The U.K. Competition and Markets Authority (CMA) on March 21 sent two letters to Barclays and Lloyds to communicate the regulator’s concerns about breaching their open banking obligations set out in the Retail Banking Market Investigation Order 2017 (the Order).
In 2017, as a result of a market study on the supply of retail banking services, the CMA found that the market was not as competitive as it should be, and it issued remedies to make it easier for consumers to compare the prices and quality of competing providers. An important remedy included in this 2017 Order was a set of measures enhancing access to information and adopting a core set of standards. This remedy made it significantly easier for consumers to shop around and choose the alternative that was a better fit for them.
But according to the CMA´s letter, “Barclays breached the Order 13 times through inaccurate publication of information through Open Banking Application Programming Interface (APIs) which form one part of the broader Open Banking provisions of the Order.” The information breaches referred to different banking products and services, like the number of ATMs available to customers, overdraft fees or non-Sterling transactions fees, just to name a few. Barclays defended itself by claiming that the breaches were immaterial. According to the bank, the correct information had been published elsewhere and the incorrect information had not been published by price comparison websites.
Lloyds received a similar letter in which the CMA stated that the “bank breached the Order ten times by failing to make continuously available accurate, up-to-date information on its products through the Open API.” Lloyds, like Barclays, claimed that the correct information could be found elsewhere.
These breaches were communicated to the banks in September and October, and both banks have adopted measures ever since to avoid future mistakes. For instance, Barclays and Lloyds introduced manual controls that check the accuracy of the data published on a monthly/quarterly basis; introduced training for staff on the requirements of compliance for Open Banking APIs; introduced a new process that requires staff responsible for product information to review and update Open Banking APIs when making any change to other external literature; and Barclays introduced manual checks of ATM / Branch volumes to ensure its Open Banking APIs reflects the correct information.
Because of these measures, Barclays and Lloyds avoided enforcement actions. According to the CMA, because “of the voluntary actions taken by Barclays, [it did] not consider it necessary to take further formal enforcement action at this time.” The CMA noted the resolution of the thirteen breaches and their timing, reserving “the right to take formal enforcement action if there is further non-compliance.”
This is not the first time that the CMA identified breaches of the open banking Order. The CMA has been very active ensuring that banks and building societies comply with their open banking obligations. According to the CMA website, Lloyds, Santander, Monzo, NatWest, Virgin Money, Bank of Ireland and HSBC have breached the Order before, and some of them more than once.
For the CMA, open banking is not just about banks sharing information with third-party providers — it is also about making sure that consumers have up-to-date information that allows them to switch providers if they wish. As the letters to Barclays and Lloyds have shown, the CMA monitors most of the information available through APIs. Another example of the high degree of scrutiny that banks are subject to could be found in a letter sent by the CMA in February to Tesco Bank for failing to publish four Service Quality Indicators (SQIs). In the letter, the CMA was concerned that Tesco published the SQIs within three steps away from its primary mobile banking app screen, when the Order required the publication within two steps. According to the CMA, this extra step, which lasted 59 days, could have harmed around 544 consumers.
Read more: UK’s CMA Clarifies Variable Recurring Payments to Foster Open Banking