Major UK Operator Overcharged Customers for 15 Years without Their Billing Auditors Noticing

Recently Commsrisk reported that mobile network O2, the UK operation of Telefónica, had received a GBP10.5mn (USD14.5mn) fine for overcharging a quarter of a million customers across a period of eight years. However, it seems that Ofcom, the UK regulator, used deceptive language in their press announcement to hide the true extent of their failings. O2 customers were incorrectly charged for much longer than eight years; the errors occurred from December 2003 to March 2019, a period lasting over 15 years in total. Instead of being transparently stated in the regulator’s press announcement, this information was only subsequently mentioned in their investigation report, which the regulator might reasonably assume that nobody in the outside world would read… nobody but me.

Ofcom’s weasel-worded press announcement stated that the errors occurred “between at least 2011 and 2019”. It seems the reference to 2011 was designed to spare the regulator’s blushes because they lacked the legal power to punish O2 for errors that occurred before 2011.

O2 has explained that the first known occurrence of the billing error took place on “05/12/2003”. We are therefore satisfied that the billing error arose on at least 5 December 2003.

However, due to the way in which the statutory scheme applies in relation to historical contraventions which pre-date the introduction of sections 96A to 96C of the Act on 26 May 2011, Ofcom is only able in O2’s case to consider the period of its contravention from 26 May 2011 for the purpose of giving a confirmation decision under section 96C of the Act.

Eight years is a long time, and 15 years is much longer. As admitted in Ofcom’s investigation report, though rarely explained to journalists or the public, the process that supposedly identified this error was continuously in place during all of those 15 years. Instead of talking up the success of regulatory audits in identifying the failings of this operator, we should be asking why these audits are so woeful that they repeatedly failed to identify a stream of errors that impacted hundreds of thousands of customers.

The stated purpose of these regulatory audits is to protect customers from charging errors. You cannot protect customers from errors through audits that only identify errors because customers complain about them.

…O2 has been unable to provide any documents explaining precisely how the error was identified but, based on the change request submitted to fix that scenario, it appears that this was, at least in part, discovered due to complaints received by O2.

The back-to-front principle of protecting customers from errors by reviewing customer complaints is the product of an audit mentality that is superficial and designed to minimize costs. Reviewing customer complaints is an easy way to paper over the gaps in the auditor’s work, allowing them to take credit for discovering problems which actually went unnoticed by the auditors. However, the folly of relying on customer complaints to identify errors is exemplified by O2’s failings, as the telco also failed to identify the relevant complaints and bring them to the attention of their auditors, BABT.

…the Notification Form to BABT relating to O2’s most recent identification of the Billing Error in 2019 asked whether O2 had received any complaints regarding this incident. O2 responded “[n]ot that we can specifically identify. Our complaints system does not record information at this granular level.”

So here we have an instance of auditors relying on customer complaints to identify gaps in their audit work, and then being unable to identify those gaps because the telco has failed to identify relevant complaints.

Very few countries have a telecoms charging audit regime like that found in the UK. The reason is clear to any rational and objective observer: nobody ever identified mistakes in the complex sequence of decisions and events that leads to the presentation of charges to customers by having an aimless and superficial chat about accuracy over a cup of tea. BABT has been continuously responsible for auditing O2’s charging accuracy across the last two decades, and during that time it has always promised it will deliver continuous improvement. That it took fifteen years to identify and resolve fundamental and recurring errors proves that these auditors have never possessed a realistic understanding of what they were auditing, nor what they were promising.

You will find the report of Ofcom’s investigation into O2 billing errors here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.