Interpreting the data

Find out how the data we require from providers of personal and business current accounts is measured.

Our Policy Statement 17/26: Information about current account services sets out our rules and explains our aim to help customers, comparison websites and commentators compare the services different current account providers offer. Our rules enable people to find out easily: 

  • how and when customers can contact the firm to ask about common services and problems, and if it offers 24 hour helplines
  • how and when they can use their account  
  • information about operational and security incidents
  • a link to data on complaints made against the firm
  • how they can open an account and what information and documents are needed
  • how quickly the firm opens current accounts
  • once an account is open, how quickly the firm gives a debit card
  • once an account is open, how quickly customers have internet banking
  • once an account is open, how quickly an overdraft is available
  • how quickly the firm replaces debit cards which have been lost, stolen or stopped

Below we explain some key terms to help interpret the metrics on speed of services and on major incidents.

Major operational or security incidents

These are unplanned events which may reduce the integrity, availability, confidentiality, authenticity or continuity of services related to payments. 

The revised Payment Services Directive (EU 2015/2366) requires firms to report incidents to their regulator if they meet thresholds set out in guidelines by the European Banking Authority. We have reproduced the thresholds below. 

To be reportable to the regulator, an incident must meet:

  • one or more criteria at the ‘Higher impact level’, or
  • three or more criteria at the ‘Lower impact level’

Threshold for an incident to be classified as a ‘major operational or security incident’


Lower impact level

Higher impact level

Transactions affected

> 10% of the payment service provider’s regular level of transactions (in terms of number of transactions)
> EUR 100 000

> 25% of the payment service provider’s regular level of transactions (in terms of number of transactions)
> EUR 5 million

Payment service users affected

> 5 000
> 10% of the payment service provider’s payment service users

> 50 000
> 25% of the payment service provider’s payment service users

Service downtime

> 2 hours

Not applicable

Economic impact

Not applicable

> Max. (0.1% Tier 1 capital,* EUR 200 000)
> EUR 5 million

High level of internal escalation


Yes, and a crisis mode (or equivalent) is likely to be called upon

Other payment service providers or relevant infrastructures potentially affected


Not applicable

Reputational impact


Not applicable

*Tier 1 capital as defined in Article 25 of Regulation (EU) No 575/2013 of the European Parliament and of the Council, of 26 June 2013, on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012.

Interpreting a major operational or security incident for banks with multiple brands

Major incidents are reported at firm level. This means that for firms which have more than one current account brand, each brand must report the total number of incidents for the firm. 

An incident affecting a common payment system (such as a card scheme or affecting point of sale) may cause incidents across a wide number of payment providers, and each current account brand affected is required to include the incident within the number of its major incidents and customer channels affected.   

An incident that impacts more than one payment channel (telephone, mobile, internet banking) counts as only one incident within the total of reported incidents.

Combining the data

For the reasons above, reported incidents should not be added up across the different payment channels, or across different brands and firms, as this would overstate the numbers.  The metrics show how many major incidents in total have affected each firm, and how many have affected each of its customer payment channels, in order to help customers and potential customers choose a brand which meets their needs. 

Account opening speeds

The metrics measure the number of days it takes for a customer who is new to the firm to be able to (1) deposit funds, (2) use a debit card, (3) use internet banking, and (4) draw on an overdraft. This is so that they can choose a brand which meets their needs quickly. In using the metrics, the time taken to be able to deposit funds should be added to the time taken to have any of the other functions available.    

Our rules specify when the firm should ‘stop and start the clock’ for measuring the speed of opening an account. The clock starts when the potential customer has provided all the information and documents which are listed on the firm’s website as being required, or as soon as the application is received if the firm does not provide a list. 

The clock stops when the firm can reasonably expect the customer to have received all the necessary equipment and security features needed to use the service concerned (taking account of the delivery method the firm used to send them).    

The clock remains running while the firm carries out anti-money-laundering and fraud checks. 

When starting and stopping the clock for individual customers, anything done the same day counts as zero days, and any partial days after that count as a whole day. When the firm has calculated the average and percentage metrics for their customers taken together, they round the result to the nearest whole number.

The average number of days is the mean for all new customers in the quarterly reporting period. 

Debit card replacement

The metrics show the number of days it takes for a customer to receive a replacement debit card which has been lost, stolen or damaged.

The clock starts from when the card is reported as lost or stolen or the firm has stopped the card permanently for any other reason (such as a customer reporting it has been damaged and cannot be used).

The metrics do not include routine replacement of cards which have expired. 

The metrics may include cases where a firm has temporarily blocked a card and the customer does not respond to enquiries to resolve this, resulting in a long time to replace it.       

Days are measured in the same way as for the account opening metrics.