The UK’s Competition and Markets Authority (CMA) has said it will “monitor HSBC’s future compliance closely”, after the bank self-reported several breaches of Part 2 of the Retail Banking Market Investigation Order 2017.
HSBC breached Article 12 of Part 2 of the Order by “publishing inaccurate information, or not publishing required information, through its Open Data APIs on more than 50 occasions”, according to a letter sent by the CMA to HSBC on 19 January 2023.
These breaches affected both personal and business current accounts, as well as SME lending products, with the incorrect information related to fees, charges and rates, as well as to eligibility criteria, and features and benefits of accounts and loans.
One of the failures lasted from 2017 to 2022.
Dipesh Shah, director, remedies, business and financial analysis at the CMA, wrote that this “may result in consumers taking decisions that they would not have taken if they had access to the correct information”.
“For example, third parties can use information from Read-only Open Banking APIs to comment on banks’ accounts and loans. If the information is not accurate, or is not released at all, customers can have an incorrect or incomplete understanding of the products available to them,” Shah wrote in the letter.
HSBC notified the CMA of the breaches on 13 June 2022.
An HSBC UK spokesperson said: “We are sorry that some of our product information provided through our Read-only APIs did not fully reflect CMA requirements.
“We notified the CMA as soon as we realised and have since taken steps to improve processes and to ensure up-to-date information is readily available through our Read-only APIs to avoid this happening in the future.”
The CMA has confirmed it will not take any enforcement action in relation to the breaches, on the basis that the bank has “taken proactive steps to end the breaches and to prevent a recurrence”.
However, Shah added that the CMA will monitor HSBC’s future compliance closely.