HSBC warned over second breach of regulations on open banking

CMA writes to bank over failure to publish accurate information.

HSBC has received a warning from the UK’s Competition and Markets Authority for publishing inaccurate information on fees, charges and rates through its Open Banking API.

More than 50 instances of inaccurate information were identified, with them longest breach lasting from 2017 until 2022. This is the second time the bank has been warned about such breaches, the first warning coming in April 2022.

A letter to the bank from Dipesh Shah, the CMA’s Director, Remedies, Business and Financial analysis, expresses the concern that the failure to provide the correct information “may result in consumers taking decisions that they would not have taken if they had access to the correct information”.

The breaches are to requirements set out in Part 2 of the Retail Banking Market Investigation Order 2017, particularly under Article 12 (see below).

“Especially disappointing”

The letter says it is “especially disappointing” that this is the second breach of article 12 by the bank, and reminds HSBC that: “The CMA has powers to issue Directions to businesses that fail to comply with its Orders”. The regulator doesn’t consider further action appropriate at this stage but will “monitor HSBC’s future compliance closely”.

That pragmatic approach has been applied in light of the fact that HSBC self-reported the breaches and is taking steps to put things right. These include:

  • more clearly defining responsibility for completion and oversight of information published through open banking, something that it is hoped will mitigate the impact of of individuals moving on;
  • improving the process of checking the accuracy of published information;
  • delivering training and guidance on the requirements of Part 2 of the Order.

The Retail Banking Market Investigation Order 2017: Part 2, Article 12

Providers shall release and make continuously available without charge and without any restriction as to its use, in accordance with the Read-only Data Standard:

12.1.1

reference information which shall include:

(a) all branch and business centre locations;

(b) all branch opening times;

(c) all ATM locations; and

(d) any other reference information reasonably stipulated by the Implementation Trustee and agreed by the CMA; and

12.1.2

product information, before the application of any negotiated changes, for each of their on-sale PCA products, BCA products and SME Lending products, which shall include, where relevant:

(a) product prices (which may include credit interest);

(b) all charges, including the interest rates (credit and debit) which apply to the product, the fees and charges which may apply to activity on the account, and the circumstances in which these charges apply;

(c) features and benefits, including credit interest and constituent parts of packaged accounts;

(d) MMC once MMCs have been introduced in accordance with Part 7;

(e) terms and conditions;

(f) customer eligibility criteria; and

(g) any other product information reasonably required by the Implementation Trustee and agreed by the CMA.

12.3

The information released pursuant to Article 12.1 shall be as accurate and comprehensive and up-to-date as reasonably practicable.