HSBC, Nationwide and TSB breach retail banking rules

HSBC, TSB and Nationwide have broken the Competition and Markets Authority's (CMA) retail banking rules.

Under part 5 of the Retail Banking Order, banks are required to send payment transaction histories to any business current account (BCA) customer that closes their account with a turnover of less than £6.5 million.

The measure is designed to make switching between BCAs easier for SMEs, with some smaller businesses concerned that by moving to a new current account provider they could lose access to their banking history, which is often required by lenders when offering credit.

The Order addresses this by requiring banks and building societies to provide each customer whose BCA has been closed with a full payment transaction history.

However, HSBC failed to send an estimated 12,200 payment transaction histories to former BCA holders between when part 5 of the Retail Banking Order came into effect in February 2018 and December 2022.

The regulator said that it was “unacceptable” that a large, regulated entity such as HSBC “manifestly failed to implement an effective process” to make sure BCA customers that had closed their accounts would be provided with their payment transaction history.

“This failure led to breaches which have been ongoing since the Order came into force, and HSBC’s processes, systems and staff were not capable of detecting and reporting these breaches until December 2022,” added Colin Garland, CMA director of remedies, business and financial analysis, in a letter to the bank. “In addition, the inability for HSBC to determine the scale of these breaches due to the inadequacy of its systems and processes is a further concern.”

The regulator also said that TSB failed to send over 105,000 payment transaction histories to former BCA and personal account customers between April 2022 and 20 March this year, while Nationwide failed to provide these to around 51,000 former personal current account holders during the period between when the rule was enforced and May this year.

The competition watchdog said that because all three banks have taken steps to end the breaches and prevent a recurrence, it will take no further action.

    Share Story:

Recent Stories


Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.

Unleashing generative AI: A force multiplier for financial crime teams
This FStech webinar, sponsored by NICE Actimize sees industry experts examine the revolutionary impact of generative AI on financial crime operations, and provides actionable insights to enhance your compliance strategies.