TSB Fined £11m for Mistreating Customers... Including a Dead One

Overview:

The Financial Conduct Authority (FCA) has fined the Commercial Bank, TSB for $10.9 million after they charged a dead person fees for missing a mortgage payment. They also told another borrower not to buy clothes or school meals for their children. As a result, they have been fined for not treating their customers fairly.

The FCA has stated that between 2014-2020, they had "created a real risk that repayment plans were not realistic" for customers.

This fine comes after after a hostile takeover bid between Spanish financial services company, Banco Sabadell and competitor BBVA. This has reinforced TSB's credibility and future. Six years ago, they suffered one of the biggest IT Outages in the financial services sector, which kept 2 million customers locked out of their accounts.

The FCA has claimed that TSB's employees didn't receive sufficient training and were "potentially encouraged by incentive schemes to prioritise the number of payment plans made overtaking enough time to assess individual customer circumstances". “As a result of its failings, TSB risked agreeing unaffordable payment arrangements with customers in difficulty or charging them inappropriate fees,” the FCA found.

Regarding fining a dead customer, "there was no grant of probate or personal representative in place, meaning that there was no prospect of repayment activity taking place on the account at that time”.

As a result of TSB not treating their customers fairly, 200,000 loans, mortgages, overdraft and credit card customers were affected, costing the bank £260 million in fees and interest. TSB has paid nearly £100 million to redress costs as a result.

How this this interact with commercial law?

Compliance and regulatory law: Due to the FCA fining them for possible breaches of regulation and consumer protection, the FCA and Prudential Regulation Authority (PRA) require banks to act in their customers best interests. TSB may have some further legal implications from other customers (perhaps litigation) surrounding their breaches over consumer protection and regulation.

Corporate Governance: This incident may have also highlighted weaknesses in TSB's governance structure. Senior members of the companies such as directors have responsibilities to act in good faith and to ensure that the company acts within laws and regulations. If failures in customer treatments are uncovered, it could expose TSB's leadership to further liability and raise questions about internal management of the bank.

Data Protection/Privacy: If TSB mishandled personal information or didn't properly inform the deceased next of Kin, there may have been personal breaches of the UK Data Protection Act 2018 or the EU GDPR. This may have included breaches of data minimisation and data retention (whether personal data was kept longer than necessarily).

This may also impact shareholder activity within the business:

Shareholder rights: The fine of $10 million will impact shareholder value significantly. Investors (particularly Banco Sabadell) may bring derivative action against the company. They may claim that mismanagement and poor employee training has reduced the value of their investment to TSB.

Mergers & Acquisitions Consideration: The fine could affect TSB's attractiveness to companies that may want to merge or acquire them from their current owners Banco Sabadell. The fine may also cause complicated negotiations in terms of legal due diligence. Buyers would need to assess the bank's legal and regulatory environments.

Key definitions:

The Financial Conduct Authority: The main financial regulatory body of the UK. They regulate the financial services industry in the UK. Their role also includes protecting consumers, ensuring healthy competition between financial services and keeping the industry stable.

Derivative action: A lawsuit brought by a company member on behalf of the company against a third party, usually an insider of the corporation like an executive officer.

European Union General Data Protection Regulation (GDPR): Governs how the personal data of individuals in the EU may be processed and transferred.