SME Banking behavioural undertakings 2002 - annual report on compliance – July 2022 to June 2023
Published 8 July 2024
Introduction
This report sets out the Competition and Market Authority’s (CMA) findings from its analysis of the audit reports relating to compliance by the 8 banks (listed below) with the SME Banking behavioural undertakings 2002, covering the period from 1 July 2022 to 30 June 2023.
It describes how well the banks have complied with obligations which restrict their ability to bundle certain banking products offered to Small and Medium-size Enterprises (SMEs). It also showcases examples of best practice.
The obligations are contained in the SME Banking Undertakings 2002 (the Undertakings) and the 2014 Agreement.
The banks subject to these obligations are:
-
AIB Group (UK) plc (known as AIB NI in this report, and previously known as First Trust)
-
Bank of Ireland, in respect of its SME business and branches in Northern Ireland (Bank of Ireland)
-
Barclays Bank plc and Barclays Bank UK plc (together, Barclays)
-
Clydesdale Bank plc’s SME Business and Branches in Scotland branded as Virgin Money (Clydesdale)
-
HSBC UK Bank plc (HBUK). HSBC’s non-ringfenced bank HSBC Bank plc (HBEU) remains subject to the Undertakings but was released from the 2014 Agreement during 2023
-
certain group companies of Lloyds Banking Group plc, formed from the merger of HBOS plc and Lloyds TSB Bank plc (Lloyds)
-
Northern Bank Limited (Danske)
-
NatWest Group plc (NatWest) (formerly the Royal Bank of Scotland Group plc (RBS)) which includes Ulster Bank Limited (Ulster Bank) in Northern Ireland
The background and obligations on banks can be found in a separate document. A glossary of terms can also be found in a separate document.
A list of enforcement action taken by the CMA to date under these obligations is set out below.
Guidance
The CMA is available to provide guidance in relation to matters regarding compliance for these and other Undertakings and Orders affecting retail banks. The CMA encourages banks to contact the CMA as soon as any breaches or potential issues arise, even where the full details have not become clear. This is to enable the CMA to understand the breaches and consider appropriate action with the organisation concerned. There are further details in the CMA’s published guidance ‘Merger and market remedies: Guidance on reporting, investigation and enforcement of potential breaches’.
For queries relating to the SME Banking Undertakings and compliance reporting please contact the CMA’s Remedies Monitoring and Enforcement Team: RemediesMonitoringTeam@cma.gov.uk
Breaches dashboard for this reporting year
No breaches were notified for the reporting year. The CMA will continue to investigate any suspected breaches.
The performance of banks against best practice
We set out below best practice in ensuring compliance with the Undertakings. The purpose of this is to identify where banks could strengthen their compliance.
Banks should have in place policies, practices and procedures to monitor their compliance with the Undertakings. This is to allow any problems to be identified and addressed quickly
-
Barclays reported that the second line assurance for its Business Banking unit was only sample-checking compliance from 20% of the total population of SMEs, meaning that 80% were not subject to sample-checking. This sampling approach has been in place for 5 years. Barclays has since put in place procedures to ensure samples are taken from the full population. The CMA considers that samples must be taken from the full population of customers in order to be rigorous and reliable
-
Clydesdale does not consider that second line assurance is necessary, bearing in mind the extent of its first line assurance and the audit carried out by its internal audit function. The CMA considers that second line assurance provides an important cross-check of compliance separate to that of first line assurance, providing a degree of independent analysis
Banks should have in place policies, practices and procedures to ensure their internal communications support compliance with the Undertakings. This is to ensure staff are informed of their responsibilities under the undertakings
- all banks confirm they have such policies, practices and procedures in place
Banks should provide training to staff on how to comply with the Undertakings and assess their understanding. The CMA considers that it is important that all staff are trained on their legal obligations, even if SMEs are not their main customers, or if they are new to the role
- AIB NI’s Direct Phone Banking staff did not receive training on how to comply with the Undertakings from November 2022 to August 2023, as AIB NI required them to refer callers to the correct business area rather than answer questions on SME Banking. AIB NI found examples where these procedures had not been followed, with the risk of the wrong advice being given to callers. AIB NI has since provided training to Direct Phone Banking staff on how to comply with the Undertakings. The CMA considers that training for any staff that advise customers is essential to prevent incorrect advice being given
Banks should review their lending appeals processes. This allows them to check if potential customers have been refused loans or savings accounts because they were not offered a BCA
- Clydesdale did not carry out a review of its lending appeals process. It was considered unnecessary due to the level of staff awareness in relation to product bundling and because no incidences of non-compliance were identified. The CMA considers that regular reviews of the lending appeals process provide an additional route to finding any instances of bundling which may have occurred
Banks should review their own internal complaints. This is important as staff with concerns about practices which may lead to non-compliance can share them, leading to non-compliance being identified and stopped
- all banks confirmed that internal complaints are reviewed
Banks should have an individual complaint code for the bundling of products (such as BCAs and loans/savings accounts). This is important as it allows complaints about this specific problem to be easily identified
-
Barclays reported that 2 of its business units (Private Bank and Wealth Management) do not have an individual complaint code for product bundling. Instead, keyword searches are used to identify product bundling. The CMA considers it is important to have an individual complaint code for product bundling as keyword searches cannot cover every possible phrasing of a bundling complaint
-
although Lloyds has an individual complaint code for bundling, it failed to classify appropriately a complaint made in 2022 related to bundling. The customer felt they should have been given a loan servicing account rather than a business current account when taking out a loan in 2008. This was discovered by Lloyds during the audit and, based on no tangible evidence to the contrary, the Financial Ombudsman Service upheld the customer’s complaint that bundling had taken place. Lloyds has now put in place procedures to better inform colleagues on how to classify complaints about bundling. The CMA considers it important that individual complaint codes are put in place and staff are trained in when they should be used
Enhanced measures put in place by banks
AIB NI and HSBC carry out mystery shopping exercises to test their own compliance with the Undertakings. This typically involves calling the banks’ call centre as a potential SME customer and analysing the results of the call against the prohibition on bundling or threatening to bundle BCAs with loans and savings accounts. The CMA considers that mystery shopping exercises are particularly valuable as they provide the closest test to SMEs actually taking out a loan or savings account. We encourage banks to introduce and maintain measures such as mystery shopping exercises to ensure their systems and procedures are appropriate to prevent breaches occurring.
Clydesdale carries out training on compliance with the Undertakings on a 6-monthly rather than annual basis. We encourage banks to think about the frequency and timeliness of training (for example including training in induction processes for new staff) to prevent breaches before they happen.
Enforcement action taken by the CMA under the Undertakings to date
Total number of public enforcement actions taken by the CMA since 2014: 10
Total number of customers affected by breaches since 2014: 32,547.
Details
Directions issued in 2014 to HSBC. A number of SMEs affected. These Directions have been revoked and replaced by the Directions issued in 2022 to HSBC.
Directions issued in 2014 to First Trust. 6 SMEs affected.
Directions issued in to 2019 to Barclays. 816 SMEs affected.
Public letter to AIB NI published in 2020. Failure to comply with Directions.
Public letter to Lloyds published in 2020. 30,000 SMEs affected.
Public letter to Clydesdale published in 2021. 55 SMEs affected.
Public letter to Danske published in 2021. 305 SMEs affected.
Public letter to Danske published in November 2021 on a second breach. 205 SMEs affected
Directions issued in 2022 to HSBC. 204 SMEs affected.
Directions issued in 2022 to NatWest. 956 SMEs affected