Barclays and Lloyds under fire over banking breaches
The banks have come under fire by the Competition and Markets Authority (CMA) for breaching a set of rules relating to product and service information as part of the open banking – or data sharing – initiative.
Under the rules, the largest GB and NI banks must display “accurate, comprehensive and up-to-date product and service information continuously available through the open banking application programming interface (APIs).
This is so third-party app and website providers can tailor services and information to make it easy for people and business to, for example, find out which bank account and lending products are best for them.
The CMA said Barclays breached the order 13 times while Lloyds missed the mark 10 times.
What did Barclays get wrong?
It over-stated the number of ATMs available to customers by around 200 between April 2021 and 15 July 2021, it failed to list two branches and 47 ATMs between April and July 2021 and it incorrectly listed foreign ATM transaction fees, over-reporting them by £1.50.
Barclays was found to under-report overdraft fees for business current accounts by about £20 between November 2018 and August 2021, as well as listing incorrect values for international payments – over-reporting these by about £4 between December 2019 and August 2021.
Incorrect values for unpaid cheque fees were also found as well as incorrect links to business accounts. There were also inaccurate non-sterling transaction fees for personal current account customers as well as incorrect copy statement fees.
It also failed to list its select cashback commercial credit card between March 2021 and August 2021, while also incorrectly listing a copy statement fee of £2 for its commercial credit card.
There were also issues for its SME lending products as it was found to have over-reported by around 3% the debit interest rates. Lastly, it listed incorrect lending bands which had merged.
The CMA said: “For each breach Barclays considers that the correct information was available elsewhere, often more prominently than the incorrect information provided through its open banking APIs. It also notes that the incorrect information was not published by price comparison websites.
“Despite this, the CMA remains concerned with the nature and extent of these breaches. The CMA considers that consumers should be able to rely on the accuracy of information provided by banks irrespective of how that information is provided and that banks should be capable of providing accurate, comprehensive and up-to-date information through all channels and to all consumers, without exception.”
Barclays notified the CMA of the breaches on 22 September 2021 and has taken voluntary action to ensure they don’t happen again. It has introduced manual controls that check the accuracy of the data published on a monthly basis as well as further training for staff.
Following its steps to rectify the problems, the CMA said it won’t take further formal enforcement action.
A Barclays spokesperson said: “We take our responsibilities under the CMA Order very seriously, and have voluntarily taken steps to fix the breaches relating to the Open API remedy, while introducing new processes to ensure we remain compliant.”
What did Lloyds do wrong?
Lloyds breached the order 10 times, including publishing incorrect bank branch data, representative APRs for some of its SME loans, branch opening hours as well as incorrect location and opening hours for some of its mobile branches.
It also over-stated the number of ATMs in its Halifax network by 24 between 22 April 2021 and 14 August 2021, published an incorrect excess for packaged bank account travel insurance details (£40 rather than £75), as well as an inaccurate description of the Club Lloyds Platinum credit card interest rate.
Elsewhere the CMA found it published incorrect cash withdrawal charges for both Lloyds and Bank of Scotland SME customers, and missed displaying information regarding its £100 cash switch for customers who switched to two Halifax personal current accounts.
Lastly, three links relating to the T&Cs for Lloyds’ business current account, credit union account and treasures account products were broken which meant customers looking for the T&Cs wouldn’t have been able to access them directly from the API or third party site.
The CMA said Lloyds notified it of the breaches between 8 June and 13 October 2021 and has since taken voluntary action to correct the breaches.
Steps include manual updates and a monthly or quarterly review, additional compliance training for staff and independent cross-reference checks.
As with Barclays, Dipesh Shah, director, remedies, business and financial analysis at the CMA said no further action will be taken.
A Lloyds Banking Group spokesperson, said: “We’re really sorry that some information on our products and services was inaccurate when accessed through third party app and website providers using Open Banking. No-one was worse off as a result of the error and we’ve taken action to ensure the information remains up to date.”