Central Bank fines Appian Asset Management over cyber breach
The Central Bank of Ireland (CBI) has issued a fine of €443,000 on Appian Asset Management for regulatory breaches causing the loss of client funds.
In a statement today, the CBI said that Appian’s historic regulatory failures left it exposed to a cyber-fraud by a third party where, acting on the instructions of a fraudster impersonating a client, it facilitated a series of transactions resulting in the loss of €650,000 of a client’s funds.
The breaches were admitted by Appian, one of the best known asset management companies operating in Ireland, and the client has been fully reimbursed.
This is the first time the Central Bank has imposed a sanction on a firm where there has been a loss of client funds from cyber-fraud as a direct result of the firm’s significant regulatory breaches and failures.
“Appian’s failures in this case demonstrated serious deficiencies in its governance arrangements, risk management, compliance oversight, and systems of internal control,” Seána Cunningham, the CBI’s director of Enforcement and Anti Money Laundering, said.
“These failings, combined with a culture in which clients’ instructions were given primacy over security and regulatory concerns, rendered the firm exposed to the cyber-fraud that occurred.”
“It placed client assets at heightened risk and that risk crystallised. The CBI views such fundamental failings as completely unacceptable.”
Ms Cunningham went on to say that it was imperative that the people who run firms are vigilant as to their vulnerabilities around cybercrime and should ensure that all appropriate regulatory safeguards are in place to protect their clients’ assets.