HSBC cops fine for CDR breaches

  • FST Media
  • 3 April 2024
CDR HSBC ACCC Fine

HSBC Bank Australia has accepted a $33,000 fine from the competition watchdog for alleged breaches of Consumer Data Right (CDR) data request rules.

The ACCC issued notices to HSBC for two separate breaches of the CDR rules, both of which concerned data requests – the first related to the bank’s alleged failure to accurately disclose complete mortgage interest rate details; the second related to failures to accurately disclose credit card balances.

Both instances were reported to and investigated by the competition watchdog, the CDR’s chief regulator.

The ACCC confirmed that HSBC had cooperated with the investigation and has since rectified the data quality issues identified.

Concerns over the quality and completeness of data within the CDR system have been raised previously. Last year, as part of its data quality assessment report [pdf], ACCC flagged “significant shortcomings” with certain CDR datasets, which it said could “[affect] the reliability of CDR data”. The report underlined particular concerns with product reference data.

Commenting on the HSBC breach, ACCC commissioner Peter Crone stressed the effectiveness of the CDR is contingent on high-quality and available data.

“This means that product data and consumer data – which a consumer has consented to share – must be accurate, up-to-date, complete, and in the required format.”

He added: “The value of CDR and the importance of data quality is particularly relevant in the current economic climate where Australians are increasingly concerned with cost-of-living pressures and mortgage interest rates.”

The Australian subsidiary of the foreign-owned HSBC Bank becomes just the third institution to be fined by the ACCC for breaches of data-sharing regime rules, following infringement notices issued to Bank of Queensland and ING Australia in 2022.

ING was fined more than $53,000 for its alleged failure to meet CDR data-sharing deadlines; BoQ, the first bank to be issued with a CDR infringement notice by the ACCC, was fined more than $133,000 earlier that year for a similar failure to meet data-sharing obligations.

HSBC’s data failures

The ACCC’s first infringement notice to HSBC related to the bank’s failure, recorded between 20 February 2023 and 25 April 2023, to disclose relevant data for its fixed rate home loan products. The bank had reportedly excluded corresponding featured interest rates advertised on its website.

“If accurate home loan rates are not provided, product data users, such as comparator sites and brokers, are unable to present accurate comparisons of home loan products to consumers,” Crone said.

“This has the potential to lead to consumers making decisions based on incorrect information about home loan interest rates on offer”.

The ACCC also found that, between 9 January 2023 and 27 May 2023, HSBC had allegedly failed to accurately disclose credit card account balance data after receiving consumer data requests.

At the time of the alleged conduct, the penalty amount for each infringement notice was fixed at $16,500 for an unlisted corporation. Listed corporations can be fined up to $165,000.

 

Share This Post
Related News
ASIC Macquarie Court fine breach
Macquarie fined $10m for fraud control failures
ASIC leadership renewal
Executive renewal to reshape ASIC leadership
GBST private equity platform
‘Groundbreaking tech’ opens wholesale market to sole investors
NAB appointments executive women slade
NAB announces exec reshuffle, hits gender milestone
Honey Insurance capital raise
Honey Insurance sets Aussie capital raise record