Compliance Corner: UK Fines HSBC For Customer Deposit Protection Failures

Editorial Staff 31 January 2024

Compliance Corner: UK Fines HSBC For Customer Deposit Protection Failures

The latest compliance news: regulatory developments, punishments, guidance, permissions, new product and service offerings.

Prudential Regulation Authority, HSBC
The Prudential Regulation Authority – which oversees UK banks – has fined HSBC £57.42 million ($72.8 million) for historic depositor protection failings. The PRS said HSBC failed “over many years to properly implement the requirements set out in the Depositor Protection Rules.”

For example, HSBC failed to accurately identify deposits that were eligible for Financial Services Compensation Scheme (FSCS) protection, the PRU said in a statement yesterday.

Two entities – HSBC Bank plc (HBEU) and HSBC UK Bank plc (HBUK) – were involved. The failings occurred for HBEU between 2015 and 2022, and for HBUK between 2018 and 2021. 

The fine is the second highest such punishment that the PRA has imposed. The PRU cut the penalty that it could have imposed – £96.5 million – because the HSBC firms cooperated during the investigation and, early on, admitted certain rule breaches. By agreeing to resolve the issue, HSBC’s firms also secured a further cut to the fine.

The Depositor Protection Rules require firms to put in place adequate systems and controls, and governance, to ensure the integrity of critical information which the FSCS relies on to make prompt payments to depositors in the event of a failure. 

HBEU’s depositor protection failings were “so significant the PRA determined that it had materially undermined the firm’s readiness for resolution,” the regulator said. HBEU also failed to be duly open and cooperative with the PRA by not alerting the PRA about problems identified in the incorrect marking of accounts as “eligible” for FSCS protection over an approximately 15-month period, the PRU said.

“This was clearly information which the PRA would expect firms to share fully and in a timely way,” it said.

The firms’ failings included:

-- Failing to assign clear ownership for the processes required under the Depositor Protection Rules; and
-- Failing to ensure that a senior manager, under the Senior Managers and Certification Regime, was allocated responsibility for these processes and the integrity of the information required under the Depositor Protection Rules.

HBEU’s failings further included:

-- Incorrectly marking 99 per cent of its eligible beneficiary deposits as “ineligible” for FSCS protection;
-- Providing an incorrect attestation to the PRA confirming its systems satisfied certain requirements of the Depositor Protection Rules; and
-- Failing to produce finalised versions of annual reports required to be signed by its board of directors that confirmed compliance with the requirements of the Depositor Protection Rules for multiple years.

The PRA did not consider that the firms’ breaches were deliberate or reckless, it added.

Register for WealthBriefing today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes