Series
Blogs
Series
Blogs
In April of this year, the UK Competition and Markets Authority (CMA) gained direct enforcement powers in consumer protection law under the Digital Markets, Competition and Consumers Act 2024 (DMCC Act). However, the CMA is not the only regulator who has responsibility for consumer protection. The Financial Conduct Authority (FCA) was granted its consumer duty (the Consumer Duty) in July 2023 – the largest shift in how retail banking customers are treated in a decade. In this blog we consider how compliance and direct enforcement under the DMCC Act compares with the Consumer Duty, and what lessons the CMA might draw from the FCA’s approach when getting to grips with its new consumer powers.
Both the DMCC Act and Consumer Duty were introduced with a view to remedying perceived weaknesses in existing consumer protection enforcement. The CMA lacked the ability to find firms in breach of consumer law without first going to a court, and could not issue administrative penalties for non-compliance, whilst the FCA’s “treating customers fairly” (TCF) rules and guidance had been insufficient to prevent several cases of widespread consumer harm, including PPI mis-selling. The reasons for this have been much debated, but centre around the fact that much of TCF framework was contained in guidance (against which the FCA could not directly enforce). It was also too easy for compliance to become a ‘tick-box’ exercise with insufficient real ownership for delivery developing outside of (and sometimes within) compliance teams – two problems the FCA was keen to fix when designing the Consumer Duty.
The implementation of both regimes has focused on compliance rather than deterrence, prioritising regulator engagement with businesses who are “looking to do the right thing”. The FCA is actively engaging with firms on ways to use the Consumer Duty to reduce regulatory burdens in other areas of its Handbook and the CMA has been proactive in business-engagement through consultations, roundtables and webinars.
Both regimes apply to players whose practices impact end-consumers. The Consumer Duty applies to all firms in a distribution chain for a product intended for retail customers and the DMCC Act applies to wholesalers to the extent that their actions form part of retailers’ consumer law breach.
As one would expect, the scope of the Consumer Duty is limited to firms regulated by the FCA who are performing “retail market business”, unlike the DMCC, which is not sector-limited.
Perhaps the biggest contrast is the role of the regulator under the different regimes. The FCA is effectively judge, jury and executioner of the firms it regulates. It decides whether to authorise a firm to conduct regulated financial services activity, supervises its day-to-day activities, investigates it when things go wrong, decides whether there has been a breach of its requirements and sets any resulting penalty. There is a referral process up to the Upper Tribunal, but this is rarely used by firms. For most regulated organisations, the FCA holds the power of life and death over their activities in a way that the CMA simply does not – especially given the ability to appeal to the High Court for a full merits review of CMA infringement decisions. This imbues all firms’ interactions with the FCA with particular significance. Firms are cautious about challenging a regulator with whom they have an ongoing relationship.
The Consumer Duty consists of a new regulatory principle – a firm must act to deliver good outcomes for retail customers. This is supported by three cross cutting rules (acting in good faith, avoiding causing foreseeable harm, and enabling customers to achieve their financial objectives) and a further, more detailed, suite of rules and guidance covering products and services, price and value, customer understanding/communications, and customer support. These areas of focus align with much of the DMCC Act.
Enforcement priorities are also closely linked. The below table provides a snapshot of how the parallel regimes address these priorities in practice.
| Priority | FCA | CMA |
| Customer vulnerability | All customers are at risk of becoming vulnerable and this risk is increased by characteristics of vulnerability related to four key drivers; health; life events; resilience; and capability. | Customers can be vulnerable based on their mental and physical health, age, credulity and circumstance. |
| Drip pricing | Firms need to support customers to make informed choices by providing all the information they need, at the time they need it. This may mean structuring a user experience journey that, for example, front-loads information about fees and charges before asking the user to invest time and effort in signing up for a financial product. | All mandatory fixed costs should be included in headline prices and information should be provided to consumers such that they are able to calculate variable costs. |
| Online choice architecture (OCA) | The FCA has focused on ‘sludge’, that is, negative friction added into customer journeys to prevent customers achieving their objectives. Were a firm to deploy website design patterns that rush users, or layouts that give visual precedence to the options that benefit a firm not a consumer, the FCA would likely find that the Consumer Duty had been breached. | CMA, is interested in the impact of behavioural biases on customer journeys and the OCA presented to consumers – for example, ranking, bundling, nudges, defaults and information presentation. |
Retail banking contracts are explicitly carved out of Schedule 22 of the DMCC Act, which relates to subscription contracts, and there is a specific exclusion in Schedule 24 DMCC Act for consumer savings schemes, where the trader entering into the contract with the customer does so in the course of a regulated financial service activity for which they have an authorisation. However, some commercial practices could technically fall in scope of both the Consumer Duty and DMCC regimes.
The CMA has not identified regulated sectors as an enforcement priority, and consistent with its broader enforcement tools will be mindful of overlap, in particular with its concurrent competition regulators such as the FCA. Indeed, the CMA has highlighted not only its commitment to work with regulators, but also that businesses should refer to the relevant regulators for sector-specific queries on sectoral guidance (for example, the price transparency consultation document refers to Ofcom’s statement on new sector-specific price information requirements in July 2024, which set out new rules and guidance that took effect in January 2025).
Practically, it seems highly unlikely that businesses will be subject to consumer enforcement under both the DMCC Act and Consumer Duty regime, even though there is a technical increment in enforcement risk for financial services businesses following the introduction of the DMCC Act.
Both regulators have sought to take a pro-business, example-based approach to regulation, as businesses get to grips with these new rules. Since the Consumer Duty came into force, the FCA has frequently surveyed consumer-facing practices in retail banking and published feedback on “good and poor” practice as a means of educating firms and improving industry behaviour. We have yet to see a published enforcement case. Similarly, the CMA’s guidance on OCA and more recent consumer guidance includes an array of examples to help businesses consider their approach to compliance and to date the CMA has not publicly announced any active enforcement case under the new rules.
The CMA is clear in its approach document that it intends to work closely with the FCA when it comes to tackling consumer harm. Given the parallels between the two consumer regimes, it’s worth considering what firms in scope of the DMCC Act can learn from best practice around financial services firms’ implementation of the FCA’s Consumer Duty: