The bank is accused of editing customer emails, call transcripts and how it presented its “central file” record of correspondence, potentially in breach of data protection laws.
The Information Commissioner’s Office and the Financial Conduct Authority are aware of the claims.
RBS refused to comment on the claims, but said that it “takes its obligations under the Data Protection Act very seriously at all times”.
The Times are reporting that the claims were first raised this month by Andy Keats, an RBS customer and a director of SBCB, a company that helps small businesses with commercial disputes.
Mr Keats, a former Metropolitan Police sergeant, is in dispute with the bank after he accused the majority taxpayer-owned lender of causing the failure of his business. It subsequently sought possession of his home.
He claims to have uncovered thousands of discrepancies, which he alleges show customer data that has been “falsified to suit RBS”.
Mr Keats has complained to the ICO, which is looking into the matter, and met Karina McTeague, director of retail banking supervision at the Financial Conduct Authority, the City watchdog, to discuss the allegations.
Mr Keats compared his personal records with those given to him by RBS after he exercised his legal right to demand copies of data that the bank held on him. He has complained to the bank about hundreds of changes to records of his emails, including the deletion of entire paragraphs, such as details of his assets and financial position and details of a complaint against Worldpay, a former RBS subsidiary.
The bank is entitled to withhold information that is exempt from the Data Protection Act, but this typically is done through blacked-out redactions of text.
Mr Keats’ records appear to show that RBS deleted individual words, sentences and paragraphs and even changed punctuation marks from correspondence without any acknowledgement that edits had been made.
It is not clear at what point RBS may have made the alleged changes. Data-holders are entitled to “summarise” customer data under certain conditions but must not make any deletions or edits that might change the meaning of correspondence, or alter or delete information in response to a data request from a customer.
Mr Keats also unearthed differing records, seen by The Times, from RBS’s “central file” of what appear to be the same conversation. Central file entries cannot be edited retrospectively.
In a version provided by the bank this year, Mr Keats is recorded as having correctly informed RBS that he was under no contractual obligation to make monthly capital and interest repayments on a consolidated mortgage and personal current account. However, in a 2013 record, apparently of the same exchange, this element of the conversation is absent.
After the conversation, which took place in 2012, Mr Keats claims that RBS began possession proceedings on his house on the erroneous basis that these monthly payments were required. This was postponed, but he remains in dispute with the bank over the debt.
A spokeswoman for RBS said that the bank always “seeks to co-operate fully with customers’ [requests for data] . . . We provide customers with all relevant personal data in a readily accessible format, wherever possible. Any redacted information will have been carried out in accordance with the exemptions permitted under the Data Protection Act. We also work closely with the ICO both in preparation of customers’ [requests for data] and in responding to complaints made.”
