The competition watchdog has reprimanded four high street banks over failures to provide accurate information about loan interest rates, charges, branches, or ATMs.
The Competition and Markets Authority (CMA) on Thursday wrote to HSBC, Lloyds, TSB, and AIB, about various breaches of the Retail Banking Market Investigation Order 2017.
The CMA said it will continue to monitor the banks, but doesn’t expect to take further formal enforcement actions given the banks had taken steps to fix the problems.
However, the CMA also issued directions on how to prevent future breaches to HSBC, which “breached the Order more extensively,” citing the number and significance of the breaches and the watchdog’s concern that the bank had “not demonstrated its ability to ensure its own compliance.”
Dan Turnbull, senior director at the CMA, said it’s “disappointing” that major banks are still in breach of the rules seven years after they came into effect.
According to the CMA, for over a year before Oct. 7, 2023, HSBC breached the order by failing to keep information about its branches accurate and up to date, listing 167 closed branches as still being open while not listing two open branches.
The bank explained that the failure was caused by the replacement of an automatic source of information with a manual source of information “which was not suitable for a time where significant changes were being made to the HSBC branch estate,” the CMA said.
HSBC has also omitting to update some web pages when the Effective Annual Rate (EAR) was raised from 14.82 percent to 16.25 percent; and had incorrect Representative Annual Percentage Rate (APR) for loans up to £10,000 published—7.1 percent instead of the correct 11.3 percent—because of human inputting error.
In a separate breach, inputting error by a third-party contractor meant a batch of HSBC devices told customers they would be charged a maximum of £35 for unarranged overdraft while the actual charge was up to £20, the CMA said.
The watchdog said HSBC has self-reported all the breaches within the required 14-day period and taken steps to addressed the issues.
However, it’s concerned about the bank’s ability to ensure its own compliance given the significance of current rule breaches and a number of previous breaches.
In directions issued to HSBC, the CMA told the bank to commission an external review of the processes and procedures it uses to comply with relevant parts of the order, to act on any recommendations made by that external reviewer, and to carry out further external reviews if it’s recommended in the initial review.
The bank has also been told to provide training and annual reminders to staff.
Lloyds was warned over its failure to publish the location of 363 ATMs for over a month between Dec. 7, 2023 and Jan. 12, 2024.
The CMA said the bank had breached the order by failing to put sufficient safeguards in place before carrying out a pilot exercise to migrate ATM data to a new internal management system.
AIB and TSB breached the rules because of inaccurate information on loan rates and overdraft charges, but the two banks also breached a further rule by taking too long to report the issues.
According to the CMA, for almost three years between February 2021 and January 2024, TSB failed to disclose the level of its monthly maximum charge (MMC) on unarranged overdraft in Spend and Save Plus customers’ monthly statements.
For over two years between January 2022 and February 2024, the bank failed to disclose the MMC level within its mobile app journey for new to bank customers when mentioning overdraft charges.
The CMA said TSB reported the issue a month after becoming aware of the first breach, exceeding the 14-day requirement.
It also expressed concerns over the adequacy of TSB’s actions to deliver ongoing compliance with the order because of the duration of the breaches.
AIB breached the rules by having published incorrect EAR on on two web pages for its Business Current Account product between July 1, 2022, and Aug. 28, 2023, and incorrect APR on two web pages for one of its loan products between Jan. 1, 2023, and Sept. 29, 2023.
According to the CMA, the bank reported the breach in relation to the loan APR 59 days after becoming aware of the issue, significantly exceeding the 14-day requirement.
In letters to the banks, CMA markets directors said the watchdog won’t take further formal enforcement actions in relation at this time given steps have been taken by the banks, but will monitor the banks closely.
An HSBC UK spokesperson said: “We are sorry for errors on our part which caused these breaches.
“When we discovered them we reported these to the regulator. We have taken steps to avoid a repeat of these issues in the future.”
