Compliance
Compliance Corner: UK Fines HSBC For Customer Deposit Protection Failures
The latest compliance news: regulatory developments, punishments, guidance, permissions, new product and service offerings.
Prudential Regulation Authority, HSBC
The Prudential
Regulation Authority – which oversees UK banks – has fined
HSBC £57.42 million
($72.8 million) for historic depositor protection failings. The
PRS said HSBC failed “over many years to properly implement the
requirements set out in the Depositor Protection Rules.”
For example, HSBC failed to accurately identify deposits that were eligible for Financial Services Compensation Scheme (FSCS) protection, the PRU said in a statement yesterday.
Two entities – HSBC Bank plc (HBEU) and HSBC UK Bank plc (HBUK) – were involved. The failings occurred for HBEU between 2015 and 2022, and for HBUK between 2018 and 2021.
The fine is the second highest such punishment that the PRA has imposed. The PRU cut the penalty that it could have imposed – £96.5 million – because the HSBC firms cooperated during the investigation and, early on, admitted certain rule breaches. By agreeing to resolve the issue, HSBC’s firms also secured a further cut to the fine.
Rules
The Depositor Protection Rules require firms to put in place
adequate systems and controls, and governance, to ensure the
integrity of critical information which the FSCS relies on to
make prompt payments to depositors in the event of a
failure.
HBEU’s depositor protection failings were “so significant the PRA determined that it had materially undermined the firm’s readiness for resolution,” the regulator said. HBEU also failed to be duly open and cooperative with the PRA by not alerting the PRA about problems identified in the incorrect marking of accounts as “eligible” for FSCS protection over an approximately 15-month period, the PRU said.
“This was clearly information which the PRA would expect firms to share fully and in a timely way,” it said.
The firms’ failings included:
-- Failing to assign clear ownership for the processes
required under the Depositor Protection Rules; and
-- Failing to ensure that a senior manager, under the Senior
Managers and Certification Regime, was allocated responsibility
for these processes and the integrity of the information required
under the Depositor Protection Rules.
HBEU’s failings further included:
-- Incorrectly marking 99 per cent of its eligible beneficiary
deposits as “ineligible” for FSCS protection;
-- Providing an incorrect attestation to the PRA confirming its
systems satisfied certain requirements of the Depositor
Protection Rules; and
-- Failing to produce finalised versions of annual reports
required to be signed by its board of directors that confirmed
compliance with the requirements of the Depositor Protection
Rules for multiple years.
The PRA did not consider that the firms’ breaches were deliberate or reckless, it added.