UK Competition and Markets Authority Directs HSBC and Santander to Refund Money to Clients for Violating Retail Banking Market Investigation Order

On November 29, the United Kingdom Competition and Markets Authority (CMA) announced that it was directing global banks HSBC and Santander to refund money to customers for multiple breaches of Part 6 of the CMA’s Retail Banking Market Investigation Order (Order).

In 2018, after the CMA’s retail banking market investigation “identified a number of competition problems in both the personal current account (PCA) and small and medium-sized enterprise (SME) banking markets,” the CMA Order came into force.  Part 6 of that Order, as the CMA stated, “ensures customers receive text alerts before banks charge them for going into an unarranged overdraft, giving them time to take action to avoid any charges.”

Starting in February 2018, however, both HSBC and Santander “failed to send alerts in all of the circumstances required by the CMA.”  HSBC reportedly breached the Part 6 requirements twice:

  • Breach One: The CMA’s Directions to HSBC explained that its first breach stemmed from HSBC’s commitment “to implementing its ‘unsociable hours’ policy to minimize disturbance to customers.” That meant, according to the CMA, that HSBC “did not contact customers between 10:45pm and 7:30am on weekdays and 10:45pm and 10am on weekends and bank holidays.”  As a result, HSBC did not send alerts to customers during those specified hours

even though HSBC continued to charge customers for using an unarranged overdraft. This meant that customers who triggered an Alert between 10:45pm and 11:45pm (when balances were calculated) did not get an Alert that complied with the Order and continued to be charged by HSBC. Most customers received an Alert the next day after incurring the charge, which is in breach of the Order.

  • Breach Two: The CMA’s Directions stated that

HSBC’s systems for storing the mobile phone numbers of customers that applied for PCAs through certain application methods (including its digital current account, digital credit card and digital loans applications) stored numbers in a format that was incompatible with the text alert system used to comply with Part 6 of the Order. As a result, HSBC did not process these Alerts and some customers were not notified before incurring charges related to unarranged overdrafts.

Santander reportedly breached the Part 6 requirements six times:

  • Breach One: Santander failed to enroll some customers’ mobile phone numbers into its system of Alerts in two specific situations: (1) “where a customer previously registered for email Alerts has added a mobile phone number for Alerts to be sent to, their mobile phone number has not been registered”; and (2) “when a customer updates the mobile phone number registered for Alerts, Santander has de-registered the old number, but has not been registering the new number.”
  • Breach Two: Santander “Santander failed to issue an Alert to each customer who at the start of the day (10.00) was in an arranged overdraft position at the end of the previous day (22.00) and a direct debit (but no other payment) is processed overnight (between 22:00 and 05:00) that puts them into an unarranged position.”
  • Breach Three: Santander “failed to provide an Alert where the amount authorised and withheld on an account exactly matches the value of a single direct debit amount being processed and no other payments are made.”
  • Breach Four: Santander “On 72 occasions, Santander failed to send Alerts to customers until later in the day (after 10.00) due to high volumes of overnight batch payment processing.”
  • Breach Five: “Certain of Santander’s retail platforms that capture new customer data allow a customer’s mobile telephone number to be stored in data fields that are not specific to mobile telephones. This means that such numbers are not enrolled for mobile alerts, because Santander’s alerts system only uses numbers stored in the mobile field. As a consequence of Santander not enrolling some of their customers into its system, these customers have not received Alerts when required by the Order.”
  • Breach Six: The CMA noted that there were “limited instances where three categories of error message were generated within Santander’s alerts system resulting in alerts not being sent.”

In both HSBC’s and Santander’s case, the CMA deemed their failure to issue the alerts a serious matter.  With regard to HSBC, it stated that to date (November 29), approximately 115,754 of HSBC’s  customers have been affected.  HSBC committed to refunding all affected customers and has already started to refund those customers, with an estimated total of £8 million in refunds.  With regard to Santander, it stated that Santander “has been unable to provide figures for the numbers of customers affected or the value of refunds to be made for each of the six breaches.”

N.B.:  These cases generally indicate the importance of companies’ making timely preparations for full implementation of compliance requirements and measures by the time that those requirements come into force.  They also indicate the importance of banks’ paying attention to even small details that, whether or not inadvertently overlooked, cause needless hardship for customers and needless cost and reputational damage to the banks.

OECD Global Forum on Transparency and Exchange of Information for Tax Purposes Issues 10th Anniversary Report

Last month, the Organization for Economic Cooperation and Development (OECD) Global Forum on Transparency and Exchange of Information for Tax Purposes (Global Forum) issued its 10th Anniversary Report.  The Report contains a number of metrics that show the state of multinational progress over the past decade in implementing the international tax transparency and exchange of information standards:

  • The Global Forum has increased from 89 to 158 member jurisdictions, including all OECD and G20 countries, all international financial centers (IFCs), and an increasing number of developing countries.
  • Information critical for the administration and enforcement of taxes is available in three key domains:
    • Banking Secrecy: Through the Global Forum’s exchange of information on request (EOIR) process, the Global Forum has reviewed 125 jurisdictions.  “[P]ractically all of them have removed bank secrecy for the purpose of exchanging information.” Since 2009, the number of those jurisdictions with bank secrecy restrictions on the access to and exchange of banking information has decreased sharply from 70 to 3.  In addition, “with 100 jurisdictions having committed to exchange information by 2018, the landscape of global tax transparency has changed dramatically, putting an end to the long-lasting era of banking secrecy for tax purposes.”
    • Ownership and Bearer Shares: Approximately 90 percent of Global Forum members “do not permit the issuance of bearer shares, or have in place arrangements for identifying the owners.” More than 40 jurisdictions “40 jurisdictions have either abolished bearer shares, or introduced adequate custodial or non-custodial arrangements for identifying their owners since 2009.”
    • Accounting Records: “[A] a majority of Global Forum members had deficiencies in the availability of accounting records, including 30 jurisdictions having received unsatisfactory assessments between 2010 and 2016.” Practically all of those members, however, have addressed those gaps, “and the focus has now shifted to ensuring that these provisions are effectively enforced and supervised.”
  • The Convention on Mutual Administrative Assistance in Tax Matters – “the most advanced and comprehensive multilateral instrument available for all forms of tax co-operation to tackle tax evasion and avoidance” – has 130 participants, consisting of all G20 and OECD countries, all major IFCs, and a growing number of developing countries. 120 of those participants have now put the Convention into force, which equates to  nearly 8,000 bilateral agreements.
  • The number of requests between jurisdictions for information has more than doubled between 2009 and 2018. In 2018, for example, there were 22,7217 such requests.  In addition, the response times for such requests have improved overall.  While percentages vary from one jurisdiction to another, approximately 90 percent of requests are answered within one year and only about 10 percent take more than one year.
  • A critical development with regard to combating banking secrecy and detecting tax evasion has been the commencement of the Global Forum’s standard for automatic exchange of information (AEOI) on financial accounts of non-residents. With the AEOI process, In 2017, information exchanges on such accounts increased from more than 11 million financial accounts in 2017 to 47 million financial accounts in 2018.  The latter figure reflected a total value of €9 trillion in the financial accounts.  Moreover, the number of AEOI exchanges increased by 36 percent between 2018 and 2019.

The Report also states the Global Forum’s plans for future action, including:

  • “[C]ontinue ensuring that all jurisdictions effectively participate in EOIR, do not fall back and continue advancing the transparency and exchange of information agenda as a matter of high priority”;
  • “Delivering the effective implementation of the AEOI standard and the level playing field [as] a key objective;” and
  • Continuing to expand its programs of technical assistance to developing nations.

N.B.:  The Global Forum’s report reflects considerable progress since 2009 in improving tax transparency and increasing international cooperation on banking secrecy and tax evasion.  What the Report does not state is that while the number of  jurisdictions that provide banking secrecy and facilitate tax evasion has been decreasing, the remaining jurisdictions offering such services will undoubtedly require even greater efforts by the Global Forum and its members, over the next decade and beyond, to make tax transparency a truly global phenomenon.