases where traders used brokers to manipulate rates.

Warnings for inappropriate action were given along the way. Nine percent of all fines were given in cases where there was a prior regulatory warning about similar weaknesses or there was disciplinary action in the area.

This misconduct took place on average over four to five years. It was prolonged and deliberate. With many cases showing awareness by senior management or indeed collusion on their part.


The Bank of England is primarily responsible for the systemic stability of the UK banking system and its global role within the financial markets. The Bank has always denied allegations it encouraged banks to submit lower readings for Libor.

The investigation into the conduct of various banks, during the Libor scandal, exposed an unparalleled level of wrong-doing.

The Bank of England may have approached the banks to reduce the Libor rates, but:

  • Did the Bank of England ask the banks to get their traders to reveal their larger clients’ positions to other traders using instant messaging?
  • Did the Bank of England then ask the banks then to collude with other traders, to place bets against their respective client positions?
  • Did the Bank of England then ask traders to access and request that the banks’ rate setters, set rates in their favour and against the interest of their clients?

Of course, not.

The reality is that these banks had allowed a lack of controls in important areas that enabled their traders to make a lot of money. This was not just in rigging markets, but in betting against their own clients. The Bank of England cannot be held responsible for that.

John Byrne, CEO of Corlytics

Picture this, a clear regulatory vista,

Published April 11th 2017, John Byrne, CEO

Today’s financial firms have more and more regulations that they are supposed to be aware of and comply with or prepare to comply with. That is an almost herculean task. Global banks have had since 2009 to get their regulatory infrastructure in place but for many others – like asset managers and insurance companies this is a very real new world.


The financial crisis—coupled with the determination of regulatory authorities not to put taxpayers on the hook for another round of bailouts—has led to a proliferation of new regulatory measures. The scale and pace of banking regulatory change is unprecedented.

Dealing with regulations and compliance has always been a costly and far-from-hassle-free experience. Regulatory documents require specialist skills and experience to understand and deal with. Now large banks must deal with multiple jurisdictions and multiple timetables for new regulations.

In a determined push to make banks and financial institutions more transparent, global regulators are getting tough. Issuing billions of dollar fines, and jail time, for non-compliance. This has put regulatory risk well and truly top of the financial fright list.

So how do you get ahead of it and protect yourself? 


Since 2009 54,000 regulatory documents have been published from 130 different regulatory bodies in G20 countries alone. That is an awful lot to keep up with. From these regulations, thousands of legal compliance cases have been brought.

When I set up Corlytics in 2013 it was in response to a gaping hole. Financial firms were under pressure to understand and comply with new regulation globally. The regulators were sharing this data, but nowhere was the intelligence that allowed you to assess your risk profile. Monitor, measure and predict what was happening and create one workable picture. So, we pulled together specialists from a number of different professions to build that 360 degree picture. 


The average specialist lawyer in their lifetime might handle 40 regulatory compliance cases. Corlytics has over 7,000 cases on our database, and we are growing it daily. Each case is read by two specialist lawyers providing metadata and insight. This isn’t just Big Data, this is Super Smart Data.

This global intelligence means we can pick out emerging trends that others just can’t see yet. 


Running analytics across this legal and regulatory data our banking risk analysts, data scientists and technologists are able to warn you of what regulations you are up against. A specific dollar amount of risk exposure (not to mention jail time) can be calculated, empowering you to make the right choices.

We are working with global institutions that need to deal with specifics. That is why our reports, assessments and appraisals are trusted by The Bank of England, The Financial Conduct Authority and Financial Times, to name a few.

We deal with facts, not opinions. We deconstruct the data, with scientific rigour and develop unique metadata. Giving us the world’s largest, most comprehensive regulatory risk intelligence data.


For global banks Corlytics helps makes sense of all these threatening legal obligations. Rating the risk, turning the legalese into dollar impact, so you can take the right action. We have flexible ‘what if’ tools developed allowing you to assess the impact of different scenarios. Covering future risk.

The data needs to be understood by different departments within financial houses. The lawyers in compliance and the mathematicians in risk. We translate our Super Smart Data into a common, workable picture.

For regulators and advisors, we are able to produce in depth risk analysis, benchmarking against other regulators and calculate impact using our Fine Estimator.

So if you want a personalised picture, let’s talk.

John Byrne, CEO of Corlytics

Mike O'Keeffe is general manager of Corlytics Solutions Limited, which serves the UK market. As general manager, Mike is responsible for leading operations in the UK and ensuring customer needs are met, from initial sales conversations right through to product delivery and on-going support. Mike works closely with customers to exceed expectations and ensure that they gain an immediate return on their investment through successful solution implementations. He has over 15 years in the development and delivery of advanced analytics solutions for the risk, compliance, fraud and security markets to major blue-chip organisations.  

Prior to working with Corlytics, Mike held roles as general manager of security product innovation at Telstra, as VP of product management and product marketing at Cognevo, and had senior product management and delivery roles at BAE Systems Applied Intelligence and Norkom Technologies. Mike holds a degree in Industrial Biochemistry, and a graduate diploma in Technical Communications from the University of Limerick and an MBA from Dublin City University.

Rory Flynn is Corlytics’ head of legal. He is responsible for the global team of legal regulatory analysts together with acting as the company’s Legal Counsel.

The global legal team is comprised of legal and business graduates. They are engaged in building meaningful intelligence through complex analysis of the international legal regulatory framework.

Before joining the leadership team at Corlytics, Rory was a practicing barrister at the Irish bar with a specialist interest in intellectual property, employment law, civil litigation and company law. He has also held lecturing posts at Griffith College and University College Dublin. Rory holds an LLM in Commercial Law from University College Dublin, an LLB in Irish Law and a Barrister-at-Law degree from the Honorable Society of Kings Inns.

John Byrne is founder and CEO of Corlytics, responsible for setting the company’s vision and strategy.

He is a serial entrepreneur in the financial technology sector, John has built and sold a number of global technology based enterprises. He co-founded one of the first campus companies in Ireland in 1985 in the energy technology sector and built Information Mosaic in 1997, a global player in the securities software industry which was sold to Markit in 2015.


He set up Corlytics to provide real regularly risk intelligence. Following a tsunami of global regulation arrived for the financial markets in 2009, John realised there was no joined up intelligence and predictive analytics to help the banks, regulators and their advisors make informed decisions. Corlytics was formed in 2013 and today is the global leader in regulatory risk intelligence.


John is a frequent speaker at industry events and has spoken at events such as SIBOS and NEMA. He has also spoken at many other conferences on operational and systemic risk and more recently at RegTech Summits in London and New York. John is a graduate of Stanford Business School and has a Bachelors degree in Electronic Engineering