HSBC breached this banking rule 12,200 times. Regulators sigh wearily
"HSBC’s processes, systems and staff were not capable of detecting and reporting these breaches until December 2022. The inability for HSBC to determine the scale of these breaches due to the inadequacy of its systems and processes is a further concern."
HSBC failed to give business current account owners their transaction data 12,200 times between February 2018 and November 2022 – in flagrant violation of UK retail banking market rules – but avoided being fined.
HSBC’s failures were due to “weaknesses in its control environment and individual human errors amongst its staff” – and represented a significant breach of Part 5 of the Retail Banking Market Investigation Order 2017.
That’s according to the Competition and Markets Authority (CMA).
Those roles were put in place to make business account switching easier.
Many smaller businesses had previously been concerned that switching account provider would cause loss of access to their banking history; something typically required by lenders when offering credit
See also: JPMorgan's technology spend to hit $15.3 billion as storage, compute volumes surge
Part 5 of the Order requires banks to send Payment Transaction Histories to any business current account (BCA) customer with a turnover of less than £6.5 million who closes their BCA (unless an exception applies).
Nationwide and TSB were also castigated for their failures here, but HSBC was particularly singled out. The CMA said that it “considers it unacceptable that a large, regulated entity such as HSBC manifestly failed to implement an effective process to ensure that BCA customers that closed their accounts would be provided with their Payment Transaction History in accordance with its legally binding obligations.
"This failure led to breaches which have been ongoing since the Order came into force, and HSBC’s processes, systems and staff were not capable of detecting and reporting these breaches until December 2022. In addition, the inability for HSBC to determine the scale of these breaches due to the inadequacy of its systems and processes is a further concern."
HSBC dodged a fine because it had identified the issues itself and reported them to the CMA, promising to carrying out a review of its controls and processes and reinforce “procedural requirement for all BCA closures.”
The warning from the CMA comes as, per Deloitte, "The cost of compliance and risk mitigation over the last eight years has jettisoned almost all discretionary funding available to firms. Compared to pre-financial crisis spending levels, operating costs spent on compliance have increased by over 60 percent for retail and corporate banks."
A spokesperson for HSBC UK said: "We are sorry some of our former customers did not receive their Payment Transaction Histories, required by the CMA, when they closed their Business Current Accounts. As soon as we discovered the issue, we took various steps to improve our processes in order to avoid this happening again."