The pair of lenders have each been ordered to appoint an independent body to audit their PPI processes after they failed to send, or sent inaccurate, annual reminders.
They must also put in place procedures to ensure that similar incidents do not happen again, as this is the second time the CMA has taken action regarding PPI processes.
Santander sent out annual reminders containing incorrect information to more than 3,400 of its mortgage PPI customers from 2012–2017.
RBS failed to provide reminders to almost 11,000 of its customers for up to six years, meaning those affected were unable to fully assess whether they wanted to continue paying for PPI, and were stopped from shopping around effectively.
Moreover, many customers may not have even been aware they still had PPI, the CMA said.
RBS has now written to those affected, providing a reminder of their right to cancel their policy and has so far paid out over £1.5m in refunds to customers.
In 2011 a legally-binding order was put in place, which requires, among other things, that customers receive an annual reminder that clearly sets out how much they paid for their policy, the type of cover they have, and reminds them of their right to cancel.
However, both banks were warned by the CMA to improve their PPI practices in 2016 after they were found to be breaching the order.
The banks notified the CMA about these latest incidents in 2018.
The results of the audits conducted for both lenders will be fed back to the regulator.
Play by the rules
CMA senior director of remedies, business and financial analysis Adam Land, said: “It is unacceptable that some banks aren’t providing PPI reminders – or are sending inaccurate ones – eight years after our order came into force.
“The legally binding directions we’ve issued today will make sure that both RBS and Santander now play by the rules.
“These are serious issues that, in the future, may result in fines if the government gives us the powers we’ve asked for.
“For now, we expect RBS to repay all affected customers quickly, and for both RBS and Santander to make sure that similar breaches do not happen again,” he added.