CMA takes action against the Co-operative Bank for breaching Part 3 and Article 56 of the Retail Banking Order

The Co-operative Bank breached both Part 3 and Article 56 of the Order. Part 3 of the Order requires surveys to be carried out of Personal Current Account (PCA) and Business Current Account (BCA) customers about the quality of service received from their bank. Banks are required to publish the most recent results in a number of places, including on their website.  
Article 56 of the Order says that if a bank is aware that it is not compliant with any part of the Order, it must report this non-compliance to the CMA within 14 days of becoming aware that it is not compliant. 

The breach of Part 3 
Service quality information is updated on the 15 February and the 15 August each year. The Co-operative Bank breached Article 17 of the Order by failing to publish up-to-date service quality information on its website between 15 August 2022 and 3 October 2022. Consumers visiting the Co-operative Bank personal banking homepage or the mobile app between these dates would have seen the SQI tables for the previous reporting period. Consumers visiting the service quality information webpage would also have seen tables for the previous reporting period, relating to service in branches, on the website and app, and relating to overdrafts. The Co-operative Bank replaced the out-of-date tables on the same day they discovered the problem, on 3 October 2022. 

The breach was caused due to a defect in the content platform automated push publishing step within the process, which has since been resolved. As a result, the webpages continued to show the out-of-date SQI table content; rank and percentage score. 

The breach of Article 56 
The Co-operative Bank discovered the breaches of Part 3 on 3 October 2022. However, it only reported this to the CMA on 31 January 2023, as part of its annual compliance report. The Co-operative Bank therefore failed to notify the CMA of the breach within the 14 days required under the Order. 

The CMA’s concerns 
The failure to publish up-to-date service quality information on its website means that consumers may have made decisions on whether to continue to bank with the Co-operative Bank on the basis of out-of-date information.

The requirement to publish service quality information on bank websites is an important element of our remedies to address the concerns found in the Retail Banking Market Investigation. This measure, in combination with other remedies, was designed to make it easier for consumers to choose the best PCA or BCA for them.  

The requirement to inform the CMA of breaches within 14 days of becoming aware of them is important as it allows the CMA to review the matter promptly, in turn allowing us to ensure things are put right without delay. 

The Co-operative Bank has taken action to put things right 
The breach of Part 3 was self-reported by the Co-operative Bank and that it has taken steps to end the breaches and to prevent a recurrence

• The Co-operative Bank has updated the document it uses to plan its compliance with the SQI tables to include more information on “push publish”.
• This document was also updated to include a peer check of the updated SQI tables to ensure that all changes have been implemented correctly.
• This document now also explains that the publication of SQI tables is a key regulatory requirement and explains the process for stakeholder reviews and approvals.
• In relation to Article 56 the Co-operative Bank is:

1. taking action to improve knowledge of the CMA’s Order to ensure CMA requirements are fully understood, including the reporting of any breaches to the CMA in a timely manner
2. carrying out a mapping exercise to establish how the different CMA Order requirements are met and to ensure processes and controls are adequately documented
3. implementing robust controls and reviewing further enhancements required to prevent, detect and report in line with CMA order requirements.

CMA assessment and next steps 
Given the action that has been, and is being, taken by the Co-operative Bank, the CMA does not consider it appropriate to take further formal enforcement action in relation to these breaches at present. However, the CMA will consider such action in the event of any further breaches. The CMA will monitor the Co-operative Bank’s future compliance closely.