Bank of Scotland plc has been fined £4.2m for systems failures that meant it held inaccurate mortgage records for 250,000 of its customers. It settled at an early stage and therefore qualified for a 30% discount on the headline figure of £6m.

The issue was first discovered when the bank was putting in place a programme it had agreed under the terms of a Voluntary Variation of Permission (VVOP). Under the VVOP, the bank had agreed to make goodwill payments to Halifax mortgage customers in recognition that they may have received insufficiently clear information about changes to the standard variable rate of their mortgages. However, in implementing the programme, Bank of Scotland discovered that it held incorrect records on its systems for up to approximately 250,000 Halifax mortgage customers. These errors were only identified after customer complaints were made regarding the operation of the programme.

The FSA found that Bank of Scotland failed to comply with Principle 3 of the FSA's Principles for Businesses ("a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems"):

  • It relied on incorrect records held on its systems for considerable periods of time between 2004 and 2011, which resulted in Halifax mortgage customers not receiving important information about changes to the terms and conditions of their mortgages.
  • It consequently failed to implement the VVOP programme correctly. For example, the 250,000 Halifax mortgage customers were not identified as falling within the programme, and approximately 160,000 of these customers were due goodwill payments totalling approximately £162m. These payments might not have been received by them had the complaints from some of the customers not led to the identification of errors in the information held on Bank of Scotland's mortgage systems.

There was no structure in place to identify errors as they occurred and no checking procedures thereafter. The failures resulted from mortgage information being held on two separate unaligned systems and problems with two further processes where manual updates were not always carried out. However, the bank has since undertaken a detailed investigation, corrected the information on its systems and ensured no customer initially omitted from the programme has ultimately suffered any loss.

The Final Notice for Bank of Scotland plc


It is perhaps not surprising that Bank of Scotland should have received a substantial fine for such failings. However, as has so frequently occurred in recent enforcement cases, the precise way in which the fine was reached has remained slightly opaque as the real issues occurred before the FSA's new more transparent penalty regime in March 2010 (see Enforcement watch 1 "Harsher Penalty Setting Introduced")

The case is interesting as a further example of the problems that can arise on integrating new businesses. In this case, the FSA has pointed out that, in a complicated organisation where several legacy systems exist, it is essential that the organisation ensures its systems are correctly synchronised. (For another example of legacy issues causing enforcement difficulties, see Enforcement Watch 8 "11 September 2012: £9.5m Black Rock fine for client money breaches")

This is the second time during the calendar year 2012 that Bank of Scotland has been found by the FSA to have failed to comply with Principle 3. In June 2012, the FSA determined that Bank of Scotland had breached Principle 3 when the bank was found to have been guilty of very serious misconduct which contributed to the circumstances that led to the UK government having to inject taxpayer funding into HBOS (see Enforcement Watch 7 "9 March 2012 FSA censures Bank of Scotland for very serious misconduct")