HSBC, one of the UK's leading banks, has come under scrutiny for a series of breaches that saw them fail to provide transaction data to business account holders a staggering 12,200 times between February 2018 and November 2022. This failure violates UK retail banking market rules, specifically Part 5 of the Retail Banking Market Investigation Order 2017, designed to make business account switching more accessible.
The Competition and Markets Authority (CMA) has attributed these lapses to "weaknesses in its control environment and individual human errors among its staff." These issues are considered a significant breach of banking regulations, particularly given the importance of Payment Transaction Histories for businesses seeking credit from lenders.
While other banks like Nationwide and TSB faced criticism for similar failures, HSBC received particular attention from the CMA. The authority expressed apprehension at HSBC's inability to establish an effective process for ensuring that business account customers receive their Payment Transaction History upon closing their accounts, as legally required by the Order. Furthermore, HSBC's systems and processes failed to detect and report these breaches until December 2022, raising additional concerns about the bank's capabilities.
Despite the severity of the breaches, HSBC managed to avoid fines. They self-identified the issues and promptly reported them to the CMA, pledging to review their controls and processes thoroughly. HSBC also committed to reinforcing procedural requirements for all business account closures to prevent such incidents from recurring.
The CMA's warning comes when Deloitte reports a substantial increase in compliance and risk mitigation costs for banks over the past eight years. These rising expenses have left little discretionary funding for financial institutions. Operating costs related to compliance have surged by over 60 percent compared to pre-financial crisis levels, affecting both retail and corporate banks.
A spokesperson for HSBC UK expressed regret for the inconvenience caused to former customers and assured the public that steps had been taken to enhance their processes and prevent such lapses in the future.
A version of this post originally appeared at https://www.thestack.technology/hsbc-banking-rules-business-data-cma/
