CMA writes to Lloyds Banking Group over breaches of the PPI Investigation Order

CMA writes to Lloyds Banking Group over breaches of the PPI Investigation Order

The Competition and Markets Authority (CMA) has written to Bank of Scotland owner Lloyds Banking Group over its breaches of the Payment Protection Insurance (PPI) Market Investigation Order 2011 which the CMA were notified about in September last year.

The notification came seven years after the bank’s first breach began, and which have affected approximately 8,800 customers.

Lloyds Banking Group notified the CMA on 15 September 2020 that it had breached the Order by sending PPI Annual Reviews containing errors to certain mortgage PPI customers. These breaches involve three different errors in Annual Reviews that were first identified by Lloyds Banking Group on 1 September 2020. These were identified as a result of actions taken following an independent review.

For the first breach, the bank issued Annual Reviews to customers which failed to include the monthly PPI benefit figure required. This error affected approximately 8,800 customers for Annual Reviews sent in January 2013.



Lloyds Banking Group reported that this issue did not reoccur in subsequent annual mailing cycles.

For the second breach, customers received Annual Reviews where the correct monthly PPI benefit figure was displayed in the wrong box of the statement. In addition, the ‘monthly benefit amount’ field was incorrectly populated with £0.00 but was correctly displayed in the ‘Type of Cover’ field.

This affected approximately 7,300 customers, who have been identified to be a subset of the 8,800 customers affected by the first breach. Lloyds Banking Group reported that this issue first occurred in January 2014 and a system fix has been implemented to correct this error in 2020.

For the third breach, approximately 54 customers received Annual Reviews where the monthly value of PPI within the ‘Type of Cover’ field’ was incorrect. This issue first occurred on 10 January 2013 and continued until it was rectified on 14 September 2020. The customers affected by this breach were a subset of the customers affected by both breach one and breach two.

The breaches relate to Article 4 of the Order, where Annual Reviews are intended to be sent to remind customers that they continue to have PPI which they are entitled to cancel. The Annual Reviews are also designed to raise consumer awareness of their ability to switch PPI provider and to help customers compare the cost of PPI at any point in time with policies offered by other providers.

It is worth highlighting that these breaches came to light as a result of the Directions which the CMA issued to Lloyds Banking Group in 2018 for a previous breach of the order. These directions required that Lloyds Banking Group appoint an independent body to audit Lloyds Banking Group’s systems and implement new processes to ensure future compliance with the Order.

The CMA noted that as a result of the CMA’s enforcement action, and the actions of the appointed independent body, Lloyds Banking Group has reviewed its systems, and is taking opportunities to put right the serious shortcomings identified in its compliance processes for this remedy.

Accordingly, Lloyds Banking Group has committed to take action to address the breaches. The CMA has said this action will enhance Lloyds Banking Group’s overall compliance with the order with the intention of preventing future breaches and is set out in the Action Plan published with this letter.

For all customers with an open policy affected by the breaches, Lloyds Banking Group will send apology letters. For customers impacted by the third breach, the bank will also offer affected customers (with live and closed policies) the option to receive a refund of premiums to cover the period in which the breaches occurred.

Due to the nature of the voluntary actions being taken by Lloyds Banking Group, the CMA said it does not consider it necessary to take further formal enforcement action at this time

The CMA has said it will monitor the resolution of these breaches closely, including the specific actions and their timing. 

Share icon
Share this article: