Financial Services

EBA’s report on mystery shopping of personal loans and (basic) payment accounts demonstrate the value this supervisory tool generally adds to tasks of NCAs

Written by

Dr. Michael Huertas

RegCORE Client Alert | Banking Union | Capital Markets Union


Going shopping, in particular for financial products, may not be everyone’s favourite pastime, however “mystery shopping” is a supervisory tool that is now firmly set to stay. It is certainly expected to be used more frequently as part of the toolbox employed by national competent authorities (NCAs) in the EU-27. In summary, mystery shopping refers to the carrying out of anonymous tests of “customer journeys” of various banks, insurers and financial service providers supervised by the respective NCAs. On 8 August 2023 the European Banking Authority (EBA), which coordinates various NCAs within the EBA’s institutional mandate, published a “Report on its mystery shopping exercise into personal loans and payment accounts” (the Report).

The Report is the EBA’s fourth and final step in the fulfilment of its new mandate to coordinate the mystery shopping activities of NCAs. The EBA concluded that mystery shopping can add immense value as a complementary tool to NCA’s conventional supervisory actions and equally that it yields information and insight into the conduct of financial institutions that is not readily available through other means.

The EBA’s mystery shopping exercise was conducted in conjunction with five NCAs, in respect of 340 occasions (250 on-site and 90 online) across 37 financial institutions operating in the EU-27. The scope focused on the pre-contractual phase of obtaining personal loans and in certain jurisdictions, also payment accounts (including with basic features). Within the small sample of financial institutions covered by the mystery shopping exercise, the EBA found that the conduct of some of them is inadequate and needs to improve.  Some financial institutions, for instance, did not provide the required pre-contractual information to consumers, and automatically increased the total amount of the credit to include the bank fees without collecting consumer’s explicit consent.

This Client Alert looks at some of the key points, from a legal perspective, that regulated firms should consider in light of the Report but also on how to forward-plan for how mystery shopping activities by the NCAs coordinated by the EBA or other European Supervisory Authorities (including in the European Securities and Markets Authority – ESMA and the European Insurance and Occupational and Pensions Authority – EIOPA) may make use of in future supervisory cycles in 2024 and the years ahead.

What the EBA’s Report covers

The EBA’s Report builds upon findings and lessons learned in:

  1. An earlier Report on mystery shopping activities of NCAs which was published in May 2021 (the 2021 NCA Report); Available hereShow Footnote
  2. A Methodological Guide to mystery shopping released in July 2021; Available hereShow Footnote and
  3. Work conducted with an external mystery shopping provider tasked with conducting relevant activities.

The Report, as the fourth and final step, influenced the EBA’s thematic review on the transparency and level of fees and charges of retail banking products that ESMA published December 2022. Available hereShow Footnote

Amongst its key findings the EBA Report reveals that within the confines of the small sample of financial institutions covered, the conduct of some of them is inadequate and needs to improve. Some firms, for instance, did not provide the required pre-contractual information to consumers, such as the Standardised European Consumer Credit Information (SECCI) for personal loans and the Fee Information Document (FID) for payment accounts, or did so only upon request or at a later stage. Some firms also automatically increased the total amount of the credit to include the bank fees without collecting consumer's explicit consent. Moreover, the Report concludes that the level of information and service provided to consumers using digital channels was often lower than that provided to consumers visiting branches, and that some firms did not mention all the personal information needed to open a payment account, especially when interacting with consumers via online chat.

Following the findings in the Report, NCAs are expected to continue taking action in respect of firms with identified shortcomings as well as across the market more broadly. The EBA also is clear in its statements that the Report demonstrates the added value that mystery shopping can bring as a complementary tool to NCAs' conventional supervisory actions and yields information and insight into the conduct of firms that is not readily available through other means.

Looking further ahead, the Report also provides a number of recommendations that the participating NCAs could consider as follow-up actions more broadly. These include communicating with firms on the importance of adopting a consistent approach to the provision of pre-contractual information across branches and distribution channels, investigating further the conduct of firms regarding the automatic increase of the credit amount and the availability of payment accounts with basic features, having bilateral contacts with the firms concerned to explain the conclusions of the exercise and to propose guidance or take supervisory actions, if needed.  The 2023 Report’s findings and the further recommendations for NCAs however also should be considered in conjunction with the key findings set out in the 2021 NCA Report.

Revisiting the key findings in the 2021 NCA Report

As explained in our Client Alert from October 2022, Available hereShow Footnote the EBA’s 2021 NCA Report assessed the NCA’s use of mystery shopping. That report and its findings are a core aspect of the EBA’s mandate in coordinating NCAs, promoting transparency, simplicity and fairness in the market for consumer financial products or services across the Single Market. The 2021 NCA Report covers mystery shopping initiatives in respect of products that fall within the scope of action of the EBA's consumer protection mandate, i.e., retail banking products and services (mortgages, deposits, payment accounts, payment services and electronic money).

The 2021 NCA Report summarised the most common approaches taken by the NCAs based on the information collated, primarily for the period from 2015 to 2020, and presented the lessons learned and good practices identified by the NCAs from the most relevant initiatives. The 2021 NCA Report revealed that mystery shopping often applies to a wide range of subject matter and targets mainly pre-contractual information for consumers, mortgage credits and basic payment accounts. Some NCAs indicated that they also have the power to publish warnings addressed to specific firms and issue sanctions to ensure firms comply with the relevant legal provisions.

The 2021 NCA Report equally highlighted the main benefits and challenges of mystery shopping, as well as some good practices that NCAs have adopted or suggested for the preparation, execution and follow-up of mystery shopping activities. Some of the benefits include obtaining faster results, encouraging firms to take corrective actions, and getting first-hand experience of the interaction between consumers and firms. Some of the challenges include legal constraints on the disclosure of identity information, ethical issues on the use of deception, and operational risks on the documentation and analysis of the mystery shopping results. Some of the good practices include organising training and briefing of NCAs' inspection/supervision agents or mystery shoppers, identifying target customer profiles and defining agreed 'rules' of consumer behaviour, and conducting mystery shopping covering several firms and across several firms’ branches.

The 2021 NCA Report remains relevant for payment service providers (PSPs) and e-money issuers (EMIs) that offer products and services within the EBA's consumer protection scope of action, as they may be subject to mystery shopping by NCAs in their jurisdiction or in other EU Member States where they operate. PSPs and EMIs should remain aware of the potential mystery shopping activities that NCAs may carry out to assess their compliance with the applicable regulatory standards, such as the Payment Services Directive 2 (PSD2), the Payment Accounts Directive (PAD), and the E-Money Directive (EMD2), as well as the EBA guidelines and technical standards on these topics. As discussed in our standalone Client Alert Available hereShow Footnote, each of those aforementioned rules are set to be reformed pursuant to PSD3, PSR and FIDAR. Mystery shopping activities by NCAs are expected to increase in the payments area as the industry transitions to that new regulatory reality.

PSPs and EMIs should also take note of the lessons learned and good practices identified by the NCAs in the report and consider how to improve their level of compliance and consumer protection in light of the mystery shopping findings. PSPs and EMIs should ensure that they provide clear, accurate and complete information to consumers about their products and services, that they offer suitable and fair advice to consumers, and that they comply with the relevant conduct of business rules and disclosure obligations. PSPs and EMIs should also monitor the mystery shopping activities of NCAs in other EU Member States, as they may provide useful insights into the expectations and practices of different regulators and markets.

The EBA’s 2021 NCA Report was the first step, the 2023 Report marks a further iteration and the EBA intends to update its repository of mystery shopping activities on a regular basis, potentially every two years. The EBA may also develop further guidance or recommendations on mystery shopping in the future, based on the knowledge and experience gained from the NCAs' initiatives. PSPs and EMIs should therefore follow the EBA's work on mystery shopping and be prepared to adapt to any changes or developments in this area.

Outlook and next steps

The EBA's Report is a valuable contribution to the enhancement of consumer protection and market conduct in the EU retail banking sector. Firms should take note of the findings and recommendations of the Report and ensure that they comply with the relevant EU legislation and EBA Guidelines on fees and charges, pre-contractual information, and advice for consumers.

Many firms may want to make focused improvements to their internal systems and controls relative to product governance along with improvements to distribution channels and improve dedicated training of relevant staff involved in all stages of the customer journey. See coverage on EU reforms to product governance changes available here.Show Footnote Some firms may also want to revisit their client-facing documentation, including when offered through distributors and conduct pain-point analysis form product inception through all parts of the customer journey, distribution and post-sales communication channels.

A number of financial service firms may choose to consider conducting their own administered mystery shopping exercises whether, by themselves, or by retaining external service providers. In many instances it may be advisable to retain external legal advisors to equally assess and report on non-compliance thus allowing for financial service firms to take appropriate remedial action before the regulator requires them to do so. Such self-testing can also serve to understand customer behaviours better – both in the context of on-site and digital distribution channels as well as in respect of differing impacts on specific customer types. Proactive and periodic self-testing can therefore reinforce the customer journey, customer service and satisfaction while minimising supervisory fines.

The above is important as NCAs are also expected to consider using mystery shopping as a supervisory tool more frequently so as to monitor the conduct of firms and to identify potential problems and risks for consumers. This is especially the case as the EBA will continue to carry out its consumer protection mandate and to coordinate mystery shopping activities of NCAs in the future across a number of areas within its focus.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators. 

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 750 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business. 

Moreover, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.  

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via or our website.