Banks and building societies are prohibited from opening or operating current accounts for persons who are disqualified from accessing those services due to their immigration status. To find out whether individuals are disqualified, customer details must be checked against data on known unlawful migrants, which is supplied by the Home Office. The Immigration Act cannot be ignored by the sector.

The requirement to undertake these checks was paused in 2018 following the Windrush scandal but took effect again in 2023. More than a year on from its reintroduction, compliance with the Immigration Act still represents a significant challenge for the financial services industry.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Not only are financial institutions grappling with which financial products the requirements apply to, they are increasingly finding that information related to disqualification persons, gleaned from applications for other financial products not caught by the regulation, feeds into the risk profiles of potential account opening customers. This leaves them faced with decisions regarding how to move forward with that information, bringing issues surrounding discrimination and data protection into play.

A ‘current account’ is not defined by the Act but subsequent to its introduction, Schedule 7 of the Immigration Act 2016 broadened its application to encompass any financial product by means of which a payment can be made.

This broad reach and the absence of a formal definition represents a particular challenge for banks and building societies offering a multitude of financial products, many of which will fall within its scope. Whenever a new financial product is introduced, financial institutions must ensure they have undertaken a full assessment of the functionality of that product to assess whether it should be regulated alongside current account products, and if so, put in place record keeping procedures agreeable with both the UKVI and Financial Conduct Authority (FCA) guidance.

The FCA oversee the enforcement of the legislation and banks and building societies must adhere to strict ongoing reporting obligations. In congruence with this, they must also discharge a continuous duty of compliance to the UKVI. Post-Brexit, it is essential for most banks and building societies to hold a UK sponsor licence, the tool they use to employ non-UK visa nationals. That licence is policed by the UKVI and so financial institutions must tow the delicate line of adhering to their responsibilities under the Act, knowing that they are intrinsically linked to their obligations as an employer bringing overseas nationals to the UK.

If they fail in one aspect of their duties to the UKVI, it could have a knock on impact in relation to their sponsor licence. This could result in drawing attention to their compliance obligations in other aspects of the business, resulting in their sponsor licence being audited, their employee onboarding checks being examined, and in a very worst case scenario, they risk losing their ability to sponsor non-UK nationals in the UK.

Discrimination related to financial products has long represented an issue for financial service providers. The Financial Ombudsman recognises this challenge and has a complaints procedure to deal with such matters. Discrimination can occur in various ways, often impacting individuals based on protected characteristics. The most common discrimination examples set out by the Ombudsman include age, disability, gender and race.

Following research by Fair4All Finance in 2023, it was reported that one in five people from ethnic minority groups experienced discrimination when dealing with financial service providers. The commissioned research, also found that 45% of people from minority ethnic groups have looked for help from a financial provider on topics such as setting up an account, but only 29% reported a positive experience. This is contrasted against 25% of white people seeking help, with 45% reporting positive experiences.

The Act brings additional considerations from a data protection perspective; under a number of the principles of the UK General Data Protection Regulation. For example:

  • processing of personal data must be fair, lawful and transparent – would prospective customers expect (based on what they have been told) the data collected during the mandatory checks to be used to assess their eligibility for financial products and services not caught by the Act?

Additionally, has the financial institution considered its lawful basis for use of that personal data when assessing applications for those other financial products and services? When using personal data in order to meet the requirements of the Act, financial institutions will rely on legal obligation as their lawful basis; this can no longer be the case where they are processing the same personal data in connection with financial products and services not caught by the Act.

  • processing of personal data must be limited to what is necessary – the “data minimisation” principle requires that (even if fair, lawful and transparent, as above) the personal data collected, used and retained for any specific, lawful purpose be only the least amount of data that could be used to achieve that aim. Given some of the uncertainties and challenges in knowing what data is needed for what products, this is likely to be an ongoing risk of compliance.

Failure to consider these issues will place financial institutions in breach of the UK GDPR and, perhaps more worryingly, could lead to individual claims for (unlimited) damages for loss and/or distress caused, in what is an increasingly litigious area of law.

With issues relating to immigration compliance, discrimination and data protection in mind, we are seeing many financial institutions take a more cautious approach to their lending criteria and greater consideration of the risk profile of potential customers at the account opening stage.

In an industry saturated with regulation, the risk of facing FCA sanctions for non-compliance is compounded by the delicate balance of also adhering to UKVI guidance, the risks of claims under the Equality Act 2010 in respect of race discrimination in relation to the provision of goods and services and the UK GDPR.

Financial institutions receiving thousands of new to bank customer ‘current account’ opening requests every month must ensure they have robust procedures in place to monitor applicants, and should ensure they are regularly reviewing their financial product offering to prevent falling foul of the current legislation.

Louisa Cole (Principal Associate) , Wie-Men Ho (Partner) , Lucy Collins (Senior Associate) – Eversheds Sutherland