The Conduct Chronicles – ‘Lessons from the Farage Bank Account Furore’
Emma Parry reviews the Farage bank closure as a signal for banks to ensure they have proper data retention tools in place, clear rationales and compliance with Consumer Duty obligations to ensure they are prepared for any regulator investigations and good consumer outcomes.
Written by a human
Cast your mind back to June 2023 and you may recall the front-page news about the closure of Nigel Farage’s bank account.
Initially, Farage was told that he failed to meet Coutts’ eligibility criteria, however it was later revealed that his account was closed, in part, as Coutts felt that his beliefs and values did not align with theirs.
In a swift move, and in amongst a spiraling media storm and fallout across Coutts and NatWest, the UK FCA issued a data request to firms on Friday 9th August. Firms were given just three weeks to provide information on:
- the number of customers that have been terminated
- the number of customers suspended
- the number of customers denied services
- the reasons for all of the above
- the number of complaints banks have received on this issue
Anyone who has been on the receiving end of a regulatory data request will immediately understand the enormity and seriousness of the undertaking. Reflecting also my own experiences in the industry, urgent requests from regulators without fail always appear on a Friday afternoon!
Alongside the resources required to manage the collection and collation activity, teams need to be mobilized to find and extract the required data and to ensure that it is complete. The larger the firm, the more complex the task, and even more so if governance fora and audit trails around account closures haven’t been robustly implemented (if they exist at all). Where audit trails and minutes from decisioning meetings don’t exist, searches for data will extend to emails or data held against the accounts in the payment system.
(Interim) Drum roll please …
Given the media storm, alongside speculation of widespread account closures for reputational reasons, the FCA’s interim update, issued in September 2023, was hotly anticipated. However, to the disappointment of many, including Farage, the findings pointed to something far less sensational, with the FCA stating that:
‘By far the most common reasons providers gave for closing, suspending or declining an account was because it was inactive/dormant or because there were concerns about financial crime.’
So, the account closure ‘scandal’ – to which it was now referred – seemed not to be the scandal it was initially claimed to be.
However, and notwithstanding the interim findings, the FCA stressed that further work was underway to ‘verify the data and to better understand the reasons behind, for example, the closure of accounts due to reputational risk’.
A year later, and September 2024 heralded the release of the account closures update which set-out four key findings.
The Trouble with Data
The most significant of the four findings was that data was limited. Files were not retained, records were too brief, or they lacked clarity around the rationales for closures.
As one might expect from such a data collection and collation exercise, the FCA was also faced with data in various forms and in differing levels of detail. For example, some firms provided customer-level data, while others provided account-level data, leaving the regulator unable to accurately use aggregate figures or averages.
In addition, many firms were unable to advise how many customers from specific business sectors had been affected, usually because they did not collect that data.
To add to the lack of clarity on rationales, many firms conducted their own internal reviews and identified discrepancies. Others used the broad rationale of ‘other’ for large proportions of cases.
The definition of reputational risk
Unsurprisingly, the FCA found that the definition of reputational risk, and how it was used in the context of account closures, differed across firms. For example, some firms could demonstrate how they had considered the potential for reputational risk to their business. In others, the FCA found that the risk ‘did not seem to correlate with significant risks to the firm’s standing but instead to other concerns, such as concerns about staff safety.’ And in further cases, the FCA noted that the ‘actual rationale was not clear, raising concerns about firms’ record-keeping.’
Reputational Risk
Notwithstanding the point around definitions, the FCA stated that ‘it did not see evidence of political beliefs or other views lawfully expressed being used as a rationale for account denial, suspension or termination.’ Although, it caveated this statement noting the finding about the data and record keeping limitations.
The Customer Journey
The report also highlighted that the Basic Bank Account (BBA) customer journeys varied across firms which in itself led to differences in rejection rates. For example, some firms performed financial crime checks prior to moving consumers into the BBA application process and, as such, tended to have very low rates of BBA declines given the ‘pre-check’ process.
The Upshot? Reiterating its 2023 finding, the FCA stated that it did not ‘identify any purported reputational risk-based denials or terminations where the basis for the decision was actually political beliefs or views lawfully expressed.’
What the Farage Furore has taught us
Firstly, there’s an increasing intersection of obligations around Money Laundering and Terrorist Financing, UK Consumer Duty, and data capture and record keeping.
Under the Consumer Duty, UK firms must act to deliver good outcomes for retail customers. This applies throughout the customer journey, from initial interactions before accounts are opened, through to any communications after an account is closed (eg. any complaints raised by the customer about the closure).
And, of course, key to being able to assess whether good outcomes have been delivered is the relevant data captured throughout the customer journey, and for that data to be captured at such a level as to be able to demonstrate the outcome at customer level.
Regarding financial crime controls, the report sets out the FCA’s existing expectations that firms ‘act proportionately to the risks they identify and that they do not apply a generic approach to risk management. This expectation applies in the context of account access.’
Secondly, regulators are increasingly knocking on the doors of firms requesting data. This is just one example. The record keeping fines (the now notorious ‘WhatsApp’ fines) is yet another. Firms must have record keeping policies, procedures and solutions in place, alongside policies and procedures for retrieval.
Thirdly, firms must have in place robust risk and governance frameworks. This is not, by any means, a new obligation, however exercises such as these serve to highlight their criticality. Of course, the requirement for robust control frameworks, alongside the ability to correlate data across silos, will only increase as regulatory obligations continue to intersect.
