The latest compliance news: regulatory developments, punishments, guidance, permissions, new product and service offerings.

Prudential Regulation Authority, HSBC
The Prudential Regulation Authority – which oversees UK banks – has fined HSBC £57.42 million ($72.8 million) for historic depositor protection failings. The PRS said HSBC failed “over many years to properly implement the requirements set out in the Depositor Protection Rules.”

For example, HSBC failed to accurately identify deposits that were eligible for Financial Services Compensation Scheme (FSCS) protection, the PRU said in a statement yesterday.

Two entities – HSBC Bank plc (HBEU) and HSBC UK Bank plc (HBUK) – were involved. The failings occurred for HBEU between 2015 and 2022, and for HBUK between 2018 and 2021. 

The fine is the second highest such punishment that the PRA has imposed. The PRU cut the penalty that it could have imposed – £96.5 million – because the HSBC firms cooperated during the investigation and, early on, admitted certain rule breaches. By agreeing to resolve the issue, HSBC’s firms also secured a further cut to the fine.

Rules
The Depositor Protection Rules require firms to put in place adequate systems and controls, and governance, to ensure the integrity of critical information which the FSCS relies on to make prompt payments to depositors in the event of a failure. 

HBEU’s depositor protection failings were “so significant the PRA determined that it had materially undermined the firm’s readiness for resolution,” the regulator said. HBEU also failed to be duly open and cooperative with the PRA by not alerting the PRA about problems identified in the incorrect marking of accounts as “eligible” for FSCS protection over an approximately 15-month period, the PRU said.

“This was clearly information which the PRA would expect firms to share fully and in a timely way,” it said.

The firms’ failings included:

-- Failing to assign clear ownership for the processes required under the Depositor Protection Rules; and
-- Failing to ensure that a senior manager, under the Senior Managers and Certification Regime, was allocated responsibility for these processes and the integrity of the information required under the Depositor Protection Rules.

HBEU’s failings further included:

-- Incorrectly marking 99 per cent of its eligible beneficiary deposits as “ineligible” for FSCS protection;
-- Providing an incorrect attestation to the PRA confirming its systems satisfied certain requirements of the Depositor Protection Rules; and
-- Failing to produce finalised versions of annual reports required to be signed by its board of directors that confirmed compliance with the requirements of the Depositor Protection Rules for multiple years.

The PRA did not consider that the firms’ breaches were deliberate or reckless, it added.